/// <summary> /// Adds a callback for a particular symbol that will be called /// at evaluation time when that symbol is evaluated. /// </summary> /// <remarks> /// Useful for programmatically executing customized evaluation for non-DScript /// resolvers /// </remarks> public static void AddEvaluationCallbackToFileModule( FileModuleLiteral fileModule, Func <Context, ModuleLiteral, EvaluationStackFrame, Task <EvaluationResult> > evaluationCallback, FullSymbol symbol, int position) { var sourceFilePath = fileModule.Path; var outputResolvedEntry = new ResolvedEntry( symbol, (Context context, ModuleLiteral env, EvaluationStackFrame args) => evaluationCallback(context, env, args), // The following position is a contract right now with he generated ast in the workspace resolver // we have to find a nicer way to handle and register these. TypeScript.Net.Utilities.LineInfo.FromLineAndPosition(0, position) ); fileModule.AddResolvedEntry(symbol, outputResolvedEntry); fileModule.AddResolvedEntry(new FilePosition(position, sourceFilePath), outputResolvedEntry); }
internal static ResolvedEntry ResolveAdEntry(this SearchResultEntry result) { var entry = new ResolvedEntry(); var accountName = result.GetProp("samaccountname"); var distinguishedName = result.DistinguishedName; var accountType = result.GetProp("samaccounttype"); if (distinguishedName == null) { return(null); } var domainName = Utils.ConvertDnToDomain(distinguishedName); if (Groups.Contains(accountType)) { entry.BloodHoundDisplay = $"{accountName}@{domainName}".ToUpper(); entry.ObjectType = "group"; return(entry); } if (Users.Contains(accountType)) { entry.BloodHoundDisplay = $"{accountName}@{domainName}".ToUpper(); entry.ObjectType = "user"; return(entry); } if (Computers.Contains(accountType)) { var shortName = accountName?.TrimEnd('$'); var dnshostname = result.GetProp("dnshostname"); if (dnshostname == null) { bool hostFound; if (domainName.Equals(_primaryDomain, StringComparison.CurrentCultureIgnoreCase)) { hostFound = DnsManager.HostExistsDns(shortName, out dnshostname); if (!hostFound) { hostFound = DnsManager.HostExistsDns($"{shortName}.{domainName}", out dnshostname); } } else { hostFound = DnsManager.HostExistsDns($"{shortName}.{domainName}", out dnshostname); if (!hostFound) { hostFound = DnsManager.HostExistsDns(shortName, out dnshostname); } } if (!hostFound) { return(null); } } entry.BloodHoundDisplay = dnshostname; entry.ObjectType = "computer"; entry.ComputerSamAccountName = shortName; return(entry); } if (accountType == null) { var objClass = result.GetPropArray("objectClass"); if (objClass.Contains("groupPolicyContainer")) { entry.BloodHoundDisplay = $"{result.GetProp("displayname")}@{domainName}"; entry.ObjectType = "gpo"; return(entry); } if (objClass.Contains("organizationalUnit")) { entry.BloodHoundDisplay = $"{result.GetProp("name")}@{domainName}"; entry.ObjectType = "ou"; return(entry); } if (objClass.Contains("container")) { entry.BloodHoundDisplay = domainName; entry.ObjectType = "container"; return(entry); } } else { if (accountType.Equals("805306370")) { return(null); } } entry.BloodHoundDisplay = domainName; entry.ObjectType = "domain"; return(entry); }
/// <inheritdoc /> public Task <bool?> TryConvertModuleToEvaluationAsync(IModuleRegistry moduleRegistry, ParsedModule module, IWorkspace workspace) { if (!string.Equals(module.Descriptor.ResolverName, Name, StringComparison.Ordinal)) { return(Task.FromResult <bool?>(null)); } var downloadData = m_workspaceResolver.Downloads[module.Descriptor.Name]; var package = CreatePackage(module.Definition); Contract.Assert(module.Specs.Count == 1, "This resolver generated the module, so we expect a single spec."); var sourceKv = module.Specs.First(); var sourceFilePath = sourceKv.Key; var sourceFile = sourceKv.Value; var currentFileModule = ModuleLiteral.CreateFileModule( sourceFilePath, moduleRegistry, package, sourceFile.LineMap); // Download var downloadSymbol = FullSymbol.Create(m_context.SymbolTable, "download"); var downloadResolvedEntry = new ResolvedEntry( downloadSymbol, (Context context, ModuleLiteral env, EvaluationStackFrame args) => DownloadFile(downloadData), // The following position is a contract right now iwtht he generated ast in the workspace resolver // we have to find a nicer way to handle and register these. TypeScript.Net.Utilities.LineInfo.FromLineAndPosition(0, 1) ); currentFileModule.AddResolvedEntry(downloadSymbol, downloadResolvedEntry); currentFileModule.AddResolvedEntry(new FilePosition(1, sourceFilePath), downloadResolvedEntry); // Contents.All var extractedSymbol = FullSymbol.Create(m_context.SymbolTable, "extracted"); var contentsResolvedEntry = new ResolvedEntry( extractedSymbol, (Context context, ModuleLiteral env, EvaluationStackFrame args) => ExtractFile(downloadData), // The following position is a contract right now iwtht he generated ast in the workspace resolver // we have to find a nicer way to handle and register these. TypeScript.Net.Utilities.LineInfo.FromLineAndPosition(0, 3) ); currentFileModule.AddResolvedEntry(extractedSymbol, contentsResolvedEntry); currentFileModule.AddResolvedEntry(new FilePosition(3, sourceFilePath), contentsResolvedEntry); var moduleInfo = new UninstantiatedModuleInfo( // We can register an empty one since we have the module populated properly new SourceFile( sourceFilePath, new Declaration[] { }), currentFileModule, m_context.QualifierTable.EmptyQualifierSpaceId); moduleRegistry.AddUninstantiatedModuleInfo(moduleInfo); return(Task.FromResult <bool?>(true)); }
internal static ResolvedEntry ResolveAdEntry(this SearchResultEntry result, bool bypassDns = false) { var entry = new ResolvedEntry(); var accountName = result.GetProp("samaccountname"); var distinguishedName = result.DistinguishedName; var accountType = result.GetProp("samaccounttype"); if (distinguishedName == null) { return(null); } var domainName = Utils.ConvertDnToDomain(distinguishedName); if (MappedPrincipal.GetCommon(result.GetSid(), out var temp)) { return(new ResolvedEntry { IngestCacheDisplay = $"{temp.PrincipalName}@{domainName}".ToUpper(), ObjectType = temp.ObjectType }); } if (Groups.Contains(accountType)) { entry.IngestCacheDisplay = $"{accountName}@{domainName}".ToUpper(); entry.ObjectType = "group"; return(entry); } if (Users.Contains(accountType)) { entry.IngestCacheDisplay = $"{accountName}@{domainName}".ToUpper(); entry.ObjectType = "user"; return(entry); } if (Computers.Contains(accountType)) { var shortName = accountName?.TrimEnd('$'); var dnshostname = result.GetProp("dnshostname"); if (dnshostname == null) { var domain = Utils.ConvertDnToDomain(result.DistinguishedName); dnshostname = $"{shortName}.{domain}".ToUpper(); } entry.IngestCacheDisplay = dnshostname; entry.ObjectType = "computer"; entry.ComputerSamAccountName = shortName; return(entry); } if (accountType == null) { var objClass = result.GetPropArray("objectClass"); if (objClass.Contains("groupPolicyContainer")) { entry.IngestCacheDisplay = $"{result.GetProp("displayname")}@{domainName}"; entry.ObjectType = "gpo"; return(entry); } if (objClass.Contains("organizationalUnit")) { entry.IngestCacheDisplay = $"{result.GetProp("name")}@{domainName}"; entry.ObjectType = "ou"; return(entry); } if (objClass.Contains("container")) { entry.IngestCacheDisplay = domainName; entry.ObjectType = "container"; return(entry); } } else { if (accountType.Equals("805306370")) { return(null); } } entry.IngestCacheDisplay = domainName; entry.ObjectType = "domain"; return(entry); }