Upgraded go-ese and flushes file when dumping NTDS.DIT - still not wo…

…rking but much closer now
lkarlslund · Feb 7, 2024 · 91b2607 · 91b2607
1 parent c1987cd
commit 91b2607
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 46 deletions.
diff --git a/go.mod b/go.mod
@@ -110,7 +110,7 @@ require (
 	github.com/jcmturner/gokrb5/v8 v8.4.4
 	github.com/lkarlslund/gonk v0.0.0-20231113084556-53a1781342e9
 	github.com/peterrk/slices v1.0.0
-	www.velocidex.com/golang/go-ese v0.2.0
+	www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -903,5 +903,5 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-www.velocidex.com/golang/go-ese v0.2.0 h1:8/hzEMupfqEF0oMi1/EzsMN1xLN0GBFcB3GqxqRnb9s=
-www.velocidex.com/golang/go-ese v0.2.0/go.mod h1:6fC9T6UGLbM7icuA0ugomU5HbFC5XA5I30zlWtZT8YE=
+www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b h1:3pFfQuY3k0qViJDlLqmUfGP4YkQIl25Vc/Uq8Pl0qLA=
+www.velocidex.com/golang/go-ese v0.2.1-0.20240207005444-85d57b555f8b/go.mod h1:6fC9T6UGLbM7icuA0ugomU5HbFC5XA5I30zlWtZT8YE=
diff --git a/modules/integrations/activedirectory/collect/ntdsdit.go b/modules/integrations/activedirectory/collect/ntdsdit.go
@@ -233,7 +233,7 @@ func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error
 		e = msgp.NewWriter(boutfile)
 	}
 	var objects []activedirectory.RawObject
-	fmt.Println(catalog.Dump())
+	// fmt.Println(catalog.Dump())
 
 	err = catalog.DumpTable("datatable", func(row *ordereddict.Dict) error {
 		var item activedirectory.RawObject
@@ -392,10 +392,6 @@ func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error
 				}
 
 				if len(resultval) > 0 {
-					if fieldname == "ATTm1572870" || usedname == "whenChanged" {
-						ui.Debug().Msgf("DN %v has values %v for field %v (%v)", item.DistinguishedName, resultval, fieldname, usedname)
-					}
-
 					item.Attributes[usedname] = resultval
 				}
 			}
@@ -447,45 +443,10 @@ func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error
 		}
 		return nil
 	})
-	return objects, err
-
-	/*
-		tables := make(map[int64]Table)
-
-		err = catalog.DumpTable("MSysObjects", func(row *ordereddict.Dict) error {
-			tableid, _ := row.GetInt64("ObjidTable")
-			typ, _ := row.GetInt64("Type")
-			name, _ := row.GetString("Name")
-			switch typ {
-			case 1:
-				// Table info
-				tables[tableid] = Table{
-					Name:   name,
-					Fields: make(map[int64]string),
-				}
-			case 2:
-				// Field info
-				fieldid, _ := row.GetInt64("Id")
-				tables[tableid].Fields[fieldid] = name
-			}
-
-			// serialized, err := json.Marshal(row)
-			// if err != nil {
-			// 	return err
-			// }
 
-			// count++
-			// fmt.Printf("%v\n", string(serialized))
-
-			return nil
-		})
-
-		j, _ := json.MarshalIndent(tables, "", "  ")
-		fmt.Println(j)
-	*/
-	// fmt.Println(catalog.Dump())
-
-	// bar := ui.ProgressBar("Converting objects from AD Explorer snapshot", int(header.ObjectCount))
+	if e != nil {
+		e.Flush()
+	}
 
 	return objects, err
 }