public void addLinesFromFile(string path, MicrosoftService subdomainSvc)
{
var assembly = Assembly.GetExecutingAssembly();
string resource = "sLYNCy_WPF.DomainEnumeration.Subdomains." + path + ".txt";
using (Stream resourceStream = assembly.GetManifestResourceStream(resource))
{
if (resourceStream == null)
{
UI.ThreadSafeAppendLog("[4]NULL LINES");
}
else
{
using (StreamReader reader = new StreamReader(resourceStream))
{
string line;
while ((line = reader.ReadLine()) != null)
{
string subdomainLine = line + "." + targetDomain;
if (validatedSubdomains.Contains(subdomainLine))
{
}
else
{
subdomains.Add(new SubdomainLookup()
{
subdomain = subdomainLine, subdomainService = subdomainSvc
});
}
}
}
}
}
}
private async void ValidateUser(object sender, EventArgs e)
{
var Button = FindViewById <Button>(Resource.Id.ValidateButton);
Button.Enabled = false;
var Email = FindViewById <EditText>(Resource.Id.EmailEditText);
var Password = FindViewById <EditText>(Resource.Id.PasswordEditText);
var Result = await HackAtHomeService.AutenticateAsync(Email.Text, Password.Text);
try
{
if (Result.Status == Status.Success)
{
var MicrosoftEvidence = new LabItem
{
Email = Email.Text,
Lab = "Hack@Home",
DeviceId = Android.Provider.Settings
.Secure.GetString(ContentResolver, Android.Provider.Settings.Secure.AndroidId)
};
var MicrosoftClient = new MicrosoftService();
await MicrosoftClient.SendEvidence(MicrosoftEvidence);
var Intent = new Android.Content.Intent(this, typeof(MainActivity));
Intent.PutExtra("Name", Result.FullName);
Intent.PutExtra("Token", Result.Token);
StartActivity(Intent);
}
else
{
HelperMessage.MakeAlert(this, "Error", "Usuario no válido");
}
}
catch (Exception ex)
{
HelperMessage.MakeAlert(this, "Error", ex.Message);
}
Button.Enabled = true;
}
public static void AddServiceToOptions(MainWindow UI, MicrosoftService service, bool userEnum, bool passSpray)
{
UI.Dispatcher.Invoke(() =>
{
//Add any service - enable enum/pass spray tabs
if (userEnum)
{
UI.LyncEnabled = 1;
}
if (passSpray)
{
UI.PasswordSprayEnabled = 1;
}
switch (service)
{
case MicrosoftService.Skype:
if (UI.UserEnumSurfacePicker.Items.Contains("Skype"))
{
}
else
{
//Add and select on all forms
if (userEnum)
{
UI.UserEnumSurfacePicker.Items.Add("Skype");
UI.UserEnumSurfacePicker.SelectedItem = "Skype";
}
}
if (UI.PasswordSpraySurfacePicker.Items.Contains("Skype"))
{
}
else
{
if (passSpray)
{
//Add and select on all forms
UI.PasswordSpraySurfacePicker.Items.Add("Skype");
UI.PasswordSpraySurfacePicker.SelectedItem = "Skype";
}
}
break;
case MicrosoftService.Office365:
if (UI.UserEnumSurfacePicker.Items.Contains("O365"))
{
}
else
{
//Add and select on all forms
if (userEnum)
{
UI.UserEnumSurfacePicker.Items.Add("O365");
UI.UserEnumSurfacePicker.SelectedItem = "O365";
}
}
if (UI.PasswordSpraySurfacePicker.Items.Contains("O365"))
{
}
else
{
//Select last added
if (passSpray)
{
UI.PasswordSpraySurfacePicker.Items.Add("O365");
UI.PasswordSpraySurfacePicker.SelectedItem = "O365";
}
}
if (passSpray == false)
{
UI.ThreadSafeAppendLog("[1]The organisation O365 was found to be federated, you can enumerate users, but password spraying must hit the organisation's ADFS server, not the O365 portal...");
UI.ThreadSafeAppendLog("[1]O365 has therefore not been added to the Password Spray tab available surfaces...");
}
break;
case MicrosoftService.RDWeb:
if (UI.UserEnumSurfacePicker.Items.Contains("RDWeb"))
{
}
else
{
//Add and select on all forms
if (userEnum)
{
UI.UserEnumSurfacePicker.Items.Add("RDWeb");
UI.UserEnumSurfacePicker.SelectedItem = "RDWeb";
}
}
if (UI.PasswordSpraySurfacePicker.Items.Contains("RDWeb"))
{
}
else
{
//Select last added
if (passSpray)
{
UI.PasswordSpraySurfacePicker.Items.Add("RDWeb");
UI.PasswordSpraySurfacePicker.SelectedItem = "RDWeb";
}
}
break;
case MicrosoftService.Exchange:
if (UI.UserEnumSurfacePicker.Items.Contains("Exchange"))
{
}
else
{
//Add and select on all forms
if (userEnum)
{
UI.UserEnumSurfacePicker.Items.Add("Exchange");
UI.UserEnumSurfacePicker.SelectedItem = "Exchange";
}
}
if (UI.PasswordSpraySurfacePicker.Items.Contains("Exchange"))
{
}
else
{
//Select last added
if (passSpray)
{
UI.PasswordSpraySurfacePicker.Items.Add("Exchange");
UI.PasswordSpraySurfacePicker.SelectedItem = "Exchange";
}
}
break;
case MicrosoftService.ADFS:
if (UI.UserEnumSurfacePicker.Items.Contains("ADFS"))
{
}
else
{
//Add and select on all forms
if (userEnum)
{
UI.UserEnumSurfacePicker.Items.Add("ADFS");
UI.UserEnumSurfacePicker.SelectedItem = "ADFS";
}
}
if (UI.PasswordSpraySurfacePicker.Items.Contains("ADFS"))
{
}
else
{
//Select last added
if (passSpray)
{
UI.PasswordSpraySurfacePicker.Items.Add("ADFS");
UI.PasswordSpraySurfacePicker.SelectedItem = "ADFS";
}
}
break;
case MicrosoftService.Exchange2007:
if (UI.UserEnumSurfacePicker.Items.Contains("Exchange2007"))
{
}
else
{
//Add and select on all forms
if (userEnum)
{
UI.UserEnumSurfacePicker.Items.Add("Exchange2007");
UI.UserEnumSurfacePicker.SelectedItem = "Exchange2007";
}
}
if (UI.PasswordSpraySurfacePicker.Items.Contains("Exchange2007"))
{
}
else
{
//Select last added
if (passSpray)
{
UI.PasswordSpraySurfacePicker.Items.Add("Exchange2007");
UI.PasswordSpraySurfacePicker.SelectedItem = "Exchange2007";
}
}
break;
}
});
}
public ActionResult MicrosoftLogin()
{
var resultMessage = new GenericMessageViewModel();
var input = new
{
Code = AuthCode,
State = AuthState,
Error = new
{
HasError = !String.IsNullOrWhiteSpace(AuthError),
Text = AuthError,
ErrorDescription = AuthErrorDescription
}
};
// Get the prevalue options
if (string.IsNullOrEmpty(SiteConstants.Instance.MicrosoftAppId) ||
string.IsNullOrEmpty(SiteConstants.Instance.MicrosoftAppSecret))
{
resultMessage.Message = "You need to add the Microsoft app credentials to the web.config";
resultMessage.MessageType = GenericMessages.danger;
}
else
{
var client = new MicrosoftOAuthClient
{
ClientId = SiteConstants.Instance.MicrosoftAppId,
ClientSecret = SiteConstants.Instance.MicrosoftAppSecret,
RedirectUri = ReturnUrl
};
// Session expired?
if (input.State != null && Session["MVCForum_" + input.State] == null)
{
resultMessage.Message = "Session Expired";
resultMessage.MessageType = GenericMessages.danger;
}
// Check whether an error response was received from Microsoft
if (input.Error.HasError)
{
Session.Remove("MVCForum_" + input.State);
resultMessage.Message = AuthErrorDescription;
resultMessage.MessageType = GenericMessages.danger;
}
// Redirect the user to the Microsoft login dialog
if (string.IsNullOrWhiteSpace(input.Code))
{
// Generate a new unique/random state
var state = Guid.NewGuid().ToString();
// Save the state in the current user session
Session["MVCForum_" + state] = "/";
// Construct the authorization URL
var url = client.GetAuthorizationUrl(state, WindowsLiveScopes.Emails + WindowsLiveScopes.Birthday);
// Redirect the user
return(Redirect(url));
}
// Exchange the authorization code for an access token
MicrosoftTokenResponse accessTokenResponse;
try
{
Session.Remove("MVCForum_" + input.State);
accessTokenResponse = client.GetAccessTokenFromAuthCode(input.Code);
}
catch (Exception ex)
{
accessTokenResponse = null;
resultMessage.Message = $"Unable to acquire access token<br/>{ex.Message}";
resultMessage.MessageType = GenericMessages.danger;
}
try
{
if (string.IsNullOrEmpty(resultMessage.Message) || accessTokenResponse != null)
{
//MicrosoftScope debug = accessTokenResponse.Body.Scope.Items;
//accessTokenResponse.Body.AccessToken
//foreach (MicrosoftScope scope in accessTokenResponse.Body.Scope.Items) {
// scope
//}
//accessTokenResponse.Response.Body
// Initialize a new MicrosoftService so we can make calls to the API
var service = MicrosoftService.CreateFromAccessToken(accessTokenResponse.Body.AccessToken);
// Make the call to the Windows Live API / endpoint
var response = service.WindowsLive.GetSelf();
// Get a reference to the response body
var user = response.Body;
var getEmail = !string.IsNullOrWhiteSpace(user.Emails?.Preferred);
if (!getEmail)
{
resultMessage.Message = LocalizationService.GetResourceString("Members.UnableToGetEmailAddress");
resultMessage.MessageType = GenericMessages.danger;
ShowMessage(resultMessage);
return(RedirectToAction("LogOn", "Members"));
}
using (UnitOfWorkManager.NewUnitOfWork())
{
var userExists = MembershipService.GetUserByEmail(user.Emails.Preferred);
if (userExists != null)
{
try
{
// Users already exists, so log them in
FormsAuthentication.SetAuthCookie(userExists.UserName, true);
resultMessage.Message = LocalizationService.GetResourceString("Members.NowLoggedIn");
resultMessage.MessageType = GenericMessages.success;
ShowMessage(resultMessage);
return(RedirectToAction("Index", "Home"));
}
catch (Exception ex)
{
LoggingService.Error(ex);
}
}
else
{
// Not registered already so register them
var viewModel = new MemberAddViewModel
{
Email = user.Emails.Preferred,
LoginType = LoginType.Microsoft,
Password = StringUtils.RandomString(8),
UserName = user.Name,
UserAccessToken = accessTokenResponse.Body.AccessToken,
SocialProfileImageUrl = $"https://apis.live.net/v5.0/{user.Id}/picture"
};
//var uri = string.Concat("https://apis.live.net/v5.0/me?access_token=",viewModel.UserAccessToken);
//using (var dl = new WebClient())
//{
// var profile = JObject.Parse(dl.DownloadString(uri));
// var pictureUrl = ;
// if (!string.IsNullOrEmpty(pictureUrl))
// {
// //viewModel.SocialProfileImageUrl = getImageUrl;
// }
//}
// Store the viewModel in TempData - Which we'll use in the register logic
TempData[AppConstants.MemberRegisterViewModel] = viewModel;
return(RedirectToAction("SocialLoginValidator", "Members"));
}
}
}
else
{
resultMessage.MessageType = GenericMessages.danger;
ShowMessage(resultMessage);
return(RedirectToAction("LogOn", "Members"));
}
}
catch (Exception ex)
{
resultMessage.Message = $"Unable to get user information<br/>{ex.Message}";
resultMessage.MessageType = GenericMessages.danger;
LoggingService.Error(ex);
}
}
ShowMessage(resultMessage);
return(RedirectToAction("LogOn", "Members"));
}
public static void Add(CredentialsRecord record, ObservableCollection <CredentialsRecord> accessTokens, MainWindow UI, MicrosoftService service)
{
try
{
//Will these count as same object? Might have matching properties - but created in two separate places - might need to match on values
App.Current.Dispatcher.Invoke((Action) delegate
{
//Unlock EnumerateUsers for PassSpray - as this is just definitely adding a user
MainWindow.SetDoWeHaveEnumeratedUsers(true);
if (record.Password != "" && record.Password != null)
{
MainWindow.SetDoWeHaveAnyUserAndPass(true);
}
//If record already exists with same username - grab that record and update as necessary
if (accessTokens.Any(p => p.Username == record.Username))
{
int changed = 0;
//SHOULD ONLY BE ONE RECORD WITH MATCHING USERNAME
IEnumerable <CredentialsRecord> alreadyExists = accessTokens.Where(x => x.Username == record.Username);
CredentialsRecord updateMe = alreadyExists.First();
//If the record we are trying to add has a password - get the existing record with matching username
//These are just updating all if record has it - then saving - not actually checking that it doesn't match what's already in
if (record.Password != null && record.Password != "")
{
//JUST UPDATE PASSWORD - EITHER WILL BE SAME OR WE'VE FOUND IT CHANGED NOW
updateMe.Password = record.Password;
changed++;
}
if (record.MFA != null && record.MFA != "")
{
updateMe.MFA = record.MFA;
changed++;
}
if (record.PasswordExpired != null && record.PasswordExpired != "")
{
updateMe.PasswordExpired = record.PasswordExpired;
changed++;
}
if (record.ServerError != null && record.ServerError != "")
{
updateMe.ServerError = record.ServerError;
changed++;
}
if (record.AccountDisabled != null && record.AccountDisabled != "")
{
updateMe.AccountDisabled = record.AccountDisabled;
changed++;
}
if (record.SipEnabled != null && record.SipEnabled != "")
{
updateMe.SipEnabled = record.SipEnabled;
changed++;
}
//UPDATE RECORD TO BE SERVICE WE LAST HIT - IF WE ENUMMED IN EXCHANGE - THEN SPRAYED IN LYNC AND GOT PASSWORD
//IS NOW LYNC
if (updateMe.Service != record.Service)
{
updateMe.Service = record.Service;
changed++;
}
//I don't fully know why this checks for record.password as well? Might have had a reason? Though also - no harm? Can't think how
//I'd get a new token with no password?
if (record.Token != null && record.Password != "")
{
updateMe.Token = record.Token;
changed++;
}
if (changed > 0)
{
UI.saveValidUsersAndCreds(null, SaveType.autoLog);
}
}
else
{
accessTokens.Add(record);
UI.saveValidUsersAndCreds(null, SaveType.autoLog);
}
});
}
catch (Exception e)
{
}
}
internal WindowsLiveEndpoint(MicrosoftService service) {
Service = service;
}
public ActionResult MicrosoftLogin()
{
var resultMessage = new GenericMessageViewModel();
var input = new
{
Code = AuthCode,
State = AuthState,
Error = new
{
HasError = !string.IsNullOrWhiteSpace(AuthError),
Text = AuthError,
ErrorDescription = AuthErrorDescription
}
};
// Get the prevalue options
if (string.IsNullOrEmpty(Dialogue.Settings().MicrosoftAppId) ||
string.IsNullOrEmpty(Dialogue.Settings().MicrosoftAppSecret))
{
resultMessage.Message = "You need to add the Microsoft app credentials to the web.config";
resultMessage.MessageType = GenericMessages.Danger;
}
else
{
var client = new MicrosoftOAuthClient
{
ClientId = Dialogue.Settings().MicrosoftAppId,
ClientSecret = Dialogue.Settings().MicrosoftAppSecret,
RedirectUri = ReturnUrl
};
// Session expired?
if (input.State != null && Session["Dialogue_" + input.State] == null)
{
resultMessage.Message = "Session Expired";
resultMessage.MessageType = GenericMessages.Danger;
}
// Check whether an error response was received from Microsoft
if (input.Error.HasError)
{
Session.Remove("Dialogue_" + input.State);
resultMessage.Message = AuthErrorDescription;
resultMessage.MessageType = GenericMessages.Danger;
}
// Redirect the user to the Microsoft login dialog
if (string.IsNullOrWhiteSpace(input.Code))
{
// Generate a new unique/random state
var state = Guid.NewGuid().ToString();
// Save the state in the current user session
Session["Dialogue_" + state] = "/";
// Construct the authorization URL
var url = client.GetAuthorizationUrl(state, WindowsLiveScopes.Emails + WindowsLiveScopes.Birthday);
// Redirect the user
return(Redirect(url));
}
// Exchange the authorization code for an access token
MicrosoftTokenResponse accessTokenResponse;
try
{
Session.Remove("Dialogue_" + input.State);
accessTokenResponse = client.GetAccessTokenFromAuthCode(input.Code);
}
catch (Exception ex)
{
accessTokenResponse = null;
resultMessage.Message = $"Unable to acquire access token<br/>{ex.Message}";
resultMessage.MessageType = GenericMessages.Danger;
}
try
{
if (string.IsNullOrEmpty(resultMessage.Message) || accessTokenResponse != null)
{
//MicrosoftScope debug = accessTokenResponse.Body.Scope.Items;
// Initialize a new MicrosoftService so we can make calls to the API
var service = MicrosoftService.CreateFromAccessToken(accessTokenResponse.Body.AccessToken);
// Make the call to the Windows Live API / endpoint
var response = service.WindowsLive.GetSelf();
// Get a reference to the response body
var user = response.Body;
var getEmail = !string.IsNullOrWhiteSpace(user.Emails?.Preferred);
if (!getEmail)
{
resultMessage.Message = "Unable to get email address from Microsoft account";
resultMessage.MessageType = GenericMessages.Danger;
ShowMessage(resultMessage);
return(RedirectToUmbracoPage(Dialogue.Settings().ForumId));
}
using (UnitOfWorkManager.NewUnitOfWork())
{
var userExists = AppHelpers.UmbServices().MemberService.GetByEmail(user.Emails.Preferred);
if (userExists != null)
{
try
{
// Update access token
userExists.Properties[AppConstants.PropMemberMicrosoftAccessToken].Value = accessTokenResponse.Body.AccessToken;
AppHelpers.UmbServices().MemberService.Save(userExists);
// Users already exists, so log them in
FormsAuthentication.SetAuthCookie(userExists.Username, true);
resultMessage.Message = Lang("Members.NowLoggedIn");
resultMessage.MessageType = GenericMessages.Success;
}
catch (Exception ex)
{
AppHelpers.LogError(ex);
}
}
else
{
// Not registered already so register them
var viewModel = new RegisterViewModel
{
Email = user.Emails.Preferred,
LoginType = LoginType.Microsoft,
Password = AppHelpers.RandomString(8),
UserName = user.Name,
SocialProfileImageUrl = $"https://apis.live.net/v5.0/{user.Id}/picture",
UserAccessToken = accessTokenResponse.Body.AccessToken
};
return(RedirectToAction("MemberRegisterLogic", "DialogueRegister", viewModel));
}
}
}
else
{
resultMessage.MessageType = GenericMessages.Danger;
}
}
catch (Exception ex)
{
resultMessage.Message = $"Unable to get user information<br/>{ex.Message}";
resultMessage.MessageType = GenericMessages.Danger;
}
}
ShowMessage(resultMessage);
return(RedirectToUmbracoPage(Dialogue.Settings().ForumId));
}
internal WindowsLiveEndpoint(MicrosoftService service)
{
Service = service;
}
