CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/metasploit/framework/ntds/parser.rb
Views: 1904
1
module Metasploit

2
  module Framework

3
    module NTDS

4
      require 'metasploit/framework/ntds/account'

5
      # This class represent an NTDS parser. It interacts with the Meterpreter Client

6
      # to provide a simple interface for enumerating AD user accounts.

7
      class Parser

8


9
        # The size, in Bytes, of a batch of NTDS accounts

10
        BATCH_SIZE = (Metasploit::Framework::NTDS::Account::ACCOUNT_SIZE * 20)

11


12
        #@return [Rex::Post::Meterpreter::Channels::Pool] The Meterpreter NTDS Parser Channel

13
        attr_accessor :channel

14
        #@return [Msf::Session] The Meterpreter Client

15
        attr_accessor :client

16
        #@return [String] The path to the NTDS.dit file on the remote system

17
        attr_accessor :file_path

18


19
        def initialize(client, file_path='')

20
          raise ArgumentError, "Invalid Filepath" unless file_path.present?

21
          @file_path = file_path

22
          @channel = client.extapi.ntds.parse(file_path)

23
          @client = client

24
        end

25


26
        # Yields a [Metasploit::Framework::NTDS::Account] for each account found

27
        # in the remote NTDS.dit file.

28
        #

29
        # @yield [account]

30
        # @yieldparam account [Metasploit::Framework::NTDS::Account] an AD user account

31
        # @yieldreturn [void] does not return a value

32
         def each_account

33
           raw_batch_data = pull_batch

34
           until raw_batch_data.nil?

35
             batch = raw_batch_data.dup

36
             while batch.present?

37
               raw_data = batch.slice!(0,Metasploit::Framework::NTDS::Account::ACCOUNT_SIZE)

38
               # Make sure our data isn't all Null-bytes

39
               if raw_data.match(/[^\x00]/)

40
                 account = Metasploit::Framework::NTDS::Account.new(raw_data)

41
                 yield account

42
               end

43
             end

44
             raw_batch_data = pull_batch

45
           end

46
           channel.close

47
         end

48


49
        private

50


51
        def pull_batch

52
          if channel.cid.nil?

53
            dlog("NTDS Parser Channel was closed, reopening")

54
            reopen_channel

55
          end

56
          begin

57
            raw_batch_data = channel.read(BATCH_SIZE)

58
          rescue EOFError => e

59
            elog('NTDS Parser: Error pulling batch', error: e)

60
            raw_batch_data = nil

61
          end

62
          raw_batch_data

63
        end

64


65
        def reopen_channel

66
          @channel = client.extapi.ntds.parse(file_path)

67
        end

68


69
      end

70
    end

71
  end

72
end

73


74