Help with RegEx again!

antmar904 · March 22, 2018

Hello

I need help from my RegEx wizards once. I've tried many many RegEx but I can't seem to get it.

Here is the test string:

Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges -

I am trying to get the string "test" after "Account Name:" and the string "test" after "SAM Account Name:".

The string above is from a DC payload when a new AD user account gets created so the payload output should be the same.

Thanks again all for your help!

TheXman · March 22, 2018

Just one of many different solutions

#include <Constants.au3>
#include <Array.au3>


example()

;==========================================================================
;
;==========================================================================
Func example()

    Const $kDATA = "Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges"

    Local $aResult = StringRegExp($kDATA, "Account Name: ([^ ]*).*?SAM Account Name: ([^ ]*)", $STR_REGEXPARRAYMATCH)
    If IsArray($aResult) Then _ArrayDisplay($aResult)

EndFunc

Edited March 22, 2018 by TheXman

antmar904 · March 26, 2018

On 3/22/2018 at 11:21 AM, TheXman said:

Just one of many different solutions

#include <Constants.au3>
#include <Array.au3>


example()

;==========================================================================
;
;==========================================================================
Func example()

    Const $kDATA = "Account Name: test Account Domain: test Logon ID: aasdfasdf New Account: Security ID: test\test Account Name: test Account Domain: test\test Attributes: SAM Account Name: test Display Name: test, tester tested User Principal Name: test@test.com Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: - Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: - SID History: - Logon Hours: <value not set> Additional Information: Privileges"

    Local $aResult = StringRegExp($kDATA, "Account Name: ([^ ]*).*?SAM Account Name: ([^ ]*)", $STR_REGEXPARRAYMATCH)
    If IsArray($aResult) Then _ArrayDisplay($aResult)

EndFunc

thank you @TheXman that worked!

Sign In

Help with RegEx again!

Recommended Posts

antmar904

Link to comment

Share on other sites

TheXman

Link to comment

Share on other sites

antmar904

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta