Class: Metasploit::Framework::NTDS::Account

Inherits:
Object
  • Object
show all
Defined in:
lib/metasploit/framework/ntds/account.rb

Overview

This class represents an NTDS account structure as sent back by Meterpreter's priv extension.

Constant Summary collapse

ACCOUNT_SIZE =

Size of an NTDS Account Struct on the Wire

3016
DATE_TIME_STRING_SIZE =

Size of a Date or Time Format String on the Wire

30
DESCRIPTION_SIZE =

Size of the AccountDescription Field

1024
HASH_HISTORY_SIZE =

Size of a Hash History Record

792
HASH_SIZE =

Size of a Hash String

33
NAME_SIZE =

Size of the samAccountName field

128

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(raw_data) ⇒ Account

Returns a new instance of Account.

Parameters:

  • raw_data (String)

    the raw 3948 byte string from the wire

Raises:

  • (ArgumentErrror)

    if a 3948 byte string is not supplied


66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/metasploit/framework/ntds/account.rb', line 66

def initialize(raw_data)
  raise ArgumentError, "No Data Supplied" unless raw_data.present?
  raise ArgumentError, "Invalid Data" unless raw_data.length == ACCOUNT_SIZE
  data = raw_data.dup
  @name = get_string(data,NAME_SIZE)
  @description = get_string(data,DESCRIPTION_SIZE)
  @rid = get_int(data)
  @disabled = get_boolean(data)
  @locked = get_boolean(data)
  @no_pass = get_boolean(data)
  @no_expire = get_boolean(data)
  @expired = get_boolean(data)
  @logon_count = get_int(data)
  @nt_history_count = get_int(data)
  @lm_history_count = get_int(data)
  @expiry_date = get_string(data,DATE_TIME_STRING_SIZE)
  @logon_date =  get_string(data,DATE_TIME_STRING_SIZE)
  @logon_time = get_string(data,DATE_TIME_STRING_SIZE)
  @pass_date = get_string(data,DATE_TIME_STRING_SIZE)
  @pass_time = get_string(data,DATE_TIME_STRING_SIZE)
  @lm_hash = get_string(data,HASH_SIZE)
  @nt_hash = get_string(data,HASH_SIZE)
  @lm_history = get_hash_history(data)
  @nt_history = get_hash_history(data)
  @sid = data
end

Instance Attribute Details

#descriptionString

Returns The AD Account Description.

Returns:

  • (String)

    The AD Account Description


22
23
24
# File 'lib/metasploit/framework/ntds/account.rb', line 22

def description
  @description
end

#disabledBoolean

Returns If the AD account is disabled.

Returns:

  • (Boolean)

    If the AD account is disabled


24
25
26
# File 'lib/metasploit/framework/ntds/account.rb', line 24

def disabled
  @disabled
end

#expiredBoolean

Returns If the AD account password is expired.

Returns:

  • (Boolean)

    If the AD account password is expired


26
27
28
# File 'lib/metasploit/framework/ntds/account.rb', line 26

def expired
  @expired
end

#expiry_dateString

Returns Human Readable Date for the account's password expiration.

Returns:

  • (String)

    Human Readable Date for the account's password expiration


28
29
30
# File 'lib/metasploit/framework/ntds/account.rb', line 28

def expiry_date
  @expiry_date
end

#lm_hashString

Returns The LM Hash of the current password.

Returns:

  • (String)

    The LM Hash of the current password


30
31
32
# File 'lib/metasploit/framework/ntds/account.rb', line 30

def lm_hash
  @lm_hash
end

#lm_historyArray<String>

Returns The LM hashes for previous passwords, up to 24.

Returns:

  • (Array<String>)

    The LM hashes for previous passwords, up to 24


32
33
34
# File 'lib/metasploit/framework/ntds/account.rb', line 32

def lm_history
  @lm_history
end

#lm_history_countInteger

Returns The count of historical LM hashes.

Returns:

  • (Integer)

    The count of historical LM hashes


34
35
36
# File 'lib/metasploit/framework/ntds/account.rb', line 34

def lm_history_count
  @lm_history_count
end

#lockedBoolean

Returns If the AD account is locked.

Returns:

  • (Boolean)

    If the AD account is locked


36
37
38
# File 'lib/metasploit/framework/ntds/account.rb', line 36

def locked
  @locked
end

#logon_countInteger

Returns The number of times this account has logged in.

Returns:

  • (Integer)

    The number of times this account has logged in


38
39
40
# File 'lib/metasploit/framework/ntds/account.rb', line 38

def logon_count
  @logon_count
end

#logon_dateString

Returns Human Readable Date for the last time the account logged in.

Returns:

  • (String)

    Human Readable Date for the last time the account logged in


40
41
42
# File 'lib/metasploit/framework/ntds/account.rb', line 40

def logon_date
  @logon_date
end

#logon_timeString

Returns Human Readable Time for the last time the account logged in.

Returns:

  • (String)

    Human Readable Time for the last time the account logged in


42
43
44
# File 'lib/metasploit/framework/ntds/account.rb', line 42

def logon_time
  @logon_time
end

#nameString

Returns The samAccountName of the account.

Returns:

  • (String)

    The samAccountName of the account


44
45
46
# File 'lib/metasploit/framework/ntds/account.rb', line 44

def name
  @name
end

#no_expireBoolean

Returns If the AD account password does not expire.

Returns:

  • (Boolean)

    If the AD account password does not expire


46
47
48
# File 'lib/metasploit/framework/ntds/account.rb', line 46

def no_expire
  @no_expire
end

#no_passBoolean

Returns If the AD account does not require a password.

Returns:

  • (Boolean)

    If the AD account does not require a password


48
49
50
# File 'lib/metasploit/framework/ntds/account.rb', line 48

def no_pass
  @no_pass
end

#nt_hashString

Returns The NT Hash of the current password.

Returns:

  • (String)

    The NT Hash of the current password


50
51
52
# File 'lib/metasploit/framework/ntds/account.rb', line 50

def nt_hash
  @nt_hash
end

#nt_historyArray<String>

Returns The NT hashes for previous passwords, up to 24.

Returns:

  • (Array<String>)

    The NT hashes for previous passwords, up to 24


52
53
54
# File 'lib/metasploit/framework/ntds/account.rb', line 52

def nt_history
  @nt_history
end

#nt_history_countInteger

Returns The count of historical NT hashes.

Returns:

  • (Integer)

    The count of historical NT hashes


54
55
56
# File 'lib/metasploit/framework/ntds/account.rb', line 54

def nt_history_count
  @nt_history_count
end

#pass_dateString

Returns Human Readable Date for the last password change.

Returns:

  • (String)

    Human Readable Date for the last password change


56
57
58
# File 'lib/metasploit/framework/ntds/account.rb', line 56

def pass_date
  @pass_date
end

#pass_timeString

Returns Human Readable Time for the last password change.

Returns:

  • (String)

    Human Readable Time for the last password change


58
59
60
# File 'lib/metasploit/framework/ntds/account.rb', line 58

def pass_time
  @pass_time
end

#ridInteger

Returns The Relative ID of the account.

Returns:

  • (Integer)

    The Relative ID of the account


60
61
62
# File 'lib/metasploit/framework/ntds/account.rb', line 60

def rid
  @rid
end

#sidString

Returns Byte String for the Account's SID.

Returns:

  • (String)

    Byte String for the Account's SID


62
63
64
# File 'lib/metasploit/framework/ntds/account.rb', line 62

def sid
  @sid
end

Instance Method Details

#hash_historyString

Returns Each historical NTLM Hash on a new line.

Returns:

  • (String)

    Each historical NTLM Hash on a new line


114
115
116
117
118
119
120
# File 'lib/metasploit/framework/ntds/account.rb', line 114

def hash_history
  history_string = ''
  @lm_history.each_with_index do | lm_hash, index|
    history_string << "#{@name}:#{@rid}:#{lm_hash}:#{@nt_history[index]}\n"
  end
  history_string
end

#ntlm_hashString

Returns the NTLM hash string for the current password.

Returns:

  • (String)

    the NTLM hash string for the current password


109
110
111
# File 'lib/metasploit/framework/ntds/account.rb', line 109

def ntlm_hash
  "#{@lm_hash}:#{@nt_hash}"
end

#to_sString

Returns String representation of the account data.

Returns:

  • (String)

    String representation of the account data


94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'lib/metasploit/framework/ntds/account.rb', line 94

def to_s
  <<-EOS.strip_heredoc
  #{@name} (#{@description})
  #{@name}:#{@rid}:#{ntlm_hash}
  Password Expires: #{@expiry_date}
  Last Password Change: #{@pass_time} #{@pass_date}
  Last Logon: #{@logon_time} #{@logon_date}
  Logon Count: #{@logon_count}
  #{uac_string}
  Hash History:
  #{hash_history}
  EOS
end