JSON parsing issue on user attributes `remote dial` and `comment` fields potentially others
x676f64 opened this issue · 10 comments
x676f64 commented
Hi, I was recently working on a parser for the json output that feeds into a Pandas dataframe. As I parsed it, I noticed there is a flaw with the way some user attributes are handled. You can see a sanitized example below:
"remote dial": "",
"[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .. .",
"[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[00a0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"[00b0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .": "",
"comment": "<root created=\"REDACTED 15:56:28:054\" updated=\"REDACTED 15:56:28:054\">",
...
" </profiles>": "",
" </settings>": "",
" <settings group=\"general\" />": "",
" </public>": "",
" <protected>REDACTED</protected>": "",
" </data>": "",
" </qpm>": "",
"</root>": "",
As you can see, these attributes are multi-line but the parser is not aware and thus assigns them as keys with no value. The value of comment and remote dial should be an array of string values instead.
These are the two examples I observed but there may be other attributes that exhibit this issue since custom attributes are supported.
I see this is also an issue with the yaml output so it is not specific to the json export. I haven't delved too deeply into your code yet so not sure the best place to insert a fix. Happy to test if you have any ideas though.
cddmp commented
Thanks for opening an issue!
Is this when you use the -d option to get additional user details? If so, then I think the problem is here:
enum4linux-ng/enum4linux-ng.py
Lines 1856 to 1865 in 5fcaf4d
Currently, the code splits at ":" and then takes the remainder of the line. If no ":" is available, it takes the whole line as key. This would explain what you see. This is not very clever and quite "quickly hacked".
The problem I often have is, that I lack proper test systems. Though I tested the tool with a lot of targets, you always miss something. I will work on a solution, but it might take some days.
cddmp commented
@x676f64 could provide me the rpcclient output (redacted) as attachment (redirected into a file, no further processing)? I only need the structure (e.g., I wonder if rpcclient prefixes every line with \t).
x676f64 commented
Thanks for opening an issue! Is this when you use the
-doption to get additional user details? If so, then I think the problem is here:enum4linux-ng/enum4linux-ng.py
Lines 1856 to 1865 in 5fcaf4d
Yes, I am using the detailed flag.
@x676f64 could provide me the rpcclient output (redacted) as attachment (redirected into a file, no further processing)? I only need the structure (e.g., I wonder if rpcclient prefixes every line with \t).
Sure, does this work for you? Here is an example with multi-line comment
rpcclient $> queryuser REDACTED
User Name : REDACTED
Full Name : REDACTED REDACTED
Home Drive :
Dir Drive :
Profile Path:
Logon Script:
Description : REDACTED REDACTED REDACTED
Workstations:
Comment : <root key="value">
<QPM key="value">
<data key="value">
<public>
<settings key="value">
<profiles>
<profile />
</profiles>
</settings>
<settings key="value" />
</public>
<protected><![CDATA[REDACTED BASE64]]></protected>
</data>
</QPM>
</root>
Remote Dial :
Logon Time : Wed, 01 Jan 1969 19:00:00 EST
Logoff Time : Wed, 01 Jan 1969 19:00:00 EST
Kickoff Time : Tue, 01 Jan 2022 00:35:54 EDT
Password last set Time : Sun, 01 Jan 2022 01:04:44 EDT
Password can change Time : Mon, 01 Jan 2022 01:04:44 EDT
Password must change Time: Sat, 01 Jan 2022 01:04:44 EDT
unknown_2[0..31]...
user_rid : 0x001
group_rid: 0x001
acb_info : 0x00000001
fields_present: 0x00ffffff
logon_divs: 0
bad_password_count: 0x00000000
logon_count: 0x00000000
padding1[0..7]...
logon_hrs[0..21]...
Here is a remote dial multi-line example, I have redacted all the bytes but I'm sure you get the idea.
rpcclient $> queryuser REDACTED
User Name : REDACTED
Full Name : REDACTED
Dir Drive : D
Profile Path:
Logon Script: login.bat
Description :
Workstations:
Comment :
Remote Dial :
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02E0] 00 00 00 00 ....
Logon Time : Wed, 31 Dec 1969 19:00:00 EST
Logoff Time : Wed, 31 Dec 1969 19:00:00 EST
Kickoff Time : Wed, 31 Dec 1969 19:00:00 EST
Password last set Time : Tue, 31 Dec 2009 16:07:15 EDT
Password can change Time : Wed, 31 Dec 2009 16:07:15 EDT
Password must change Time: Wed, 31 Dec 30828 22:48:05 EDT
unknown_2[0..31]...
user_rid : 0x001
group_rid: 0x001
acb_info : 0x00000001
fields_present: 0x00ffffff
logon_divs: 0
bad_password_count: 0x00000000
logon_count: 0x00000000
padding1[0..7]...
logon_hrs[0..21]...
cddmp commented
Thanks!
x676f64 commented
Here is a potential solution, let me know what you think. It currently does not escape quotes.
import re
_data = """
User Name : REDACTED
Full Name : REDACTED REDACTED
Home Drive :
Dir Drive :
Profile Path:
Logon Script:
Description : REDACTED REDACTED REDACTED
Workstations:
Comment : <root key="value">
<QPM key="value">
<data key="value">
<public>
<settings key="value">
<profiles>
<profile />
</profiles>
</settings>
<settings key="value" />
</public>
<protected><![CDATA[REDACTED BASE64]]></protected>
</data>
</QPM>
</root>
Remote Dial :
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02E0] 00 00 00 00 ....
Logon Time : Wed, 01 Jan 1969 19:00:00 EST
Logoff Time : Wed, 01 Jan 1969 19:00:00 EST
Kickoff Time : Tue, 01 Jan 2022 00:35:54 EDT
Password last set Time : Sun, 01 Jan 2022 01:04:44 EDT
Password can change Time : Mon, 01 Jan 2022 01:04:44 EDT
Password must change Time: Sat, 01 Jan 2022 01:04:44 EDT
unknown_2[0..31]...
user_rid : 0x001
group_rid: 0x001
acb_info : 0x00000001
fields_present: 0x00ffffff
logon_divs: 0
bad_password_count: 0x00000000
logon_count: 0x00000000
padding1[0..7]...
logon_hrs[0..21]...
"""
regexMatch = r'^\t[A-Za-z][A-Za-z\s_\.0-9]*(:|\[[0-9\.]+\]\.\.\.)(\t|\s)?'
# Function that parses _data and accounts for multi-line values such as with `Comment` and `Remote Dial`
def parse_data(data):
# Split the input string into separate lines
lines = data.splitlines()
# Create an empty dictionary to store parsed data
parsed_data = {}
# Initialize an empty key
key = ''
# Iterate over each line in the input data
for line in lines:
# Check if the line matches the regexMatch regular expression
if re.match(regexMatch, line):
# Check if the line contains a colon or an ellipsis
if ":" in line:
# Split the line on the colon and store the key and value
key, value = line.split(":", 1)
if "..." in line:
# Split the line on the ellipsis and store the key and value
key, value = line.split("...", 1)
# Strip leading and trailing whitespace from the key and value
key = key.strip()
value = value.strip()
# Add the key-value pair to the parsed_data dictionary
parsed_data[key] = value
# If the line did not match the regular expression,
else:
# Check if the key is already in the parsed_data dictionary
if key not in parsed_data:
# If not, add the key to the dictionary with the line as the value
parsed_data[key] = line
# If the key is already in the dictionary,
else:
# append the line to the existing value, with a newline character in between
parsed_data[key] += "\n" + line
# Return the parsed_data dictionary
return parsed_data
parse_data(_data)
Raw output:
{'': '',
'User Name': 'REDACTED',
'Full Name': 'REDACTED REDACTED',
'Home Drive': '',
'Dir Drive': '',
'Profile Path': '',
'Logon Script': '',
'Description': 'REDACTED REDACTED REDACTED',
'Workstations': '',
'Comment': '<root key="value">\n <QPM key="value">\n <data key="value">\n <public>\n <settings key="value">\n <profiles>\n <profile />\n </profiles>\n </settings>\n <settings key="value" />\n </public>\n <protected><![CDATA[REDACTED BASE64]]></protected>\n </data>\n </QPM>\n</root>',
'Remote Dial': '\n[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .\n[02E0] 00 00 00 00 ....',
'Logon Time': 'Wed, 01 Jan 1969 19:00:00 EST',
'Logoff Time': 'Wed, 01 Jan 1969 19:00:00 EST',
'Kickoff Time': 'Tue, 01 Jan 2022 00:35:54 EDT',
'Password last set Time': 'Sun, 01 Jan 2022 01:04:44 EDT',
'Password can change Time': 'Mon, 01 Jan 2022 01:04:44 EDT',
'Password must change Time': 'Sat, 01 Jan 2022 01:04:44 EDT',
'unknown_2[0..31]': '',
'user_rid': '0x001',
'group_rid': '0x001',
'acb_info': '0x00000001',
'fields_present': '0x00ffffff',
'logon_divs': '0',
'bad_password_count': '0x00000000',
'logon_count': '0x00000000',
'padding1[0..7]': '',
'logon_hrs[0..21]': ''}
\n replace with new lines
{'': '',
'User Name': 'REDACTED',
'Full Name': 'REDACTED REDACTED',
'Home Drive': '',
'Dir Drive': '',
'Profile Path': '',
'Logon Script': '',
'Description': 'REDACTED REDACTED REDACTED',
'Workstations': '',
'Comment': '<root key="value">
<QPM key="value">
<data key="value">
<public>
<settings key="value">
<profiles>
<profile />
</profiles>
</settings>
<settings key="value" />
</public>
<protected><![CDATA[REDACTED BASE64]]></protected>
</data>
</QPM>
</root>',
'Remote Dial': '
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . .
[02E0] 00 00 00 00 ....',
'Logon Time': 'Wed, 01 Jan 1969 19:00:00 EST',
'Logoff Time': 'Wed, 01 Jan 1969 19:00:00 EST',
'Kickoff Time': 'Tue, 01 Jan 2022 00:35:54 EDT',
'Password last set Time': 'Sun, 01 Jan 2022 01:04:44 EDT',
'Password can change Time': 'Mon, 01 Jan 2022 01:04:44 EDT',
'Password must change Time': 'Sat, 01 Jan 2022 01:04:44 EDT',
'unknown_2[0..31]': '',
'user_rid': '0x001',
'group_rid': '0x001',
'acb_info': '0x00000001',
'fields_present': '0x00ffffff',
'logon_divs': '0',
'bad_password_count': '0x00000000',
'logon_count': '0x00000000',
'padding1[0..7]': '',
'logon_hrs[0..21]': ''}
cddmp commented
Thank you, will have a look at your code later today or tomorrow. But it looks good so far!
x676f64 commented
See: #33
Thanks for your PR, a left a comment for review. :)
Okay, I removed the line instead of commenting it out. Hope that is fine.
cddmp commented
Thank you, I merged it!