public async Task ComputerSessionProcessor_ReadUserSessions_ResolvesLocalHostEquivalent() { var mockNativeMethods = new Mock <NativeMethods>(); var apiResult = new NativeMethods.SESSION_INFO_10[] { new() { sesi10_username = "******", sesi10_cname = "\\\\127.0.0.1" } }; mockNativeMethods.Setup(x => x.CallNetSessionEnum(It.IsAny <string>())).Returns(apiResult); var expected = new Session[] { new() { ComputerSID = _computerSid, UserSID = "S-1-5-21-3130019616-2776909439-2417379446-2116" } }; var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object); var result = await processor.ReadUserSessions("win10", _computerSid, _computerDomain); Assert.True(result.Collected); Assert.Equal(expected, result.Results); }
public async Task ComputerSessionProcessor_ReadUserSessions_FilteringWorks() { var mockNativeMethods = new Mock <NativeMethods>(); var apiResult = new NativeMethods.SESSION_INFO_10[] { new() { sesi10_username = "******", sesi10_cname = "\\\\192.168.92.110" }, new() { sesi10_cname = "", sesi10_username = "******" }, new() { sesi10_username = "******", sesi10_cname = "\\\\192.168.92.110" } }; mockNativeMethods.Setup(x => x.CallNetSessionEnum(It.IsAny <string>())).Returns(apiResult); var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object); var result = await processor.ReadUserSessions("win10", _computerSid, _computerDomain); Assert.True(result.Collected); Assert.Empty(result.Results); }
public async Task ComputerSessionProcessor_ReadUserSessions_MultipleMatches_AddsAll() { var mockNativeMethods = new Mock <NativeMethods>(); var apiResult = new NativeMethods.SESSION_INFO_10[] { new() { sesi10_username = "******", sesi10_cname = "\\\\127.0.0.1" } }; mockNativeMethods.Setup(x => x.CallNetSessionEnum(It.IsAny <string>())).Returns(apiResult); var expected = new Session[] { new() { ComputerSID = _computerSid, UserSID = "S-1-5-21-3130019616-2776909439-2417379446-500" }, new() { ComputerSID = _computerSid, UserSID = "S-1-5-21-3084884204-958224920-2707782874-500" } }; var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object); var result = await processor.ReadUserSessions("win10", _computerSid, _computerDomain); Assert.True(result.Collected); Assert.Equal(expected, result.Results); }
public async Task ComputerSessionProcessor_ReadUserSessionsPrivileged_ComputerAccessDenied_ExceptionCaught() { var mockNativeMethods = new Mock <NativeMethods>(); //mockNativeMethods.Setup(x => x.CallSamConnect(ref It.Ref<NativeMethods.UNICODE_STRING>.IsAny, out It.Ref<IntPtr>.IsAny, It.IsAny<NativeMethods.SamAccessMasks>(), ref It.Ref<NativeMethods.OBJECT_ATTRIBUTES>.IsAny)).Returns(NativeMethods.NtStatus.StatusAccessDenied); var ex = new APIException { Status = NativeMethods.NERR.ERROR_ACCESS_DENIED.ToString() }; mockNativeMethods.Setup(x => x.CallNetWkstaUserEnum(It.IsAny <string>())).Throws(ex); var processor = new ComputerSessionProcessor(new MockLDAPUtils(), "dfm", mockNativeMethods.Object); var test = processor.ReadUserSessionsPrivileged("test", "test", "test"); Assert.False(test.Collected); Assert.Equal(NativeMethods.NERR.ERROR_ACCESS_DENIED.ToString(), test.FailureReason); }
public ObjectProcessors(IContext context, ILogger log) { _context = context; _aclProcessor = new ACLProcessor(context.LDAPUtils); _spnProcessor = new SPNProcessors(context.LDAPUtils); _ldapPropertyProcessor = new LDAPPropertyProcessor(context.LDAPUtils); _domainTrustProcessor = new DomainTrustProcessor(context.LDAPUtils); _computerAvailability = new ComputerAvailability(context.PortScanTimeout, skipPortScan: context.Flags.SkipPortScan, skipPasswordCheck: context.Flags.SkipPasswordAgeCheck); _computerSessionProcessor = new ComputerSessionProcessor(context.LDAPUtils); _groupProcessor = new GroupProcessor(context.LDAPUtils); _containerProcessor = new ContainerProcessor(context.LDAPUtils); _gpoLocalGroupProcessor = new GPOLocalGroupProcessor(context.LDAPUtils); _methods = context.ResolvedCollectionMethods; _cancellationToken = context.CancellationTokenSource.Token; _log = log; }
public async Task ComputerSessionProcessor_ReadUserSessionsPrivileged_FilteringWorks() { var mockNativeMethods = new Mock <NativeMethods>(); const string samAccountName = "WIN10"; //This is a sample response from a computer in a test environment. The duplicates are intentional var apiResults = new NativeMethods.WKSTA_USER_INFO_1[] { new() { wkui1_logon_domain = "TESTLAB", wkui1_logon_server = "PRIMARY", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "PRIMARY", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "", wkui1_logon_server = "PRIMARY", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "TESTLAB", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "TESTLAB", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "TESTLAB", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "TESTLAB", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "WIN10", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "NT AUTHORITY", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" }, new() { wkui1_logon_domain = "TESTLAB", wkui1_logon_server = "", wkui1_oth_domains = "", wkui1_username = "******" } }; mockNativeMethods.Setup(x => x.CallNetWkstaUserEnum(It.IsAny <string>())).Returns(apiResults); var expected = new Session[] { new() { ComputerSID = _computerSid, UserSID = "S-1-5-21-3130019616-2776909439-2417379446-1105" }, new() { ComputerSID = _computerSid, UserSID = "S-1-5-21-3130019616-2776909439-2417379446-500" } }; var processor = new ComputerSessionProcessor(new MockLDAPUtils(), nativeMethods: mockNativeMethods.Object); var test = processor.ReadUserSessionsPrivileged("WIN10.TESTLAB.LOCAL", samAccountName, _computerSid); Assert.True(test.Collected); _testOutputHelper.WriteLine(JsonConvert.SerializeObject(test.Results)); Assert.Equal(2, test.Results.Length); Assert.Equal(expected, test.Results); } } }