Example #1
0
 public bool GoldenTicketActivity()
 {
     try
     {
         var tgsList       = new List <BsonDocument>();
         var userEntity    = Users.First(_ => _.Name == "user1");
         var machineEntity = Machines.First(_ => _.Name == "CLIENT1");
         for (var loopIndex = 0; loopIndex <= _saAmount; loopIndex++)
         {
             tgsList.Add(DocumentCreator.KerberosCreator(userEntity, machineEntity,
                                                         DomainControllers.FirstOrDefault(), DomainList.Single(_ => _.Id == userEntity.Domain).Name
                                                         , DomainList.Single(_ => _.Id == machineEntity.Domain).Name, SourceGateway, $"{(Spn)(_random.Next(0, 5))}/{Machines[loopIndex].Name}", null, "Tgs"));
         }
         DbClient.SetCenterProfileForReplay();
         SvcCtrl.StopService("ATACenter");
         DbClient.InsertBatch(tgsList);
         SvcCtrl.StartService("ATACenter");
         return(true);
     }
     catch (Exception e)
     {
         Logger.Error(e);
         return(false);
     }
 }
Example #2
0
        public bool ExecuteSamrDetection()
        {
            try
            {
                var sensitiveGroupList = DbClient.GetSensitiveGroups();

                foreach (var coupledSamr in SamrCouples)
                {
                    var domainController = DomainControllers.First(_ =>
                                                                   _.Domain == DomainList.Single(__ => __.Id == coupledSamr.Machine.Domain).Id);

                    if (coupledSamr.RatingType.ToLower() == "low")
                    {
                        var administratorObject = Users.First(_ => _.Name == "Administrator");

                        ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway));
                        ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
                                                                           $"{(Spn) _random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Tgs", 0,
                                                                           0, ActivitiesList.Last()["_id"].AsObjectId));
                        ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
                                                                           $"{(Spn) _random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Ap", 0,
                                                                           0, ActivitiesList.Last()["_id"].AsObjectId));
                        ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
                                                                       domainController,
                                                                       DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                       , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
                                                                       SamrQueryType.QueryUser, SamrQueryOperation.QueryInformationUser,
                                                                       DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 0,
                                                                       administratorObject));
                    }
                    else
                    {
                        ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway));
                        ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
                                                                           $"{(Spn)_random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Tgs", 0,
                                                                           0, ActivitiesList.Last()["_id"].AsObjectId));
                        ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
                                                                           $"{(Spn)_random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Ap", 0,
                                                                           0, ActivitiesList.Last()["_id"].AsObjectId));

                        foreach (var group in sensitiveGroupList)
                        {
                            ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
                                                                           domainController,
                                                                           DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
                                                                           , DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
                                                                           SamrQueryType.QueryGroup, SamrQueryOperation.QueryInformationGroup,
                                                                           DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 0,
                                                                           group));
                        }
                    }
                }
                InsertActivities();
                return(true);
            }
            catch (Exception e)
            {
                Logger.Debug(e);
                return(false);
            }
        }