Class: Metasploit::Framework::NTDS::Account

Inherits:

Object

• Object
• Metasploit::Framework::NTDS::Account

Defined in:

lib/metasploit/framework/ntds/account.rb

Overview

This class represents an NTDS account structure as sent back by Meterpreter’s priv extension.

Constant Summary

ACCOUNT_SIZE =

Size of an NTDS Account Struct on the Wire

3016

DATE_TIME_STRING_SIZE =

Size of a Date or Time Format String on the Wire

30

DESCRIPTION_SIZE =

Size of the AccountDescription Field

1024

HASH_HISTORY_SIZE =

Size of a Hash History Record

792

HASH_SIZE =

Size of a Hash String

33

NAME_SIZE =

Size of the samAccountName field

128

Instance Attribute Summary

• #description ⇒ String

  The AD Account Description.

• #disabled ⇒ Boolean

  If the AD account is disabled.

• #expired ⇒ Boolean

  If the AD account password is expired.

• #expiry_date ⇒ String

  Human Readable Date for the account’s password expiration.

• #lm_hash ⇒ String

  The LM Hash of the current password.

• #lm_history ⇒ Array<String>

  The LM hashes for previous passwords, up to 24.

• #lm_history_count ⇒ Integer

  The count of historical LM hashes.

• #locked ⇒ Boolean

  If the AD account is locked.

• #logon_count ⇒ Integer

  The number of times this account has logged in.

• #logon_date ⇒ String

  Human Readable Date for the last time the account logged in.

• #logon_time ⇒ String

  Human Readable Time for the last time the account logged in.

• #name ⇒ String

  The samAccountName of the account.

• #no_expire ⇒ Boolean

  If the AD account password does not expire.

• #no_pass ⇒ Boolean

  If the AD account does not require a password.

• #nt_hash ⇒ String

  The NT Hash of the current password.

• #nt_history ⇒ Array<String>

  The NT hashes for previous passwords, up to 24.

• #nt_history_count ⇒ Integer

  The count of historical NT hashes.

• #pass_date ⇒ String

  Human Readable Date for the last password change.

• #pass_time ⇒ String

  Human Readable Time for the last password change.

• #rid ⇒ Integer

  The Relative ID of the account.

• #sid ⇒ String

  Byte String for the Account’s SID.

Instance Method Summary

• #hash_history ⇒ String

  Each historical NTLM Hash on a new line.

• #initialize(raw_data) ⇒ Account constructor

  A new instance of Account.

• #ntlm_hash ⇒ String

  The NTLM hash string for the current password.

• #to_s ⇒ String

  String representation of the account data.

Constructor Details

#initialize(raw_data) ⇒ Account

Returns a new instance of Account.

Parameters:

• raw_data (String) —

  the raw 3948 byte string from the wire

Raises:

• (ArgumentErrror) —

  if a 3948 byte string is not supplied

# File 'lib/metasploit/framework/ntds/account.rb', line 66

def initialize(raw_data)
  raise ArgumentError, "No Data Supplied" unless raw_data.present?
  raise ArgumentError, "Invalid Data" unless raw_data.length == ACCOUNT_SIZE
  data = raw_data.dup
  @name = get_string(data,NAME_SIZE)
  @description = get_string(data,DESCRIPTION_SIZE)
  @rid = get_int(data)
  @disabled = get_boolean(data)
  @locked = get_boolean(data)
  @no_pass = get_boolean(data)
  @no_expire = get_boolean(data)
  @expired = get_boolean(data)
  @logon_count = get_int(data)
  @nt_history_count = get_int(data)
  @lm_history_count = get_int(data)
  @expiry_date = get_string(data,DATE_TIME_STRING_SIZE)
  @logon_date =  get_string(data,DATE_TIME_STRING_SIZE)
  @logon_time = get_string(data,DATE_TIME_STRING_SIZE)
  @pass_date = get_string(data,DATE_TIME_STRING_SIZE)
  @pass_time = get_string(data,DATE_TIME_STRING_SIZE)
  @lm_hash = get_string(data,HASH_SIZE)
  @nt_hash = get_string(data,HASH_SIZE)
  @lm_history = get_hash_history(data)
  @nt_history = get_hash_history(data)
  @sid = data
end

Instance Attribute Details

#description ⇒ String

Returns The AD Account Description.

Returns:

• (String) —

  The AD Account Description

# File 'lib/metasploit/framework/ntds/account.rb', line 22

def description
  @description
end

#disabled ⇒ Boolean

Returns If the AD account is disabled.

Returns:

• (Boolean) —

  If the AD account is disabled

# File 'lib/metasploit/framework/ntds/account.rb', line 24

def disabled
  @disabled
end

#expired ⇒ Boolean

Returns If the AD account password is expired.

Returns:

• (Boolean) —

  If the AD account password is expired

# File 'lib/metasploit/framework/ntds/account.rb', line 26

def expired
  @expired
end

#expiry_date ⇒ String

Returns Human Readable Date for the account’s password expiration.

Returns:

• (String) —

  Human Readable Date for the account’s password expiration

# File 'lib/metasploit/framework/ntds/account.rb', line 28

def expiry_date
  @expiry_date
end

#lm_hash ⇒ String

Returns The LM Hash of the current password.

Returns:

• (String) —

  The LM Hash of the current password

# File 'lib/metasploit/framework/ntds/account.rb', line 30

def lm_hash
  @lm_hash
end

#lm_history ⇒ Array<String>

Returns The LM hashes for previous passwords, up to 24.

Returns:

• (Array<String>) —

  The LM hashes for previous passwords, up to 24

# File 'lib/metasploit/framework/ntds/account.rb', line 32

def lm_history
  @lm_history
end

#lm_history_count ⇒ Integer

Returns The count of historical LM hashes.

Returns:

• (Integer) —

  The count of historical LM hashes

# File 'lib/metasploit/framework/ntds/account.rb', line 34

def lm_history_count
  @lm_history_count
end

#locked ⇒ Boolean

Returns If the AD account is locked.

Returns:

• (Boolean) —

  If the AD account is locked

# File 'lib/metasploit/framework/ntds/account.rb', line 36

def locked
  @locked
end

#logon_count ⇒ Integer

Returns The number of times this account has logged in.

Returns:

• (Integer) —

  The number of times this account has logged in

# File 'lib/metasploit/framework/ntds/account.rb', line 38

def logon_count
  @logon_count
end

#logon_date ⇒ String

Returns Human Readable Date for the last time the account logged in.

Returns:

• (String) —

  Human Readable Date for the last time the account logged in

# File 'lib/metasploit/framework/ntds/account.rb', line 40

def logon_date
  @logon_date
end

#logon_time ⇒ String

Returns Human Readable Time for the last time the account logged in.

Returns:

• (String) —

  Human Readable Time for the last time the account logged in

# File 'lib/metasploit/framework/ntds/account.rb', line 42

def logon_time
  @logon_time
end

#name ⇒ String

Returns The samAccountName of the account.

Returns:

• (String) —

  The samAccountName of the account

# File 'lib/metasploit/framework/ntds/account.rb', line 44

def name
  @name
end

#no_expire ⇒ Boolean

Returns If the AD account password does not expire.

Returns:

• (Boolean) —

  If the AD account password does not expire

# File 'lib/metasploit/framework/ntds/account.rb', line 46

def no_expire
  @no_expire
end

#no_pass ⇒ Boolean

Returns If the AD account does not require a password.

Returns:

• (Boolean) —

  If the AD account does not require a password

# File 'lib/metasploit/framework/ntds/account.rb', line 48

def no_pass
  @no_pass
end

#nt_hash ⇒ String

Returns The NT Hash of the current password.

Returns:

• (String) —

  The NT Hash of the current password

# File 'lib/metasploit/framework/ntds/account.rb', line 50

def nt_hash
  @nt_hash
end

#nt_history ⇒ Array<String>

Returns The NT hashes for previous passwords, up to 24.

Returns:

• (Array<String>) —

  The NT hashes for previous passwords, up to 24

# File 'lib/metasploit/framework/ntds/account.rb', line 52

def nt_history
  @nt_history
end

#nt_history_count ⇒ Integer

Returns The count of historical NT hashes.

Returns:

• (Integer) —

  The count of historical NT hashes

# File 'lib/metasploit/framework/ntds/account.rb', line 54

def nt_history_count
  @nt_history_count
end

#pass_date ⇒ String

Returns Human Readable Date for the last password change.

Returns:

• (String) —

  Human Readable Date for the last password change

# File 'lib/metasploit/framework/ntds/account.rb', line 56

def pass_date
  @pass_date
end

#pass_time ⇒ String

Returns Human Readable Time for the last password change.

Returns:

• (String) —

  Human Readable Time for the last password change

# File 'lib/metasploit/framework/ntds/account.rb', line 58

def pass_time
  @pass_time
end

#rid ⇒ Integer

Returns The Relative ID of the account.

Returns:

• (Integer) —

  The Relative ID of the account

# File 'lib/metasploit/framework/ntds/account.rb', line 60

def rid
  @rid
end

#sid ⇒ String

Returns Byte String for the Account’s SID.

Returns:

• (String) —

  Byte String for the Account’s SID

# File 'lib/metasploit/framework/ntds/account.rb', line 62

def sid
  @sid
end

Instance Method Details

#hash_history ⇒ String

Returns Each historical NTLM Hash on a new line.

Returns:

• (String) —

  Each historical NTLM Hash on a new line

# File 'lib/metasploit/framework/ntds/account.rb', line 114

def hash_history
  history_string = ''
  @lm_history.each_with_index do | lm_hash, index|
    history_string << "#{@name}:#{@rid}:#{lm_hash}:#{@nt_history[index]}\n"
  end
  history_string
end

#ntlm_hash ⇒ String

Returns the NTLM hash string for the current password.

Returns:

• (String) —

  the NTLM hash string for the current password

# File 'lib/metasploit/framework/ntds/account.rb', line 109

def ntlm_hash
  "#{@lm_hash}:#{@nt_hash}"
end

#to_s ⇒ String

Returns String representation of the account data.

Returns:

• (String) —

  String representation of the account data

# File 'lib/metasploit/framework/ntds/account.rb', line 94

def to_s
  <<-EOS.strip_heredoc
  #{@name} (#{@description})
  #{@name}:#{@rid}:#{ntlm_hash}
  Password Expires: #{@expiry_date}
  Last Password Change: #{@pass_time} #{@pass_date}
  Last Logon: #{@logon_time} #{@logon_date}
  Logon Count: #{@logon_count}
  #{uac_string}
  Hash History:
  #{hash_history}
  EOS
end