public static List <User> GetUserTargets(PlaybookTask playbook_task, Logger logger)
{
PrincipalContext context;
string dc;
List <User> targetusers = new List <User>();
switch (playbook_task.user_target_type)
{
case 1:
logger.TimestampInfo("Targeting playbook defined users");
foreach (string user in playbook_task.user_targets)
{
User nuser = new User(user);
targetusers.Add(nuser);
}
break;
case 2:
context = new PrincipalContext(ContextType.Domain);
dc = context.ConnectedServer;
logger.TimestampInfo("Targeting random domain users");
targetusers = Ldap.GetADUsers(playbook_task.user_target_total, logger, dc, true);
logger.TimestampInfo(String.Format("Obtained {0} user records", targetusers.Count));
break;
case 3:
logger.TimestampInfo("Targeting randomly generated users");
targetusers = Targets.GetRandomUsernames(playbook_task.user_target_total, new Random());
break;
case 4:
logger.TimestampInfo("Targeting administrative accounts (adminCount=1) ");
targetusers = Ldap.GetADAdmins(playbook_task.user_target_total, logger);
logger.TimestampInfo(String.Format("Obtained {0} user records", targetusers.Count));
break;
case 5:
logger.TimestampInfo("Targeting domain admins");
targetusers = Ldap.GetDomainAdmins(logger);
logger.TimestampInfo(String.Format("Obtained {0} user records", targetusers.Count));
break;
case 6:
context = new PrincipalContext(ContextType.Domain);
dc = context.ConnectedServer;
logger.TimestampInfo("Targeting disabled users");
targetusers = Ldap.GetADUsers(playbook_task.user_target_total, logger, dc, false);
logger.TimestampInfo(String.Format("Obtained {0} user records", targetusers.Count));
break;
default:
return(targetusers);
}
return(targetusers);
}
public static SimulationExercise ConvertNavigatorToSimulationExercise(NavigatorLayer layer, string[] supportedtechniques)
{
SimulationExercise engagement = new SimulationExercise();
List <SimulationPlaybook> playbooks = new List <SimulationPlaybook>();
int notsupported = 0;
foreach (NavigatorTechnique technique in layer.techniques)
{
if (Array.IndexOf(supportedtechniques, technique.techniqueID) > -1)
{
SimulationPlaybook playbook = new SimulationPlaybook();
playbook.name = layer.name;
playbook.remote_host = "random";
playbook.scout_full_path = @"C:\Windows\Psexesvc.exe";
playbook.simulator_relative_path = @"\Downloads\Firefox_Installer.exe";
List <PlaybookTask> tasks = new List <PlaybookTask>();
PlaybookTask task = new PlaybookTask();
task.technique_id = technique.techniqueID;
tasks.Add(task);
playbook.tasks = tasks;
playbooks.Add(playbook);
}
else
{
Console.WriteLine("[!] {0} not supported by PurpleSharp", technique.techniqueID);
notsupported += 1;
}
}
engagement.playbooks = playbooks;
//playbook.tasks = tasks;
//engagement.playbooks = new List<SimulationPlaybook>();
//engagement.playbooks.Add(playbook);
Console.WriteLine("[!] Found a total of {0} techniques not supported out of {1}", notsupported.ToString(), layer.techniques.Count.ToString());
Console.WriteLine("[!] Final number of tasks supported: {0}", playbooks.Count.ToString());
return(engagement);
}
public static List <Computer> GetHostTargets(PlaybookTask playbook_task, Logger logger)
{
List <Computer> host_targets = new List <Computer>();
Computer host_target = new Computer();
IPAddress ipAddress = null;
bool isValidIp;
switch (playbook_task.host_target_type)
{
case 1:
if (playbook_task.host_targets.Length > 1)
{
foreach (string target in playbook_task.host_targets)
{
isValidIp = IPAddress.TryParse(target, out ipAddress);
if (isValidIp)
{
host_target = new Computer("", target);
}
else
{
host_target = new Computer(target, Networking.ResolveHostname(target).ToString());
}
host_targets.Add(host_target);
}
logger.TimestampInfo(String.Format("Using {0} targets defined in the playbook", playbook_task.host_targets.Length.ToString()));
}
else
{
isValidIp = IPAddress.TryParse(playbook_task.host_targets[0], out ipAddress);
if (isValidIp)
{
host_target = new Computer("", playbook_task.host_targets[0]);
}
else
{
host_target = new Computer(playbook_task.host_targets[0], Networking.ResolveHostname(playbook_task.host_targets[0]).ToString());
}
logger.TimestampInfo(String.Format("Using {0} {1} as the target", host_target.ComputerName, host_target.IPv4));
host_targets.Add(host_target);
}
break;
case 2:
logger.TimestampInfo("Targeting a random domain hosts");
host_targets = GetDomainNeighborTargets(playbook_task.host_target_total, logger);
logger.TimestampInfo(String.Format("Obtained {0} host records", host_targets.Count));
/*
* // Pick one random host
* var random = new Random();
* int index = random.Next(host_targets.Count);
* host_target = host_targets[index];
* logger.TimestampInfo(String.Format("Randomly picked {0} {1} as the target", host_target.ComputerName, host_target.IPv4));
* host_targets.Clear();
* host_targets.Add(host_target);
*/
break;
default:
return(host_targets);
}
return(host_targets);
}
public static List <Computer> GetHostTargets(PlaybookTask playbook_task, Logger logger)
{
List <Computer> host_targets = new List <Computer>();
Computer host_target = new Computer();
bool isValidIp;
switch (playbook_task.host_target_type)
{
case 1:
IPAddress ipAddress = null;
isValidIp = IPAddress.TryParse(playbook_task.host_targets[0], out ipAddress);
if (isValidIp)
{
host_target = new Computer("", playbook_task.host_targets[0]);
}
else
{
host_target = new Computer(playbook_task.host_targets[0], Networking.ResolveHostname(playbook_task.host_targets[0]).ToString());
}
logger.TimestampInfo(String.Format("Using {0} {1} as the target", host_target.ComputerName, host_target.IPv4));
host_targets.Add(host_target);
break;
case 2:
logger.TimestampInfo("Targeting a random domain host target");
host_targets = GetDomainNeighborTargets(playbook_task.host_target_total, logger);
logger.TimestampInfo(String.Format("Obtained {0} host records", host_targets.Count));
var random = new Random();
int index = random.Next(host_targets.Count);
host_target = host_targets[index];
logger.TimestampInfo(String.Format("Randomly picked {0} {1} as the target", host_target.ComputerName, host_target.IPv4));
host_targets.Clear();
host_targets.Add(host_target);
break;
case 3:
//TODO: This option is not needed, It can be part of case 1.
logger.TimestampInfo(String.Format("Targeting {0} hosts defined in playbook", playbook_task.host_targets.Length));
for (int i = 0; i < playbook_task.host_targets.Length; i++)
{
isValidIp = IPAddress.TryParse(playbook_task.host_targets[i], out ipAddress);
if (isValidIp)
{
host_target = new Computer("", playbook_task.host_targets[i]);
}
else
{
host_target = new Computer(playbook_task.host_targets[i], Networking.ResolveHostname(playbook_task.host_targets[i]).ToString());
}
host_targets.Add(host_target);
}
break;
case 4:
logger.TimestampInfo("Targeting random domain hosts");
host_targets = GetDomainNeighborTargets(playbook_task.host_target_total, logger);
logger.TimestampInfo(String.Format("Obtained {0} host records", host_targets.Count));
break;
default:
return(host_targets);
}
return(host_targets);
}
