/// <summary>
/// Adds a callback for a particular symbol that will be called
/// at evaluation time when that symbol is evaluated.
/// </summary>
/// <remarks>
/// Useful for programmatically executing customized evaluation for non-DScript
/// resolvers
/// </remarks>
public static void AddEvaluationCallbackToFileModule(
FileModuleLiteral fileModule,
Func <Context, ModuleLiteral, EvaluationStackFrame, Task <EvaluationResult> > evaluationCallback,
FullSymbol symbol,
int position)
{
var sourceFilePath = fileModule.Path;
var outputResolvedEntry = new ResolvedEntry(
symbol,
(Context context, ModuleLiteral env, EvaluationStackFrame args) => evaluationCallback(context, env, args),
// The following position is a contract right now with he generated ast in the workspace resolver
// we have to find a nicer way to handle and register these.
TypeScript.Net.Utilities.LineInfo.FromLineAndPosition(0, position)
);
fileModule.AddResolvedEntry(symbol, outputResolvedEntry);
fileModule.AddResolvedEntry(new FilePosition(position, sourceFilePath), outputResolvedEntry);
}
internal static ResolvedEntry ResolveAdEntry(this SearchResultEntry result)
{
var entry = new ResolvedEntry();
var accountName = result.GetProp("samaccountname");
var distinguishedName = result.DistinguishedName;
var accountType = result.GetProp("samaccounttype");
if (distinguishedName == null)
{
return(null);
}
var domainName = Utils.ConvertDnToDomain(distinguishedName);
if (Groups.Contains(accountType))
{
entry.BloodHoundDisplay = $"{accountName}@{domainName}".ToUpper();
entry.ObjectType = "group";
return(entry);
}
if (Users.Contains(accountType))
{
entry.BloodHoundDisplay = $"{accountName}@{domainName}".ToUpper();
entry.ObjectType = "user";
return(entry);
}
if (Computers.Contains(accountType))
{
var shortName = accountName?.TrimEnd('$');
var dnshostname = result.GetProp("dnshostname");
if (dnshostname == null)
{
bool hostFound;
if (domainName.Equals(_primaryDomain, StringComparison.CurrentCultureIgnoreCase))
{
hostFound = DnsManager.HostExistsDns(shortName, out dnshostname);
if (!hostFound)
{
hostFound = DnsManager.HostExistsDns($"{shortName}.{domainName}", out dnshostname);
}
}
else
{
hostFound = DnsManager.HostExistsDns($"{shortName}.{domainName}", out dnshostname);
if (!hostFound)
{
hostFound = DnsManager.HostExistsDns(shortName, out dnshostname);
}
}
if (!hostFound)
{
return(null);
}
}
entry.BloodHoundDisplay = dnshostname;
entry.ObjectType = "computer";
entry.ComputerSamAccountName = shortName;
return(entry);
}
if (accountType == null)
{
var objClass = result.GetPropArray("objectClass");
if (objClass.Contains("groupPolicyContainer"))
{
entry.BloodHoundDisplay = $"{result.GetProp("displayname")}@{domainName}";
entry.ObjectType = "gpo";
return(entry);
}
if (objClass.Contains("organizationalUnit"))
{
entry.BloodHoundDisplay = $"{result.GetProp("name")}@{domainName}";
entry.ObjectType = "ou";
return(entry);
}
if (objClass.Contains("container"))
{
entry.BloodHoundDisplay = domainName;
entry.ObjectType = "container";
return(entry);
}
}
else
{
if (accountType.Equals("805306370"))
{
return(null);
}
}
entry.BloodHoundDisplay = domainName;
entry.ObjectType = "domain";
return(entry);
}
/// <inheritdoc />
public Task <bool?> TryConvertModuleToEvaluationAsync(IModuleRegistry moduleRegistry, ParsedModule module, IWorkspace workspace)
{
if (!string.Equals(module.Descriptor.ResolverName, Name, StringComparison.Ordinal))
{
return(Task.FromResult <bool?>(null));
}
var downloadData = m_workspaceResolver.Downloads[module.Descriptor.Name];
var package = CreatePackage(module.Definition);
Contract.Assert(module.Specs.Count == 1, "This resolver generated the module, so we expect a single spec.");
var sourceKv = module.Specs.First();
var sourceFilePath = sourceKv.Key;
var sourceFile = sourceKv.Value;
var currentFileModule = ModuleLiteral.CreateFileModule(
sourceFilePath,
moduleRegistry,
package,
sourceFile.LineMap);
// Download
var downloadSymbol = FullSymbol.Create(m_context.SymbolTable, "download");
var downloadResolvedEntry = new ResolvedEntry(
downloadSymbol,
(Context context, ModuleLiteral env, EvaluationStackFrame args) => DownloadFile(downloadData),
// The following position is a contract right now iwtht he generated ast in the workspace resolver
// we have to find a nicer way to handle and register these.
TypeScript.Net.Utilities.LineInfo.FromLineAndPosition(0, 1)
);
currentFileModule.AddResolvedEntry(downloadSymbol, downloadResolvedEntry);
currentFileModule.AddResolvedEntry(new FilePosition(1, sourceFilePath), downloadResolvedEntry);
// Contents.All
var extractedSymbol = FullSymbol.Create(m_context.SymbolTable, "extracted");
var contentsResolvedEntry = new ResolvedEntry(
extractedSymbol,
(Context context, ModuleLiteral env, EvaluationStackFrame args) => ExtractFile(downloadData),
// The following position is a contract right now iwtht he generated ast in the workspace resolver
// we have to find a nicer way to handle and register these.
TypeScript.Net.Utilities.LineInfo.FromLineAndPosition(0, 3)
);
currentFileModule.AddResolvedEntry(extractedSymbol, contentsResolvedEntry);
currentFileModule.AddResolvedEntry(new FilePosition(3, sourceFilePath), contentsResolvedEntry);
var moduleInfo = new UninstantiatedModuleInfo(
// We can register an empty one since we have the module populated properly
new SourceFile(
sourceFilePath,
new Declaration[]
{
}),
currentFileModule,
m_context.QualifierTable.EmptyQualifierSpaceId);
moduleRegistry.AddUninstantiatedModuleInfo(moduleInfo);
return(Task.FromResult <bool?>(true));
}
internal static ResolvedEntry ResolveAdEntry(this SearchResultEntry result, bool bypassDns = false)
{
var entry = new ResolvedEntry();
var accountName = result.GetProp("samaccountname");
var distinguishedName = result.DistinguishedName;
var accountType = result.GetProp("samaccounttype");
if (distinguishedName == null)
{
return(null);
}
var domainName = Utils.ConvertDnToDomain(distinguishedName);
if (MappedPrincipal.GetCommon(result.GetSid(), out var temp))
{
return(new ResolvedEntry
{
IngestCacheDisplay = $"{temp.PrincipalName}@{domainName}".ToUpper(),
ObjectType = temp.ObjectType
});
}
if (Groups.Contains(accountType))
{
entry.IngestCacheDisplay = $"{accountName}@{domainName}".ToUpper();
entry.ObjectType = "group";
return(entry);
}
if (Users.Contains(accountType))
{
entry.IngestCacheDisplay = $"{accountName}@{domainName}".ToUpper();
entry.ObjectType = "user";
return(entry);
}
if (Computers.Contains(accountType))
{
var shortName = accountName?.TrimEnd('$');
var dnshostname = result.GetProp("dnshostname");
if (dnshostname == null)
{
var domain = Utils.ConvertDnToDomain(result.DistinguishedName);
dnshostname = $"{shortName}.{domain}".ToUpper();
}
entry.IngestCacheDisplay = dnshostname;
entry.ObjectType = "computer";
entry.ComputerSamAccountName = shortName;
return(entry);
}
if (accountType == null)
{
var objClass = result.GetPropArray("objectClass");
if (objClass.Contains("groupPolicyContainer"))
{
entry.IngestCacheDisplay = $"{result.GetProp("displayname")}@{domainName}";
entry.ObjectType = "gpo";
return(entry);
}
if (objClass.Contains("organizationalUnit"))
{
entry.IngestCacheDisplay = $"{result.GetProp("name")}@{domainName}";
entry.ObjectType = "ou";
return(entry);
}
if (objClass.Contains("container"))
{
entry.IngestCacheDisplay = domainName;
entry.ObjectType = "container";
return(entry);
}
}
else
{
if (accountType.Equals("805306370"))
{
return(null);
}
}
entry.IngestCacheDisplay = domainName;
entry.ObjectType = "domain";
return(entry);
}
