Example #1
0
 public bool NullTrustsTask()
 {
     return(StartTask("Null Session",
                      () =>
     {
         nrpc session = new nrpc();;
         Console.WriteLine("Trusts obtained via null session");
         List <TrustedDomain> domains;
         int res = session.DsrEnumerateDomainTrusts(Server, 0x3F, out domains);
         if (res != 0)
         {
             Console.WriteLine("Error " + res + " (" + new Win32Exception(res).Message + ")");
             return;
         }
         Console.WriteLine("Success");
         int i = 0;
         foreach (var domain in domains)
         {
             Console.WriteLine("=== Trust " + i++ + "===");
             Console.WriteLine("DnsDomainName: " + domain.DnsDomainName);
             Console.WriteLine("NetbiosDomainName: " + domain.NetbiosDomainName);
             Console.WriteLine("TrustAttributes: " + TrustAnalyzer.GetTrustAttribute(domain.TrustAttributes) + " (" + domain.TrustAttributes + ")");
             Console.WriteLine("TrustType: " + TrustAnalyzer.GetTrustType(domain.TrustType) + " (" + domain.TrustType + ")");
             Console.WriteLine("Flags: " + domain.Flags);
             Console.WriteLine("DomainGuid: " + domain.DomainGuid);
             Console.WriteLine("DomainSid: " + domain.DomainSid);
             Console.WriteLine("ParentIndex: " + domain.ParentIndex);
         }
     }
                      ));
 }
Example #2
0
        public void Export(string filename)
        {
            DisplayAdvancement("Starting");
            nrpc session = new nrpc();;

            DisplayAdvancement("Trusts obtained via null session");
            List <TrustedDomain> domains;
            int res = session.DsrEnumerateDomainTrusts(Server, 0x3F, out domains);

            if (res != 0)
            {
                DisplayAdvancement("Error " + res + " (" + new Win32Exception(res).Message + ")");
                return;
            }
            DisplayAdvancement("Success - " + domains.Count + " trusts found");
            using (StreamWriter sw = File.CreateText(filename))
            {
                sw.WriteLine("Trust index,DnsDomainName,NetbiosDomainName,TrustAttributes,TrustType,Flags,DomainGuid,DomainSid,ParentIndex");
                int i = 0;
                foreach (var domain in domains)
                {
                    sw.WriteLine(i++ + "\t" + domain.DnsDomainName + "\t" + domain.NetbiosDomainName + "\t" +
                                 TrustAnalyzer.GetTrustAttribute(domain.TrustAttributes) + " (" + domain.TrustAttributes + ")" + "\t" +
                                 TrustAnalyzer.GetTrustType(domain.TrustType) + " (" + domain.TrustType + ")" + "\t" + domain.Flags + "\t" +
                                 domain.DomainGuid + "\t" + domain.DomainSid + "\t" + domain.ParentIndex);
                }
            }
        }
Example #3
0
        private void GenerateTrustInformation()
        {
            List <string> knowndomains = new List <string>();

            GenerateSubSection("Discovered domains");
            AddBeginTable();
            AddHeaderText("Domain");
            AddHeaderText("Trust Partner");
            AddHeaderText("Type");
            AddHeaderText("Attribut");
            AddHeaderText("Direction");
            AddHeaderText("SID Filtering active");
            AddHeaderText("TGT Delegation");
            AddHeaderText("Creation");
            AddHeaderText("Is Active ?");
            AddBeginTableData();
            foreach (HealthcheckData data in Report)
            {
                if (!knowndomains.Contains(data.DomainFQDN))
                {
                    knowndomains.Add(data.DomainFQDN);
                }
                data.Trusts.Sort(
                    (HealthCheckTrustData a, HealthCheckTrustData b)
                    =>
                {
                    return(String.Compare(a.TrustPartner, b.TrustPartner));
                }
                    );

                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!knowndomains.Contains(trust.TrustPartner))
                    {
                        knowndomains.Add(trust.TrustPartner);
                    }
                    AddBeginRow();
                    AddPrintDomain(data.Domain);
                    AddPrintDomain(trust.Domain);
                    AddCellText(TrustAnalyzer.GetTrustType(trust.TrustType));
                    AddCellText(TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes));
                    AddCellText(TrustAnalyzer.GetTrustDirection(trust.TrustDirection));
                    AddCellText(TrustAnalyzer.GetSIDFiltering(trust));
                    AddCellText(TrustAnalyzer.GetTGTDelegation(trust));
                    AddCellDate(trust.CreationDate);
                    AddCellText(trust.IsActive.ToString());
                    AddEndRow();
                }
            }
            AddEndTable();
            GenerateSubSection("Other discovered domains");
            AddBeginTable();
            AddHeaderText("From");
            AddHeaderText("Reachable domain");
            AddHeaderText("Discovered using");
            AddHeaderText("Netbios");
            AddHeaderText("Creation date");
            AddBeginTableData();
            foreach (HealthcheckData data in Report)
            {
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (trust.KnownDomains == null)
                    {
                        continue;
                    }
                    trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b)
                                            =>
                    {
                        return(String.Compare(a.DnsName, b.DnsName));
                    }
                                            );
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        AddBeginRow();
                        AddPrintDomain(data.Domain);
                        AddCellText(di.DnsName);
                        AddCellText(trust.TrustPartner);
                        AddCellText(di.NetbiosName);
                        AddCellDate(di.CreationDate);
                        AddEndRow();
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        AddBeginRow();
                        AddPrintDomain(data.Domain);
                        AddCellText(di.DnsName);
                        AddCellText("Unknown");
                        AddCellText(di.NetbiosName);
                        AddCellText("Unknown");
                        AddEndRow();
                    }
                }
            }

            AddEndTable();

            // prepare a SID map to locate unknown account
            SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>();

            GenerateSubSection("SID Map");
            AddBeginTable();
            AddHeaderText("Domain");
            AddHeaderText("Domain SID");
            AddBeginTableData();
            foreach (HealthcheckData data in Report)
            {
                if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid))
                {
                    sidmap.Add(data.DomainFQDN, data.DomainSid);
                }
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID))
                    {
                        sidmap.Add(trust.TrustPartner, trust.SID);
                    }
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (string domain in sidmap.Keys)
            {
                AddBeginRow();
                AddCellText(domain);
                AddCellText(sidmap[domain]);
                AddEndRow();
            }
            AddEndTable();
        }
Example #4
0
        public bool AnalysisTask <T>(string server) where T : IPingCastleReport
        {
            Trace.WriteLine("Working on " + server);
            if (server == "*" && InteractiveMode)
            {
                Trace.WriteLine("Setting reachable domains to on because interactive + server = *");
                AnalyzeReachableDomains = true;
            }
            if (server.Contains("*"))
            {
                List <string> domains = GetListOfDomainToExploreFromGenericName(server);
                int           i       = 1;

                foreach (var domain in domains)
                {
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("");
                    string display = "Starting the report for " + domain + " (" + i++ + "/" + domains.Count + ")";
                    Console.WriteLine(display);
                    Console.WriteLine(new String('=', display.Length));
                    Console.ResetColor();
                    PerformTheAnalysis <T>(domain);
                }
            }
            else
            {
                var data   = PerformTheAnalysis <T>(server);
                var hcData = data as HealthcheckData;
                // do additional exploration based on trust results ?
                if (hcData != null && (ExploreTerminalDomains || ExploreForestTrust))
                {
                    if (hcData.Trusts != null)
                    {
                        List <string> domainToExamine = new List <string>();
                        foreach (var trust in hcData.Trusts)
                        {
                            string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes);
                            string direction  = TrustAnalyzer.GetTrustDirection(trust.TrustDirection);
                            if (direction.Contains("Inbound") || direction.Contains("Disabled"))
                            {
                                continue;
                            }
                            if (attributes.Contains("Intra-Forest"))
                            {
                                continue;
                            }
                            // explore forest trust only if explore forest trust is set
                            if (attributes.Contains("Forest Trust"))
                            {
                                if (ExploreForestTrust)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                    if (trust.KnownDomains != null)
                                    {
                                        foreach (var di in trust.KnownDomains)
                                        {
                                            if (!ShouldTheDomainBeNotExplored(di.DnsName))
                                            {
                                                domainToExamine.Add(di.DnsName);
                                            }
                                        }
                                    }
                                }
                            }
                            else
                            {
                                if (ExploreTerminalDomains)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                }
                            }
                        }
                        Console.ForegroundColor = ConsoleColor.Yellow;
                        Console.WriteLine("List of domains that will be queried");
                        Console.ResetColor();
                        foreach (var domain in domainToExamine)
                        {
                            Console.WriteLine(domain);
                        }
                        foreach (string domain in domainToExamine)
                        {
                            PerformTheAnalysis <T>(domain);
                        }
                    }
                }
                return(hcData != null);
            }
            return(true);
        }
Example #5
0
        private void GenerateTrustInformation()
        {
            List <string> knowndomains = new List <string>();

            GenerateSubSection("Discovered domains");
            Add(@"
		<div class=""row"">
			<div class=""col-md-12 table-responsive"">
				<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
					<thead><tr>
						<th>Domain</th>
						<th>Trust Partner</th>
						<th>Type</th>
						<th>Attribut</th>
						<th>Direction</th>
						<th>SID Filtering active</th>
						<th>Creation</th>
						<th>Is Active ?</th>
						</tr>
					</thead>
					<tbody>
");
            foreach (HealthcheckData data in Report)
            {
                if (!knowndomains.Contains(data.DomainFQDN))
                {
                    knowndomains.Add(data.DomainFQDN);
                }
                data.Trusts.Sort(
                    (HealthCheckTrustData a, HealthCheckTrustData b)
                    =>
                {
                    return(String.Compare(a.TrustPartner, b.TrustPartner));
                }
                    );

                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!knowndomains.Contains(trust.TrustPartner))
                    {
                        knowndomains.Add(trust.TrustPartner);
                    }
                    Add(@"
						<tr>
							<td class='text'>"                             + PrintDomain(data.Domain) + @"</td>
							<td class='text'>"                             + PrintDomain(trust.Domain) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetTrustType(trust.TrustType) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetTrustDirection(trust.TrustDirection) + @"</td>
							<td class='text'>"                             + TrustAnalyzer.GetSIDFiltering(trust) + @"</td>
							<td class='text'>"                             + trust.CreationDate.ToString("u") + @"</td>
							<td class='text'>"                             + trust.IsActive + @"</td>
						</tr>
");
                }
            }
            Add(@"
					</tbody>
				</table>
			</div>
		</div>
");
            GenerateSubSection("Other discovered domains");
            Add(@"
		<div class=""row"">
			<div class=""col-md-12 table-responsive"">
				<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
					<thead><tr> 
						<th>From</th>
						<th>Reachable domain</th>
						<th>Via</th>
						<th>Netbios</th>
						<th>Creation date</th>
						</tr>
					</thead>
					<tbody>
");
            foreach (HealthcheckData data in Report)
            {
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (trust.KnownDomains == null)
                    {
                        continue;
                    }
                    trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b)
                                            =>
                    {
                        return(String.Compare(a.DnsName, b.DnsName));
                    }
                                            );
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        Add(@"
						<tr>
							<td class='text'>"                            );
                        Add(PrintDomain(data.Domain));
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(di.DnsName);
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(trust.TrustPartner);
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(di.NetbiosName);
                        Add(@"</td>
							<td class='text'>"                            );
                        Add(di.CreationDate);
                        Add(@"</td>
						</tr>
");
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (knowndomains.Contains(di.DnsName))
                        {
                            continue;
                        }
                        knowndomains.Add(di.DnsName);
                        Add(@"
						<tr>
							<td class='text'>"                            );
                        Add(PrintDomain(data.Domain));
                        Add(@"</td>
							<td class='text'>"                            );
                        AddEncoded(di.DnsName);
                        Add(@"</td>
							<td class='text'>Unknown</td>
							<td class='text'>"                            );
                        AddEncoded(di.NetbiosName);
                        Add(@"</td>
							<td class='text'>Unknown</td>
						</tr>
");
                    }
                }
            }

            Add(@"
					</tbody>
				</table>
			</div>
		</div>
");

            // prepare a SID map to locate unknown account
            SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>();

            GenerateSubSection("SID Map");
            Add(@"
		<div class=""row"">
			<div class=""col-md-12 table-responsive"">
				<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
					<thead><tr>
						<th>Domain</th>
						<th>Domain SID</th>
						</tr>
					</thead>
					<tbody>
");
            foreach (HealthcheckData data in Report)
            {
                if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid))
                {
                    sidmap.Add(data.DomainFQDN, data.DomainSid);
                }
                foreach (HealthCheckTrustData trust in data.Trusts)
                {
                    if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID))
                    {
                        sidmap.Add(trust.TrustPartner, trust.SID);
                    }
                    foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (HealthcheckData data in Report)
            {
                if (data.ReachableDomains != null)
                {
                    foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
                    {
                        if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
                        {
                            sidmap.Add(di.DnsName, di.Sid);
                        }
                    }
                }
            }
            foreach (string domain in sidmap.Keys)
            {
                Add(@"
						<tr>
							<td class='text'>"                            );
                AddEncoded(domain);
                Add(@"</td>
							<td class='text'>"                            );
                Add(sidmap[domain]);
                Add(@"</td>
						</tr>
");
            }
            Add(@"
					</tbody>
				</table>
			</div>
		</div>
");
        }
Example #6
0
        public bool HeatlthCheckTask(string server, Dictionary <string, string> xmlreports, Dictionary <string, string> htmlreports)
        {
            Trace.WriteLine("Working on " + server);
            if (server == "*" && InteractiveMode)
            {
                Trace.WriteLine("Setting reachable domains to on because interactive + server = *");
                AnalyzeReachableDomains = true;
            }
            if (server.Contains("*"))
            {
                List <HealthcheckAnalyzer.ReachableDomainInfo> domains = null;
                StartTask("Exploration",
                          () =>
                {
                    HealthcheckAnalyzer hcroot = new HealthcheckAnalyzer();
                    domains = hcroot.GetAllReachableDomains(ADWSPort, Credential);
                    List <HealthcheckAnalyzer.ReachableDomainInfo> domainsfiltered = new List <HealthcheckAnalyzer.ReachableDomainInfo>();
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("List of domains that will be queried");
                    Console.ResetColor();
                    foreach (var domain in domains)
                    {
                        if (compareStringWithWildcard(server, domain.domain) && !ShouldTheDomainBeNotExplored(domain.domain))
                        {
                            domainsfiltered.Add(domain);
                            Console.WriteLine(domain.domain);
                        }
                    }
                    domains = domainsfiltered;
                });
                int i = 1;

                foreach (var domain in domains)
                {
                    Console.ForegroundColor = ConsoleColor.Yellow;
                    Console.WriteLine("");
                    string display = "Starting the report for " + domain.domain + " (" + i++ + "/" + domains.Count + ")";
                    Console.WriteLine(display);
                    Console.WriteLine(new String('=', display.Length));
                    Console.ResetColor();
                    HealthcheckData hcData;
                    HealthcheckSubTask(domain.domain, xmlreports, htmlreports, AnalyzeReachableDomains, out hcData);
                }
            }
            else
            {
                HealthcheckData hcData;
                bool            output = HealthcheckSubTask(server, xmlreports, htmlreports, AnalyzeReachableDomains, out hcData);
                // do additional exploration based on trust results ?
                if (output && (ExploreTerminalDomains || ExploreForestTrust))
                {
                    if (hcData.Trusts != null)
                    {
                        List <string> domainToExamine = new List <string>();
                        foreach (var trust in hcData.Trusts)
                        {
                            string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes);
                            string direction  = TrustAnalyzer.GetTrustDirection(trust.TrustDirection);
                            if (direction.Contains("Inbound") || direction.Contains("Disabled"))
                            {
                                continue;
                            }
                            if (attributes.Contains("Intra-Forest"))
                            {
                                continue;
                            }
                            // explore forest trust only if explore forest trust is set
                            if (attributes.Contains("Forest Trust"))
                            {
                                if (ExploreForestTrust)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                    if (trust.KnownDomains != null)
                                    {
                                        foreach (var di in trust.KnownDomains)
                                        {
                                            if (!ShouldTheDomainBeNotExplored(di.DnsName))
                                            {
                                                domainToExamine.Add(di.DnsName);
                                            }
                                        }
                                    }
                                }
                            }
                            else
                            {
                                if (ExploreTerminalDomains)
                                {
                                    if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
                                    {
                                        domainToExamine.Add(trust.TrustPartner);
                                    }
                                }
                            }
                        }
                        Console.ForegroundColor = ConsoleColor.Yellow;
                        Console.WriteLine("List of domains that will be queried");
                        Console.ResetColor();
                        foreach (var domain in domainToExamine)
                        {
                            Console.WriteLine(domain);
                        }
                        foreach (string domain in domainToExamine)
                        {
                            HealthcheckData hcDataTemp;
                            HealthcheckSubTask(domain, xmlreports, htmlreports, AnalyzeReachableDomains, out hcDataTemp);
                        }
                    }
                }
                return(output);
            }
            return(true);
        }