private void AddDnsAdmins(GraphObjectReference objectReference)
{
string[] properties = new string[] {
"name",
"objectSid"
};
bool dnsAdminFound = false;
WorkOnReturnedObjectByADWS callback =
(ADItem x) =>
{
objectReference.Objects[CompromiseGraphDataTypology.PrivilegedAccount].Add(new GraphSingleObject(x.ObjectSid.Value, GraphObjectReference.DnsAdministrators, CompromiseGraphDataObjectRisk.Medium));
dnsAdminFound = true;
};
// we do a one level search just case the group is in the default position
adws.Enumerate("CN=Users," + domainInfo.DefaultNamingContext, "(&(objectClass=group)(description=DNS Administrators Group))", properties, callback, "OneLevel");
if (!dnsAdminFound)
{
adws.Enumerate("CN=Users," + domainInfo.DefaultNamingContext, "(&(objectClass=group)(sAMAccountName=DNSAdmins))", properties, callback, "OneLevel");
}
if (!dnsAdminFound)
{
// then full tree. This is an optimization for LDAP request
adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=group)(description=DNS Administrators Group))", properties, callback);
}
if (!dnsAdminFound)
{
adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=group)(sAMAccountName=DNSAdmins))", properties, callback);
}
}
public GraphObjectReference ExportData(List <string> UsersToInvestigate)
{
ADDomainInfo domainInfo = null;
RelationFactory relationFactory = null;
GraphObjectReference objectReference = null;
DisplayAdvancement("Getting domain information (" + Server + ")");
using (ADWebService adws = new ADWebService(Server, Port, Credential))
{
domainInfo = GetDomainInformation(adws);
Storage.Initialize(domainInfo);
Trace.WriteLine("Creating new relation factory");
relationFactory = new RelationFactory(Storage, domainInfo, Credential);
DisplayAdvancement("Exporting objects from Active Directory");
objectReference = new GraphObjectReference(domainInfo);
ExportReportData(adws, domainInfo, relationFactory, Storage, objectReference, UsersToInvestigate);
}
DisplayAdvancement("Inserting relations between nodes in the database");
Trace.WriteLine("Inserting relations on hold");
Storage.InsertRelationOnHold();
Trace.WriteLine("Add trusted domains");
AddTrustedDomains(Storage);
Trace.WriteLine("Done");
DisplayAdvancement("Export completed");
DisplayAdvancement("Doing the analysis");
return(objectReference);
}
private void ExportReportData(GraphObjectReference objectReference, List <string> UsersToInvestigate)
{
List <ADItem> aditems = null;
foreach (var typology in objectReference.Objects.Keys)
{
var toDelete = new List <GraphSingleObject>();
foreach (var obj in objectReference.Objects[typology])
{
Trace.WriteLine("Working on " + obj.Description);
aditems = Search(obj.Name);
if (aditems.Count != 0)
{
RelationFactory.AnalyzeADObject(aditems[0]);
}
else
{
Trace.WriteLine("Unable to find the user: "******"Working on " + user);
aditems = Search(user);
if (aditems.Count != 0)
{
string userKey = user;
if (aditems[0].ObjectSid != null)
{
userKey = aditems[0].ObjectSid.Value;
}
objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(userKey, user));
RelationFactory.AnalyzeADObject(aditems[0]);
}
else
{
Trace.WriteLine("Unable to find the user: " + user);
}
}
}
foreach (var item in objectReference.TechnicalObjects)
{
aditems = Search(item);
if (aditems.Count != 0)
{
RelationFactory.AnalyzeADObject(aditems[0]);
}
}
AnalyzeMissingObjets();
}
private void PrepareStopNodes(GraphObjectReference ObjectReference)
{
stopNodes.Clear();
foreach (var typology in ObjectReference.Objects.Keys)
{
foreach (var obj in ObjectReference.Objects[typology])
{
stopNodes.Add(obj.Name);
}
}
}
void PrepareDetailledData(CompromiseGraphData data, GraphObjectReference ObjectReference)
{
foreach (var typology in ObjectReference.Objects.Keys)
{
foreach (var obj in ObjectReference.Objects[typology])
{
ProduceReportFile(data, typology, obj.Risk, obj.Description, obj.Name);
}
}
data.Data.Sort(
(SingleCompromiseGraphData a, SingleCompromiseGraphData b)
=>
{
return(string.Compare(a.Description, b.Description));
});
}
public GraphObjectReference ExportData(List <string> UsersToInvestigate)
{
GraphObjectReference objectReference = null;
DisplayAdvancement("- Initialize");
Storage.Initialize(domainInfo);
Trace.WriteLine("- Creating new relation factory");
RelationFactory = new RelationFactory(Storage, domainInfo);
RelationFactory.Initialize(adws);
DisplayAdvancement("- Searching for critical and infrastructure objects");
objectReference = new GraphObjectReference(domainInfo);
BuildDirectDelegationData();
ExportReportData(objectReference, UsersToInvestigate);
DisplayAdvancement("- Completing object collection");
Trace.WriteLine("Inserting relations on hold");
Storage.InsertRelationOnHold();
Trace.WriteLine("Done");
DisplayAdvancement("- Export completed");
return(objectReference);
}
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, LiveDataStorage storage, GraphObjectReference objectReference, List <string> UsersToInvestigate)
{
ADItem aditem = null;
foreach (var typology in objectReference.Objects.Keys)
{
var toDelete = new List <GraphSingleObject>();
foreach (var obj in objectReference.Objects[typology])
{
DisplayAdvancement("Working on " + obj.Description);
aditem = Search(adws, domainInfo, obj.Name);
if (aditem != null)
{
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: "******"Working on " + user);
aditem = Search(adws, domainInfo, user);
if (aditem != null)
{
objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(user, user));
relationFactory.AnalyzeADObject(aditem);
}
else
{
Trace.WriteLine("Unable to find the user: " + user);
}
}
AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage);
relationFactory.InsertFiles();
AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage);
}
