1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-12 12:14:29 +01:00
David Maloney 2fa794f1c9 more cleanup/split up
split the date stuff up into their own subfunction tooo

MSP-12356
2015-05-06 14:00:15 -05:00

79 lines
3.1 KiB
C
Executable File

#ifndef _METERPRETER_SOURCE_EXTENSION_PRIV_PRIV_SERVER_NTDS_JET_H
#define _METERPRETER_SOURCE_EXTENSION_PRIV_PRIV_SERVER_NTDS_JET_H
#include <esent.h>
#pragma comment(lib, "esent")
/*! @brief Typedef for the jetState struct. */
struct jetState{
TCHAR ntdsPath[255];
JET_INSTANCE jetEngine;
JET_SESID jetSession;
JET_DBID jetDatabase;
JET_TABLEID jetTable;
};
/*! @brief Typedef for the ntdsColumns struct. */
struct ntdsColumns{
JET_COLUMNDEF accountName;
JET_COLUMNDEF accountType;
JET_COLUMNDEF accountExpiry;
JET_COLUMNDEF accountDescription;
JET_COLUMNDEF accountControl;
JET_COLUMNDEF encryptionKey;
JET_COLUMNDEF lastLogon;
JET_COLUMNDEF lastPasswordChange;
JET_COLUMNDEF lmHash;
JET_COLUMNDEF lmHistory;
JET_COLUMNDEF logonCount;
JET_COLUMNDEF ntHash;
JET_COLUMNDEF ntHistory;
JET_COLUMNDEF accountSID;
};
/*! @brief Typedef for the ntdsAccount struct. */
struct ntdsAccount{
wchar_t accountName[20];
wchar_t accountDescription[1024];
DWORD accountRID;
BOOL accountDisabled;
BOOL accountLocked;
BOOL noPassword;
BOOL passNoExpire;
BOOL passExpired;
int logonCount;
int numNTHistory;
int numLMHistory;
char expiryDate[30];
char logonDate[30];
char logonTime[30];
char passChangeDate[30];
char passChangeTime[30];
char lmHash[33];
char ntHash[33];
char lmHistory[792];
char ntHistory[792];
unsigned char accountSID[24];
};
// UserAccountControl Flags
#define NTDS_ACCOUNT_DISABLED 0x00000002
#define NTDS_ACCOUNT_LOCKED 0x00000010
#define NTDS_ACCOUNT_NO_PASS 0x00000020
#define NTDS_ACCOUNT_PASS_NO_EXPIRE 0x00010000
#define NTDS_ACCOUNT_PASS_EXPIRED 0x00800000
JET_ERR engine_shutdown(struct jetState *ntdsState);
JET_ERR engine_startup(struct jetState *ntdsState);
JET_ERR find_first(struct jetState *ntdsState);
JET_ERR get_column_info(struct jetState *ntdsState, struct ntdsColumns *accountColumns);
JET_ERR get_PEK(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct encryptedPEK *pekEncrypted);
JET_ERR next_user(struct jetState *ntdsState, struct ntdsColumns *accountColumns);
JET_ERR open_database(struct jetState *ntdsState);
JET_ERR read_user(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct decryptedPEK *pekDecrypted, struct ntdsAccount *userAccount);
JET_ERR read_table(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct decryptedPEK *pekDecrypted);
JET_ERR read_user_hash_history(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct decryptedPEK *pekDecrypted, struct ntdsAccount *userAccount);
JET_ERR read_user_lm_hash(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct decryptedPEK *pekDecrypted, struct ntdsAccount *userAccount);
JET_ERR read_user_nt_hash(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct decryptedPEK *pekDecrypted, struct ntdsAccount *userAccount);
JET_ERR read_user_dates(struct jetState *ntdsState, struct ntdsColumns *accountColumns, struct decryptedPEK *pekDecrypted, struct ntdsAccount *userAccount);
#endif