Class: Metasploit::Framework::NTDS::Parser

Inherits:
Object
  • Object
show all
Defined in:
lib/metasploit/framework/ntds/parser.rb

Overview

This class respresent an NTDS parser. It interacts with the Meterpreter Client to provide a simple interface for enumerating AD user accounts.

Constant Summary collapse

BATCH_SIZE =

The size, in Bytes, of a batch of NTDS accounts

(Metasploit::Framework::NTDS::Account::ACCOUNT_SIZE * 20)

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client, file_path = '') ⇒ Parser

Returns a new instance of Parser.

Raises:

  • (ArgumentError)

19
20
21
22
23
24
# File 'lib/metasploit/framework/ntds/parser.rb', line 19

def initialize(client, file_path='')
  raise ArgumentError, "Invalid Filepath" unless file_path.present?
  @file_path = file_path
  @channel = client.extapi.ntds.parse(file_path)
  @client = client
end

Instance Attribute Details

#channelRex::Post::Meterpreter::Channels::Pool

Returns The Meterpreter NTDS Parser Channel.

Returns:


13
14
15
# File 'lib/metasploit/framework/ntds/parser.rb', line 13

def channel
  @channel
end

#clientMsf::Session

Returns The Meterpreter Client.

Returns:


15
16
17
# File 'lib/metasploit/framework/ntds/parser.rb', line 15

def client
  @client
end

#file_pathString

Returns The path to the NTDS.dit file on the remote system.

Returns:

  • (String)

    The path to the NTDS.dit file on the remote system


17
18
19
# File 'lib/metasploit/framework/ntds/parser.rb', line 17

def file_path
  @file_path
end

Instance Method Details

#each_account {|account| ... } ⇒ Object

Yields a [Metasploit::Framework::NTDS::Account] for each account found in the remote NTDS.dit file.

Yields:

  • (account)

Yield Parameters:

Yield Returns:

  • (void)

    does not return a value


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'lib/metasploit/framework/ntds/parser.rb', line 32

def 
  raw_batch_data = pull_batch
  until raw_batch_data.nil?
    batch = raw_batch_data.dup
    while batch.present?
      raw_data = batch.slice!(0,Metasploit::Framework::NTDS::Account::ACCOUNT_SIZE)
      # Make sure our data isn't all Null-bytes
      if raw_data.match(/[^\x00]/)
         = Metasploit::Framework::NTDS::Account.new(raw_data)
        yield 
      end
    end
    raw_batch_data = pull_batch
  end
  channel.close
end