Ejemplo n.º 1
0
        // TODO: use PL object
        public void AddHash(PcapAnalyzer.NetworkHash networkHash)
        {
            _hashesTableUserControl.AddDataToTable(networkHash);

            if (!this.hashesComboBox.Items.Contains(networkHash.HashType))
            {
                this.hashesComboBox.Items.Add(networkHash.HashType);
            }
        }
Ejemplo n.º 2
0
        public void AddHash(PcapAnalyzer.NetworkHash networkHash)
        {
            // TODO: use network context hashes as the only data source
            _hashesTableUserControl.AddDataToTable(networkHash);
            _networkContext.Hashes.Add(networkHash);

            if (!this.hashesComboBox.Items.Contains(networkHash.HashType))
            {
                this.hashesComboBox.Items.Add(networkHash.HashType);
            }
        }
Ejemplo n.º 3
0
        public void HandleHash(PcapAnalyzer.NetworkHash hash)
        {
            // Usually the hashes username is named "User" or "Username".
            var userName = GetPropertyValue(hash, new string[] { "User", "Username" });

            if (userName.Length > 0)
            {
                var edgeText = $"{hash.HashType} Hash";

                // If it is a domain related hash (e.g Kerberos, NTLM)
                if (hash is PcapAnalyzer.IDomainCredential)
                {
                    var domain = (hash as IDomainCredential).GetDoamin();
                    userName = domain.Length > 0 ? @$ "{domain}\{userName}" : userName;
                }

                AddEdge(userName, hash.Destination, edgeText);
                _graph.FindNode(userName).Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightGreen;
            }
Ejemplo n.º 4
0
        private NetworkHash SearchSmtpCramMd5(TcpSession tcpSession, string sessionData)
        {
            NetworkHash credential = null;
            Match       match      = _smtpCramMd5Regex.Match(sessionData);

            if (match.Success)
            {
                credential = new CramMd5Hash()
                {
                    Protocol    = "SMTP",
                    HashType    = "CRAM-MD5",
                    Hash        = match.Groups["Hash"].ToString(),
                    Challenge   = match.Groups["Challenge"].ToString(),
                    Source      = tcpSession.SourceIp,
                    Destination = tcpSession.DestinationIp
                };
            }

            return(credential);
        }
Ejemplo n.º 5
0
        private NetworkLayerObject SearchImapCramMd5Hash(TcpSession tcpSession, string sessionData)
        {
            NetworkHash hash  = null;
            Match       match = _imapCramMd5Regex.Match(sessionData);

            if (match.Success)
            {
                // TODO: Handle the triming at the regex.
                hash = new CramMd5Hash()
                {
                    Protocol    = "IMAP",
                    HashType    = "CRAM-MD5",
                    Challenge   = match.Groups["Challenge"].Value,
                    Hash        = match.Groups["Response"].Value,
                    Source      = tcpSession.SourceIp,
                    Destination = tcpSession.DestinationIp
                };
            }

            return(hash);
        }
Ejemplo n.º 6
0
        public void HandleHash(PcapAnalyzer.NetworkHash hash)
        {
            // Usually the hashes username is named "User" \ "Username".
            var user            = GetPropValue(hash, "User");
            var username        = GetPropValue(hash, "Username");
            var displayUserName = user != null ? user : username;

            if (displayUserName != null)
            {
                var domain = GetPropValue(hash, "Domain");
                if (domain != null)
                {
                    if (domain.ToString().Length > 0)
                    {
                        displayUserName = domain.ToString() + @"\" + displayUserName;
                    }
                }

                var edgeText = $"{hash.HashType} Hash";

                AddEdge(displayUserName.ToString(), hash.Destination, edgeText);
                _graph.FindNode(displayUserName.ToString()).Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightGreen;
            }
        }