public bool GoldenTicketActivity()
{
try
{
var tgsList = new List <BsonDocument>();
var userEntity = Users.First(_ => _.Name == "user1");
var machineEntity = Machines.First(_ => _.Name == "CLIENT1");
for (var loopIndex = 0; loopIndex <= _saAmount; loopIndex++)
{
tgsList.Add(DocumentCreator.KerberosCreator(userEntity, machineEntity,
DomainControllers.FirstOrDefault(), DomainList.Single(_ => _.Id == userEntity.Domain).Name
, DomainList.Single(_ => _.Id == machineEntity.Domain).Name, SourceGateway, $"{(Spn)(_random.Next(0, 5))}/{Machines[loopIndex].Name}", null, "Tgs"));
}
DbClient.SetCenterProfileForReplay();
SvcCtrl.StopService("ATACenter");
DbClient.InsertBatch(tgsList);
SvcCtrl.StartService("ATACenter");
return(true);
}
catch (Exception e)
{
Logger.Error(e);
return(false);
}
}
public bool ExecuteSamrDetection()
{
try
{
var sensitiveGroupList = DbClient.GetSensitiveGroups();
foreach (var coupledSamr in SamrCouples)
{
var domainController = DomainControllers.First(_ =>
_.Domain == DomainList.Single(__ => __.Id == coupledSamr.Machine.Domain).Id);
if (coupledSamr.RatingType.ToLower() == "low")
{
var administratorObject = Users.First(_ => _.Name == "Administrator");
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn) _random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Tgs", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn) _random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Ap", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
domainController,
DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
SamrQueryType.QueryUser, SamrQueryOperation.QueryInformationUser,
DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 0,
administratorObject));
}
else
{
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn)_random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Tgs", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
ActivitiesList.Add(DocumentCreator.KerberosCreator(coupledSamr.User, coupledSamr.Machine,
domainController, DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway,
$"{(Spn)_random.Next(0, 5)}/{DomainControllers.FirstOrDefault()?.Name}", null, "Ap", 0,
0, ActivitiesList.Last()["_id"].AsObjectId));
foreach (var group in sensitiveGroupList)
{
ActivitiesList.Add(DocumentCreator.SamrCreator(coupledSamr.User, coupledSamr.Machine,
domainController,
DomainList.Single(_ => _.Id == coupledSamr.User.Domain).Name
, DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Name, SourceGateway, true,
SamrQueryType.QueryGroup, SamrQueryOperation.QueryInformationGroup,
DomainList.Single(_ => _.Id == coupledSamr.Machine.Domain).Id, 0,
group));
}
}
}
InsertActivities();
return(true);
}
catch (Exception e)
{
Logger.Debug(e);
return(false);
}
}