Help with RegEx again!

[antmar904]

Hello

I need help from my RegEx wizards once.  I've tried many many RegEx but I can't seem to get it.  

Here is the test string:

Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges -

I am trying to get the string "test" after "Account Name:" and the string "test" after "SAM Account Name:".

The string above is from a DC payload when a new AD user account gets created so the payload output should be the same.

Thanks again all for your help!

 

[TheXman]

Just one of many different solutions

#include <Constants.au3>
#include <Array.au3>


example()

;==========================================================================
;
;==========================================================================
Func example()

    Const $kDATA = "Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges"

    Local $aResult = StringRegExp($kDATA, "Account Name: ([^ ]*).*?SAM Account Name: ([^ ]*)", $STR_REGEXPARRAYMATCH)
    If IsArray($aResult) Then _ArrayDisplay($aResult)

EndFunc

 

Edited March 22, 2018 by TheXman

[antmar904]

On 3/22/2018 at 11:21 AM, TheXman said:

Just one of many different solutions

#include <Constants.au3>
#include <Array.au3>


example()

;==========================================================================
;
;==========================================================================
Func example()

    Const $kDATA = "Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges"

    Local $aResult = StringRegExp($kDATA, "Account Name: ([^ ]*).*?SAM Account Name: ([^ ]*)", $STR_REGEXPARRAYMATCH)
    If IsArray($aResult) Then _ArrayDisplay($aResult)

EndFunc

 

thank you @TheXman that worked!