Jump to content
antmar904

Help with RegEx again!

Recommended Posts

antmar904

Hello

I need help from my RegEx wizards once.  I've tried many many RegEx but I can't seem to get it.  

Here is the test string:

Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges -

I am trying to get the string "test" after "Account Name:" and the string "test" after "SAM Account Name:".

The string above is from a DC payload when a new AD user account gets created so the payload output should be the same.

Thanks again all for your help!

 

Share this post


Link to post
Share on other sites
TheXman
Posted (edited)

Just one of many different solutions

#include <Constants.au3>
#include <Array.au3>


example()

;==========================================================================
;
;==========================================================================
Func example()

    Const $kDATA = "Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges"

    Local $aResult = StringRegExp($kDATA, "Account Name: ([^ ]*).*?SAM Account Name: ([^ ]*)", $STR_REGEXPARRAYMATCH)
    If IsArray($aResult) Then _ArrayDisplay($aResult)

EndFunc

 

Edited by TheXman
  • Thanks 1

Whoever said that there's no such thing as a dumb question, probably asked a lot of DUMB questions.  Dumb questions are ones that you can easily find the answer to on your own.

Share this post


Link to post
Share on other sites
antmar904
On 3/22/2018 at 11:21 AM, TheXman said:

Just one of many different solutions

#include <Constants.au3>
#include <Array.au3>


example()

;==========================================================================
;
;==========================================================================
Func example()

    Const $kDATA = "Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges"

    Local $aResult = StringRegExp($kDATA, "Account Name: ([^ ]*).*?SAM Account Name: ([^ ]*)", $STR_REGEXPARRAYMATCH)
    If IsArray($aResult) Then _ArrayDisplay($aResult)

EndFunc

 

thank you @TheXman that worked!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×