public GraphObjectReference ExportData(List <string> UsersToInvestigate)
{
ADDomainInfo domainInfo = null;
RelationFactory relationFactory = null;
GraphObjectReference objectReference = null;
DisplayAdvancement("Getting domain information (" + Server + ")");
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = GetDomainInformation(adws);
Storage.Initialize(domainInfo);
Trace.WriteLine("Creating new relation factory");
relationFactory = new RelationFactory(Storage, domainInfo, Credential);
DisplayAdvancement("Exporting objects from Active Directory");
objectReference = new GraphObjectReference(domainInfo);
ExportReportData(adws, domainInfo, relationFactory, Storage, objectReference, UsersToInvestigate);
}
DisplayAdvancement("Inserting relations between nodes in the database");
Trace.WriteLine("Inserting relations on hold");
Storage.InsertRelationOnHold();
Trace.WriteLine("Add trusted domains");
AddTrustedDomains(Storage);
Trace.WriteLine("Done");
DisplayAdvancement("Export completed");
DisplayAdvancement("Doing the analysis");
return(objectReference);
}
int AnalyzeMissingObjets(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, LiveDataStorage Storage)
{
int num = 0;
while (true)
{
List <string> cns = Storage.GetCNToInvestigate();
if (cns.Count > 0)
{
num += cns.Count;
ExportCNData(adws, domainInfo, relationFactory, cns);
}
List <string> sids = Storage.GetSIDToInvestigate();
if (sids.Count > 0)
{
num += sids.Count;
ExportSIDData(adws, domainInfo, relationFactory, sids);
}
List <int> primaryGroupId = Storage.GetPrimaryGroupIDToInvestigate();
if (primaryGroupId.Count > 0)
{
num += primaryGroupId.Count;
ExportPrimaryGroupData(adws, domainInfo, relationFactory, primaryGroupId);
}
if (cns.Count == 0 && sids.Count == 0 && primaryGroupId.Count == 0)
{
return(num);
}
}
}
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> UsersToInvestigate)
{
List <string> sids = new List <string> {
"S-1-5-32-548",
"S-1-5-32-544",
domainInfo.DomainSid.Value + "-512",
domainInfo.DomainSid.Value + "-519",
domainInfo.DomainSid.Value + "-518",
domainInfo.DomainSid.Value + "-500",
"S-1-5-32-551",
domainInfo.DomainSid.Value + "-517",
"S-1-5-32-569",
domainInfo.DomainSid.Value + "-516",
domainInfo.DomainSid.Value + "-498",
domainInfo.DomainSid.Value + "-520",
"S-1-5-32-557",
domainInfo.DomainSid.Value + "-502",
"S-1-5-32-556",
"S-1-5-32-554",
"S-1-5-32-550",
domainInfo.DomainSid.Value,
domainInfo.DomainSid.Value + "-521",
"S-1-5-32-549",
};
ADItem aditem = null;
foreach (string sid in sids)
{
aditem = Search(adws, domainInfo, sid);
if (aditem != null)
{
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: "******"Unable to find the user: " + user);
}
}
AnalyzeMissingObjets(adws, domainInfo, relationFactory);
relationFactory.InsertFiles();
AnalyzeMissingObjets(adws, domainInfo, relationFactory);
}
private void ExportSIDData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> sids)
{
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
relationFactory.AnalyzeADObject(aditem);
};
foreach (string sid in sids)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(objectSid=" + ADConnection.EncodeSidToString(sid) + ")",
properties, callback);
}
}
private void ExportCNData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <string> cns)
{
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
relationFactory.AnalyzeADObject(aditem);
};
foreach (string cn in cns)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(distinguishedName=" + ADConnection.EscapeLDAP(cn) + ")",
properties, callback);
}
}
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, LiveDataStorage storage, GraphObjectReference objectReference, List <string> UsersToInvestigate)
{
ADItem aditem = null;
foreach (var typology in objectReference.Objects.Keys)
{
var toDelete = new List <GraphSingleObject>();
foreach (var obj in objectReference.Objects[typology])
{
DisplayAdvancement("Working on " + obj.Description);
aditem = Search(adws, domainInfo, obj.Name);
if (aditem != null)
{
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: "******"Working on " + user);
aditem = Search(adws, domainInfo, user);
if (aditem != null)
{
objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(user, user));
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: " + user);
}
}
AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage);
relationFactory.InsertFiles();
AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage);
}
public void ExportData(List <string> UsersToInvestigate)
{
ADDomainInfo domainInfo = null;
RelationFactory relationFactory = null;
DisplayAdvancement("Getting domain informations");
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = GetDomainInformation(adws);
Storage.Initialize(domainInfo);
Trace.WriteLine("Creating new relation factory");
relationFactory = new RelationFactory(Storage, domainInfo, Credential);
DisplayAdvancement("Exporting objects from Active Directory");
ExportReportData(adws, domainInfo, relationFactory, UsersToInvestigate);
}
DisplayAdvancement("Inserting relations between nodes in the database");
Trace.WriteLine("Inserting relations on hold");
Storage.InsertRelationOnHold(domainInfo.DnsHostName);
Trace.WriteLine("Done");
DisplayAdvancement("Export completed");
}
private void ExportPrimaryGroupData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, List <int> primaryGroupIDs)
{
WorkOnReturnedObjectByADWS callback =
(ADItem aditem) =>
{
relationFactory.AnalyzeADObject(aditem);
};
foreach (int id in primaryGroupIDs)
{
adws.Enumerate(domainInfo.DefaultNamingContext,
"(primaryGroupID=" + id + ")",
properties, callback);
}
}