metasploit-framework

https://github.com/rapid7/metasploit-framework

Ruby

Metasploit Framework

Msf::Post::Windows::Accounts#resolve_sid

resolve_sid(sid, system_name = nil)

Summary:
  Retrieves the name, domain, and type of account for the given sid

Parameters:
  sid         - A SID string (e.g. S-1-5-32-544)
  system_name - Where to search. If nil, first local system then trusted DCs

Returns:
  {
    name:   account name (e.g. "SYSTEM")
    domain: domain where the account name was found. May have values such as
            the work station's name, BUILTIN, NT AUTHORITY, or an empty string
    type:   one of :user, :group, :domain, :alias, :well_known_group,
            :deleted_account, :invalid, :unknown, :computer
    mapped: There was a mapping found for the SID
  }

  OR nil if there was an exceptional Windows error (example: ran out of memory)

Caveats:
  If a valid mapping is not found, only { mapped: false } will be returned
  nil is returned if there is an *exceptional* Windows error. That error is printed.
  If an invalid system_name is provided, there will be a Windows error and nil returned

Source | Google | Stack overflow

Edit

git clone [email protected]:rapid7/metasploit-framework.git

cd metasploit-framework

open lib/msf/core/post/windows/accounts.rb

Contribute

# Make a new branch

git checkout -b -your-name--update-docs-Msf--Post--Windows--Accounts-resolve_sid-for-pr

# Commit to git

git add lib/msf/core/post/windows/accounts.rbgit commit -m "better docs for Msf::Post::Windows::Accounts#resolve_sid"

# Open pull request

gem install hub # on a mac you can `brew install hub`

hub fork

git push <your name> -your-name--update-docs-Msf--Post--Windows--Accounts-resolve_sid-for-pr

hub pull-request

# Celebrate!