Beispiel #1
0
        private void GenerateTrustInformation()
        {
            List <string> knowndomains = new List <string>();

            GenerateSubSection("Discovered domains");
            AddBeginTable();
            AddHeaderText("Domain");
            AddHeaderText("Trust Partner");
            AddHeaderText("Type");
            AddHeaderText("Attribut");
            AddHeaderText("Direction");
            AddHeaderText("SID Filtering active");
            AddHeaderText("TGT Delegation");
            AddHeaderText("Creation");
            AddHeaderText("Is Active ?");
            AddBeginTableData();
            foreach (HealthcheckData data in Report)
            {
                if (!knowndomains.Contains(data.DomainFQDN))
                {
                    knowndomains.Add(data.DomainFQDN);
                }
                data.Trusts.Sort(
                    (HealthCheckTrustData a, HealthCheckTrustData b)
                    =>
                {
                    return(String.Compare(a.TrustPartner, b.TrustPartner));
                }
                    );

                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!knowndomains.Contains(trust.TrustPartner))
                    {
                        knowndomains.Add(trust.TrustPartner);
                    }
                    AddBeginRow();
                    AddPrintDomain(data.Domain);
                    AddPrintDomain(trust.Domain);
                    AddCellText(TrustAnalyzer.GetTrustType(trust.TrustType));
                    AddCellText(TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes));
                    AddCellText(TrustAnalyzer.GetTrustDirection(trust.TrustDirection));
                    AddCellText(TrustAnalyzer.GetSIDFiltering(trust));
                    AddCellText(TrustAnalyzer.GetTGTDelegation(trust));
                    AddCellDate(trust.CreationDate);
                    AddCellText(trust.IsActive.ToString());
                    AddEndRow();
                }
            }
            AddEndTable();
            GenerateSubSection("Other discovered domains");
            AddBeginTable();
            AddHeaderText("From");
            AddHeaderText("Reachable domain");
            AddHeaderText("Discovered using");
            AddHeaderText("Netbios");
            AddHeaderText("Creation date");
            AddBeginTableData();
            foreach (HealthcheckData data in Report)
            {
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (trust.KnownDomains == null)
                    {
                        continue;
                    }
                    trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b)
                                            =>
                    {
                        return(String.Compare(a.DnsName, b.DnsName));
                    }
                                            );
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        AddBeginRow();
                        AddPrintDomain(data.Domain);
                        AddCellText(di.DnsName);
                        AddCellText(trust.TrustPartner);
                        AddCellText(di.NetbiosName);
                        AddCellDate(di.CreationDate);
                        AddEndRow();
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        AddBeginRow();
                        AddPrintDomain(data.Domain);
                        AddCellText(di.DnsName);
                        AddCellText("Unknown");
                        AddCellText(di.NetbiosName);
                        AddCellText("Unknown");
                        AddEndRow();
                    }
                }
            }

            AddEndTable();

            // prepare a SID map to locate unknown account
            SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>();

            GenerateSubSection("SID Map");
            AddBeginTable();
            AddHeaderText("Domain");
            AddHeaderText("Domain SID");
            AddBeginTableData();
            foreach (HealthcheckData data in Report)
            {
                if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid))
                {
                    sidmap.Add(data.DomainFQDN, data.DomainSid);
                }
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID))
                    {
                        sidmap.Add(trust.TrustPartner, trust.SID);
                    }
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (string domain in sidmap.Keys)
            {
                AddBeginRow();
                AddCellText(domain);
                AddCellText(sidmap[domain]);
                AddEndRow();
            }
            AddEndTable();
        }
Beispiel #2
0
        private void GenerateTrustInformation()
        {
            List <string> knowndomains = new List <string>();

            GenerateSubSection("Discovered domains");
            Add(@"
		<div class=""row"">
			<div class=""col-md-12 table-responsive"">
				<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
					<thead><tr>
						<th>Domain</th>
						<th>Trust Partner</th>
						<th>Type</th>
						<th>Attribut</th>
						<th>Direction</th>
						<th>SID Filtering active</th>
						<th>Creation</th>
						<th>Is Active ?</th>
						</tr>
					</thead>
					<tbody>
");
            foreach (HealthcheckData data in Report)
            {
                if (!knowndomains.Contains(data.DomainFQDN))
                {
                    knowndomains.Add(data.DomainFQDN);
                }
                data.Trusts.Sort(
                    (HealthCheckTrustData a, HealthCheckTrustData b)
                    =>
                {
                    return(String.Compare(a.TrustPartner, b.TrustPartner));
                }
                    );

                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!knowndomains.Contains(trust.TrustPartner))
                    {
                        knowndomains.Add(trust.TrustPartner);
                    }
                    Add(@"
						<tr>
							<td class='text'>"                             + PrintDomain(data.Domain) + @"</td>
							<td class='text'>"                             + PrintDomain(trust.Domain) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetTrustType(trust.TrustType) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetTrustDirection(trust.TrustDirection) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetSIDFiltering(trust) + @"</td>
							<td class='text'>"                             + trust.CreationDate.ToString("u") + @"</td>
							<td class='text'>"                             + trust.IsActive + @"</td>
						</tr>
");
                }
            }
            Add(@"
					</tbody>
				</table>
			</div>
		</div>
");
            GenerateSubSection("Other discovered domains");
            Add(@"
		<div class=""row"">
			<div class=""col-md-12 table-responsive"">
				<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
					<thead><tr> 
						<th>From</th>
						<th>Reachable domain</th>
						<th>Via</th>
						<th>Netbios</th>
						<th>Creation date</th>
						</tr>
					</thead>
					<tbody>
");
            foreach (HealthcheckData data in Report)
            {
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (trust.KnownDomains == null)
                    {
                        continue;
                    }
                    trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b)
                                            =>
                    {
                        return(String.Compare(a.DnsName, b.DnsName));
                    }
                                            );
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        Add(@"
						<tr>
							<td class='text'>"                            );
                        Add(PrintDomain(data.Domain));
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(di.DnsName);
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(trust.TrustPartner);
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(di.NetbiosName);
                        Add(@"</td>
							<td class='text'>"                            );
                        Add(di.CreationDate);
                        Add(@"</td>
						</tr>
");
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        Add(@"
						<tr>
							<td class='text'>"                            );
                        Add(PrintDomain(data.Domain));
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(di.DnsName);
                        Add(@"</td>
							<td class='text'>Unknown</td>
							<td class='text'>"                            );
                        AddEncoded(di.NetbiosName);
                        Add(@"</td>
							<td class='text'>Unknown</td>
						</tr>
");
                    }
                }
            }

            Add(@"
					</tbody>
				</table>
			</div>
		</div>
");

            // prepare a SID map to locate unknown account
            SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>();

            GenerateSubSection("SID Map");
            Add(@"
		<div class=""row"">
			<div class=""col-md-12 table-responsive"">
				<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
					<thead><tr>
						<th>Domain</th>
						<th>Domain SID</th>
						</tr>
					</thead>
					<tbody>
");
            foreach (HealthcheckData data in Report)
            {
                if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid))
                {
                    sidmap.Add(data.DomainFQDN, data.DomainSid);
                }
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID))
                    {
                        sidmap.Add(trust.TrustPartner, trust.SID);
                    }
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (string domain in sidmap.Keys)
            {
                Add(@"
						<tr>
							<td class='text'>"                            );
                AddEncoded(domain);
                Add(@"</td>
							<td class='text'>"                            );
                Add(sidmap[domain]);
                Add(@"</td>
						</tr>
");
            }
            Add(@"
					</tbody>
				</table>
			</div>
		</div>
");
        }
Beispiel #3
0
        public bool AnalysisTask <T>(string server) where T : IPingCastleReport
        {
            Trace.WriteLine("Working on " + server);
            if (server == "*" && InteractiveMode)
            {
                Trace.WriteLine("Setting reachable domains to on because interactive + server = *");
                AnalyzeReachableDomains = true;
            }
            if (server.Contains("*"))
            {
                List <string> domains = GetListOfDomainToExploreFromGenericName(server);
                int           i       = 1;

                foreach (var domain in domains)
                {
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("");
                    string display = "Starting the report for " + domain + " (" + i++ + "/" + domains.Count + ")";
                    Console.WriteLine(display);
                    Console.WriteLine(new String('=', display.Length));
                    Console.ResetColor();
                    PerformTheAnalysis <T>(domain);
                }
            }
            else
            {
                var data   = PerformTheAnalysis <T>(server);
                var hcData = data as HealthcheckData;
                // do additional exploration based on trust results ?
                if (hcData != null && (ExploreTerminalDomains || ExploreForestTrust))
                {
                    if (hcData.Trusts != null)
                    {
                        List <string> domainToExamine = new List <string>();
                        foreach (var trust in hcData.Trusts)
                        {
                            string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes);
                            string direction  = TrustAnalyzer.GetTrustDirection(trust.TrustDirection);
                            if (direction.Contains("Inbound") || direction.Contains("Disabled"))
                            {
                                continue;
                            }
                            if (attributes.Contains("Intra-Forest"))
                            {
                                continue;
                            }
                            // explore forest trust only if explore forest trust is set
                            if (attributes.Contains("Forest Trust"))
                            {
                                if (ExploreForestTrust)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                    if (trust.KnownDomains != null)
                                    {
                                        foreach (var di in trust.KnownDomains)
                                        {
                                            if (!ShouldTheDomainBeNotExplored(di.DnsName))
                                            {
                                                domainToExamine.Add(di.DnsName);
                                            }
                                        }
                                    }
                                }
                            }
                            else
                            {
                                if (ExploreTerminalDomains)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                }
                            }
                        }
                        Console.ForegroundColor = ConsoleColor.Yellow;
                        Console.WriteLine("List of domains that will be queried");
                        Console.ResetColor();
                        foreach (var domain in domainToExamine)
                        {
                            Console.WriteLine(domain);
                        }
                        foreach (string domain in domainToExamine)
                        {
                            PerformTheAnalysis <T>(domain);
                        }
                    }
                }
                return(hcData != null);
            }
            return(true);
        }
Beispiel #4
0
        public bool HeatlthCheckTask(string server, Dictionary <string, string> xmlreports, Dictionary <string, string> htmlreports)
        {
            Trace.WriteLine("Working on " + server);
            if (server == "*" && InteractiveMode)
            {
                Trace.WriteLine("Setting reachable domains to on because interactive + server = *");
                AnalyzeReachableDomains = true;
            }
            if (server.Contains("*"))
            {
                List <HealthcheckAnalyzer.ReachableDomainInfo> domains = null;
                StartTask("Exploration",
                          () =>
                {
                    HealthcheckAnalyzer hcroot = new HealthcheckAnalyzer();
                    domains = hcroot.GetAllReachableDomains(ADWSPort, Credential);
                    List <HealthcheckAnalyzer.ReachableDomainInfo> domainsfiltered = new List <HealthcheckAnalyzer.ReachableDomainInfo>();
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("List of domains that will be queried");
                    Console.ResetColor();
                    foreach (var domain in domains)
                    {
                        if (compareStringWithWildcard(server, domain.domain) && !ShouldTheDomainBeNotExplored(domain.domain))
                        {
                            domainsfiltered.Add(domain);
                            Console.WriteLine(domain.domain);
                        }
                    }
                    domains = domainsfiltered;
                });
                int i = 1;

                foreach (var domain in domains)
                {
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("");
                    string display = "Starting the report for " + domain.domain + " (" + i++ + "/" + domains.Count + ")";
                    Console.WriteLine(display);
                    Console.WriteLine(new String('=', display.Length));
                    Console.ResetColor();
                    HealthcheckData hcData;
                    HealthcheckSubTask(domain.domain, xmlreports, htmlreports, AnalyzeReachableDomains, out hcData);
                }
            }
            else
            {
                HealthcheckData hcData;
                bool            output = HealthcheckSubTask(server, xmlreports, htmlreports, AnalyzeReachableDomains, out hcData);
                // do additional exploration based on trust results ?
                if (output && (ExploreTerminalDomains || ExploreForestTrust))
                {
                    if (hcData.Trusts != null)
                    {
                        List <string> domainToExamine = new List <string>();
                        foreach (var trust in hcData.Trusts)
                        {
                            string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes);
                            string direction  = TrustAnalyzer.GetTrustDirection(trust.TrustDirection);
                            if (direction.Contains("Inbound") || direction.Contains("Disabled"))
                            {
                                continue;
                            }
                            if (attributes.Contains("Intra-Forest"))
                            {
                                continue;
                            }
                            // explore forest trust only if explore forest trust is set
                            if (attributes.Contains("Forest Trust"))
                            {
                                if (ExploreForestTrust)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                    if (trust.KnownDomains != null)
                                    {
                                        foreach (var di in trust.KnownDomains)
                                        {
                                            if (!ShouldTheDomainBeNotExplored(di.DnsName))
                                            {
                                                domainToExamine.Add(di.DnsName);
                                            }
                                        }
                                    }
                                }
                            }
                            else
                            {
                                if (ExploreTerminalDomains)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                }
                            }
                        }
                        Console.ForegroundColor = ConsoleColor.Yellow;
                        Console.WriteLine("List of domains that will be queried");
                        Console.ResetColor();
                        foreach (var domain in domainToExamine)
                        {
                            Console.WriteLine(domain);
                        }
                        foreach (string domain in domainToExamine)
                        {
                            HealthcheckData hcDataTemp;
                            HealthcheckSubTask(domain, xmlreports, htmlreports, AnalyzeReachableDomains, out hcDataTemp);
                        }
                    }
                }
                return(output);
            }
            return(true);
        }