private bool DetectAP(DomainInfo domain, Server ap, KerberosDetector detector)
{
logWriter.AddLog(string.Format("===== Detect Application Server in Domain {0} =====", domain.Name), LogLevel.Normal);
string hostname = ap.FQDN;
IPAddress ip = IPAddress.Loopback;
try
{
var hostentry = Dns.GetHostEntry(hostname);
ip = hostentry.AddressList[0];
ap.IPv4 = ip.ToString();
string computerName = hostentry.HostName;
string machineName = computerName.Split('.')[0];
ap.FQDN = ServerHelper.GetAccountAttribute(machineName, "Computers", "dNSHostName", domain.Name, domain.Admin, domain.AdminPassword);
ap.IsWindows = detector.FetchPlatformInfo(computerName);
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
if (ap.FQDN == null)
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
string[] tempArray = ap.FQDN.Split('.');
ap.ComputerName = tempArray[0];
try
{
ap.NetBIOS = ServerHelper.GetAccountAttribute(ap.ComputerName, "Computers", "sAMAccountName", domain.Name, domain.Admin, domain.AdminPassword);//DC01$: NetBIOS name
ap.DefaultServiceName = "host/" + ap.FQDN.ToLower();
ap.ServiceSalt = domain.Name.ToUpper() + "host" + ap.FQDN.ToLower();
ap.smb2Service.SMB2ServiceName = "cifs/" + ap.FQDN.ToLower();
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
try
{
if (detectionInfo.HasSmbServer)
{
//get smb dialect
Smb2Client clientForInitialOpen = new Smb2Client(new TimeSpan(0, 0, 15));
byte[] gssToken;
Packet_Header header;
try
{
clientForInitialOpen.ConnectOverTCP(ip);
NEGOTIATE_Response negotiateResp;
DialectRevision connection_Dialect = DialectRevision.Smb2Unknown;
DialectRevision[] requestDialect = new DialectRevision[] { DialectRevision.Smb2002, DialectRevision.Smb21, DialectRevision.Smb30, DialectRevision.Smb302 };
ulong messageId = 0;
uint status = clientForInitialOpen.Negotiate(
1,
1,
Packet_Header_Flags_Values.NONE,
messageId++,
requestDialect,
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU,
Guid.NewGuid(),
out connection_Dialect,
out gssToken,
out header,
out negotiateResp);
if (header.Status != Smb2Status.STATUS_SUCCESS)
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
else
{
ap.smb2Service.SMB2Dialect = connection_Dialect.ToString();
}
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
//detect smb share
string[] shareList = ServerHelper.EnumShares(ap.IPv4, domain.Admin, domain.Name, domain.AdminPassword);
if (shareList.Length > 0)
{
//only get the first one as default value
//can ptftool support add more choices?
for (int i = 0; i < shareList.Length; i++)
{
if (shareList[i].Substring(shareList[i].Length - 1, 1) != "$")
{
ap.smb2Service.DACShare = shareList[i];
ap.smb2Service.CBACShare = shareList[i];
break;
}
}
}
else
{
ap.smb2Service.DACShare = string.Empty;
ap.smb2Service.CBACShare = string.Empty;
}
}
if (detectionInfo.HasHttpServer)
{
//detect http server
ap.httpService.HttpServiceName = "http/" + ap.FQDN.ToLower();
try
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://" + ap.FQDN);
request.Credentials = new NetworkCredential(domain.Admin + "@" + domain.Name, domain.AdminPassword);
WebResponse response = request.GetResponse();
ap.httpService.Uri = response.ResponseUri.OriginalString;
}
catch
{
ap.httpService.Uri = string.Empty;
}
}
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
logWriter.AddLog("Success", LogLevel.Normal, false, LogStyle.StepPassed);
logWriter.AddLineToLog(LogLevel.Advanced);
return true;
}
private bool DetectDC(DomainInfo domain, Server dc, KerberosDetector detector)
{
logWriter.AddLog(string.Format("===== Detect DC in Domain {0} =====", domain.Name), LogLevel.Normal);
DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain,
domain.Name,
domain.Admin, domain.AdminPassword);
string hostName = DomainController.FindOne(context).Name;
var hostEntry = Dns.GetHostEntry(hostName);
try
{
string computerName = hostEntry.HostName;
computerName = computerName.Split('.')[0];
dc.ComputerName = computerName;
dc.FQDN = ServerHelper.GetDCAttribute(computerName, "dNSHostName", domain.Name, domain.Admin, domain.AdminPassword);
dc.IsWindows = detector.FetchPlatformInfo(computerName);
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
if (dc.FQDN == null)
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
try
{
dc.NetBIOS = ServerHelper.GetDCAttribute(dc.ComputerName, "sAMAccountName", domain.Name, domain.Admin, domain.AdminPassword);//DC01$: NetBIOS name
dc.DefaultServiceName = "krbtgt/" + domain.Name.ToUpper();
dc.ServiceSalt = domain.Name.ToUpper() + "host"+ dc.FQDN.ToLower();
dc.ldapService.LdapServiceName = "ldap/" + dc.FQDN.ToLower();
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
try
{
domain.FunctionalLevel = ServerHelper.GetDomainFunctionalLevel(domain.Name, domain.Admin, domain.AdminPassword);
}
catch
{
logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed);
logWriter.AddLineToLog(LogLevel.Advanced);
return false;
}
logWriter.AddLog("Success", LogLevel.Normal, false, LogStyle.StepPassed);
logWriter.AddLineToLog(LogLevel.Advanced);
return true;
}
public void ResetDetectResult()
{
detectExceptions = new Dictionary<string, string>();
localDomain = new DomainInfo();
localDomain.KrbtgtPassword = "******";
trustDomain = new DomainInfo();
kkdcpInfo = new KkdcpInfo();
kkdcpInfo.KKDCPServerUrl = "https://proxy01.contoso.com/KdcProxy";
kkdcpInfo.KKDCPClientCertPassword = "";
kkdcpInfo.KKDCPClientCertPath = "";
trustType = KerberosTrustType.NoTrust;
localDC = new Server();
localDC.Password = "******";
localDC.Port = "88";
localDC.ldapService = new LDAPService();
localClient = new Server();
localClient.Password = "******";
localClient.Port = "88";
localAP = new Server();
localAP.Password = "******";
localAP.smb2Service = new Smb2Service();
localAP.httpService = new HttpService();
localAP.httpService.HttpServiceName = "http/ap01.contoso.com";
localAP.httpService.Uri = "http://ap01.contoso.com";
localAP.authNotReqService = new OtherService();
localAP.authNotReqService.DefaultServiceName = "host/AuthNotRequired.contoso.com";
localAP.authNotReqService.ServiceSalt = "CONTOSO.COMhostauthnotrequired.contoso.com";
localAP.authNotReqService.FQDN = "AuthNotRequired.contoso.com";
localAP.authNotReqService.NetBios = "AuthNotRequired$";
localAP.authNotReqService.Password = "******";
localAP.localResourceService1 = new OtherService();
localAP.localResourceService1.DefaultServiceName = "host/localResource01.contoso.com";
localAP.localResourceService1.ServiceSalt = "CONTOSO.COMhostlocalresource01.contoso.com";
localAP.localResourceService1.FQDN = "localResource01.contoso.com";
localAP.localResourceService1.NetBios = "localResource01$";
localAP.localResourceService1.Password = "******";
localAP.localResourceService2 = new OtherService();
localAP.localResourceService2.DefaultServiceName = "host/localResource02.contoso.com";
localAP.localResourceService2.ServiceSalt = "CONTOSO.COMhostlocalresource02.contoso.com";
localAP.localResourceService2.FQDN = "localResource02.contoso.com";
localAP.localResourceService2.NetBios = "localResource02$";
localAP.localResourceService2.Password = "******";
localUsers = new Dictionary<string, User>();
localUsers.Add("User01", new User("test01", "Password01^", null, "CONTOSO.COMtest01", null));
localUsers.Add("User02", new User("test02", "Password01&", null, null, null));
localUsers.Add("User03", new User("UserDelegNotAllowed", "Chenjialuo;", null, null, null));
localUsers.Add("User04", new User("UserTrustedForDeleg", "Yuanchengzhi;", null, null, "abc/UserTrustedForDeleg"));
localUsers.Add("User05", new User("UserWithoutUPN", "Zhangwuji;", null, null, null));
localUsers.Add("User06", new User("UserPreAuthNotReq", "Duanyu;", null, null, null));
localUsers.Add("User07", new User("UserDisabled", "Chenjinnan;", null, null, null));
localUsers.Add("User08", new User("UserExpired", "Guojing;", null, null, null));
localUsers.Add("User09", new User("UserLocked", "Qiaofeng;", null, null, null));
localUsers.Add("User10", new User("UserOutofLogonHours", "Huyidao;", null, null, null));
localUsers.Add("User11", new User("UserPwdMustChgPast", "Weixiaobao;", null, null, null));
localUsers.Add("User12", new User("UserPwdMustChgZero", "Yangguo;", null, null, null));
localUsers.Add("User13", new User("UserLocalGroup", "Yantengda;", null, null, null));
localUsers.Add("User14", new User("UserDesOnly", "Renyingying;", null, null, null));
localUsers.Add("User15", new User("testsilo01", "Password01!", null, null, null));
localUsers.Add("User16", new User("testsilo02", "Password01!", null, null, null));
localUsers.Add("User17", new User("testsilo03", "Password01!", null, null, null));
localUsers.Add("User18", new User("testsilo04", "Password01!", null, null, null));
localUsers.Add("User19", new User("testsilo05", "Password01!", null, null, null));
localUsers.Add("User22", new User("testpwd", "Password01!", null, null, null));
trustDC = new Server();
trustDC.Password = "******";
trustDC.Port = "88";
trustDC.FQDN = "AP02.kerb.com";
trustDC.NetBIOS = "AP02$";
trustDC.IPv4 = "192.168.0.20";
trustDC.IPv6 = "2012::2";
trustDC.DefaultServiceName = "krbtgt/KERB.COM";
trustDC.ServiceSalt = "KERB.COMhostap02.kerb.com";
trustDC.ldapService = new LDAPService();
trustDC.ldapService.LdapServiceName = "ldap/dc02.kerb.com";
trustDC.ldapService.GssToken = "GSSAPI";
trustDC.ldapService.Port = "389";
trustAP = new Server();
trustAP.FQDN = "AP02.kerb.com";
trustAP.NetBIOS = "AP02$";
trustAP.Password = "******";
trustAP.IPv4 = "192.168.0.20";
trustAP.IPv6 = "2012::20";
trustAP.DefaultServiceName = "host/ap02.kerb.com";
trustAP.ServiceSalt = "KERB.COMhostap02.kerb.com";
trustAP.smb2Service = new Smb2Service();
trustAP.smb2Service.SMB2ServiceName = "cifs/ap02.kerb.com";
trustAP.smb2Service.SMB2Dialect = "Smb30";
trustAP.smb2Service.CBACShare = "share";
trustAP.httpService = new HttpService();
trustAP.httpService.HttpServiceName = "http/ap02.kerb.com";
trustAP.httpService.Uri = "http://ap02.kerb.com";
trustAP.authNotReqService = new OtherService();
trustAP.localResourceService1 = new OtherService();
trustAP.localResourceService2 = new OtherService();
trustUsers = new Dictionary<string, User>();
trustUsers.Add("krbtgt", new User("krbtgt", "Password01%", null, null, null));
trustUsers.Add("Admin", new User("administrator", "Password01#", null, null, null));
trustUsers.Add("User01", new User("test03", "Password01*", null, null, null));
trustUsers.Add("User02", new User("test04", "Password01(", null, null, null));
}