public bool GoldenTicketActivity()
{
try
{
var tgsList = new List <BsonDocument>();
var userEntity = Users.First(_ => _.Name == "user1");
var machineEntity = Machines.First(_ => _.Name == "CLIENT1");
for (var loopIndex = 0; loopIndex <= _saAmount; loopIndex++)
{
tgsList.Add(DocumentCreator.KerberosCreator(userEntity, machineEntity,
DomainControllers.FirstOrDefault(), DomainList.Single(_ => _.Id == userEntity.Domain).Name
, DomainList.Single(_ => _.Id == machineEntity.Domain).Name, SourceGateway, $"{(Spn)(_random.Next(0, 5))}/{Machines[loopIndex].Name}", null, "Tgs"));
}
DbClient.SetCenterProfileForReplay();
SvcCtrl.StopService("ATACenter");
DbClient.InsertBatch(tgsList);
SvcCtrl.StartService("ATACenter");
return(true);
}
catch (Exception e)
{
Logger.Error(e);
return(false);
}
}
public bool ExecuteLearningTime()
{
try
{
var sourceMachine = Machines.Single(_ => _.Name == "APP1");
var sourceUser = Users.Single(_ => _.Name == "triservice");
// Generate Samr for domainController learning time
foreach (var domainController in DomainControllers)
{
ActivitiesList.Add(DocumentCreator.SamrCreator(sourceUser, sourceMachine,
domainController,
DomainList.Single(_ => _.Id == sourceUser.Domain).Name
, DomainList.Single(_ => _.Id == sourceMachine.Domain).Name, SourceGateway, true,
SamrQueryType.EnumerateUsers, SamrQueryOperation.EnumerateUsersInDomain,
DomainList.Single(_ => _.Id == sourceMachine.Domain).Id, 35));
}
InsertActivities(true);
do
{
SamrReconnaissanceDetectorProfile = GetSamrDetectorProfile();
} while (SamrReconnaissanceDetectorProfile["DestinationComputerIdToDetectionStartTimeMapping"]
.AsBsonArray.Count != DomainControllers.Count);
foreach (var coupledSamr in SamrCouples)
{
var samrAmount = coupledSamr.RatingType == "Low" ? 10 : 21;
for (var samrIndex = 0; samrIndex < samrAmount; samrIndex++)
{
var queriedObject = Users[_random.Next(Users.Count)];
ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
DomainControllers.First(_ => _.Domain == DomainList.Single(__ => __.Id == coupledSamr.Machine.Domain).Id),
DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
SamrQueryType.QueryUser, SamrQueryOperation.QueryInformationUser,
DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 10, queriedObject));
}
}
InsertActivities();
do
{
SamrReconnaissanceDetectorProfile = GetSamrDetectorProfile();
} while (SamrReconnaissanceDetectorProfile["DateToQueryToSamrQueryDataMapping"]
.AsBsonArray.Count == 0);
return(true);
}
catch (Exception e)
{
Logger.Debug(e);
return(false);
}
}
public static void DomainControllers(String ip, String domain, String username, String password)
{
if (String.IsNullOrEmpty(username))
{
using (DomainControllers dc = new DomainControllers(ip, domain + @"\" + username, password))
{
dc.Query();
dc.Print();
}
}
else
{
using (DomainControllers dc = new DomainControllers(ip))
{
dc.Query();
dc.Print();
}
}
}
public bool ExecuteSamrDetection()
{
try
{
var sensitiveGroupList = DbClient.GetSensitiveGroups();
foreach (var coupledSamr in SamrCouples)
{
var domainController = DomainControllers.First(_ =>
_.Domain == DomainList.Single(__ => __.Id == coupledSamr.Machine.Domain).Id);
if (coupledSamr.RatingType.ToLower() == "low")
{
var administratorObject = Users.First(_ => _.Name == "Administrator");
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn) _random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Tgs", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn) _random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Ap", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
domainController,
DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
SamrQueryType.QueryUser, SamrQueryOperation.QueryInformationUser,
DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 0,
administratorObject));
}
else
{
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn)_random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Tgs", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn)_random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Ap", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
foreach (var group in sensitiveGroupList)
{
ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
domainController,
DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
SamrQueryType.QueryGroup, SamrQueryOperation.QueryInformationGroup,
DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 0,
group));
}
}
}
InsertActivities();
return(true);
}
catch (Exception e)
{
Logger.Debug(e);
return(false);
}
}
