Class: Metasploit::Framework::NTDS::Parser

Inherits:

Object

• Object
• Metasploit::Framework::NTDS::Parser

Defined in:

lib/metasploit/framework/ntds/parser.rb

Overview

This class respresent an NTDS parser. It interacts with the Meterpreter Client to provide a simple interface for enumerating AD user accounts.

Constant Summary

BATCH_SIZE =

The size, in Bytes, of a batch of NTDS accounts

(Metasploit::Framework::NTDS::Account::ACCOUNT_SIZE * 20)

Instance Attribute Summary

• #channel ⇒ Rex::Post::Meterpreter::Channels::Pool

  The Meterpreter NTDS Parser Channel.

• #client ⇒ Msf::Session

  The Meterpreter Client.

• #file_path ⇒ String

  The path to the NTDS.dit file on the remote system.

Instance Method Summary

• #each_account {|account| ... } ⇒ Object

  Yields a [Metasploit::Framework::NTDS::Account] for each account found in the remote NTDS.dit file.

• #initialize(client, file_path = '') ⇒ Parser constructor

  A new instance of Parser.

Constructor Details

#initialize(client, file_path = '') ⇒ Parser

Returns a new instance of Parser.

Raises:

• (ArgumentError)

# File 'lib/metasploit/framework/ntds/parser.rb', line 19

def initialize(client, file_path='')
  raise ArgumentError, "Invalid Filepath" unless file_path.present?
  @file_path = file_path
  @channel = client.extapi.ntds.parse(file_path)
  @client = client
end

Instance Attribute Details

#channel ⇒ Rex::Post::Meterpreter::Channels::Pool

Returns The Meterpreter NTDS Parser Channel.

Returns:

• (Rex::Post::Meterpreter::Channels::Pool) —

  The Meterpreter NTDS Parser Channel

# File 'lib/metasploit/framework/ntds/parser.rb', line 13

def channel
  @channel
end

#client ⇒ Msf::Session

Returns The Meterpreter Client.

Returns:

• (Msf::Session) —

  The Meterpreter Client

# File 'lib/metasploit/framework/ntds/parser.rb', line 15

def client
  @client
end

#file_path ⇒ String

Returns The path to the NTDS.dit file on the remote system.

Returns:

• (String) —

  The path to the NTDS.dit file on the remote system

# File 'lib/metasploit/framework/ntds/parser.rb', line 17

def file_path
  @file_path
end

Instance Method Details

#each_account {|account| ... } ⇒ Object

Yields a [Metasploit::Framework::NTDS::Account] for each account found in the remote NTDS.dit file.

Yields:

• (account)

Yield Parameters:

• account (Metasploit::Framework::NTDS::Account) —

  an AD user account

Yield Returns:

• (void) —

  does not return a value

# File 'lib/metasploit/framework/ntds/parser.rb', line 32

def each_account
  raw_batch_data = pull_batch
  until raw_batch_data.nil?
    batch = raw_batch_data.dup
    while batch.present?
      raw_data = batch.slice!(0,Metasploit::Framework::NTDS::Account::ACCOUNT_SIZE)
      # Make sure our data isn't all Null-bytes
      if raw_data.match(/[^\x00]/)
        account = Metasploit::Framework::NTDS::Account.new(raw_data)
        yield account
      end
    end
    raw_batch_data = pull_batch
  end
  channel.close
end