private void AddDnsAdmins(GraphObjectReference objectReference) { string[] properties = new string[] { "name", "objectSid" }; bool dnsAdminFound = false; WorkOnReturnedObjectByADWS callback = (ADItem x) => { objectReference.Objects[CompromiseGraphDataTypology.PrivilegedAccount].Add(new GraphSingleObject(x.ObjectSid.Value, GraphObjectReference.DnsAdministrators, CompromiseGraphDataObjectRisk.Medium)); dnsAdminFound = true; }; // we do a one level search just case the group is in the default position adws.Enumerate("CN=Users," + domainInfo.DefaultNamingContext, "(&(objectClass=group)(description=DNS Administrators Group))", properties, callback, "OneLevel"); if (!dnsAdminFound) { adws.Enumerate("CN=Users," + domainInfo.DefaultNamingContext, "(&(objectClass=group)(sAMAccountName=DNSAdmins))", properties, callback, "OneLevel"); } if (!dnsAdminFound) { // then full tree. This is an optimization for LDAP request adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=group)(description=DNS Administrators Group))", properties, callback); } if (!dnsAdminFound) { adws.Enumerate(domainInfo.DefaultNamingContext, "(&(objectClass=group)(sAMAccountName=DNSAdmins))", properties, callback); } }
public GraphObjectReference ExportData(List <string> UsersToInvestigate) { ADDomainInfo domainInfo = null; RelationFactory relationFactory = null; GraphObjectReference objectReference = null; DisplayAdvancement("Getting domain information (" + Server + ")"); using (ADWebService adws = new ADWebService(Server, Port, Credential)) { domainInfo = GetDomainInformation(adws); Storage.Initialize(domainInfo); Trace.WriteLine("Creating new relation factory"); relationFactory = new RelationFactory(Storage, domainInfo, Credential); DisplayAdvancement("Exporting objects from Active Directory"); objectReference = new GraphObjectReference(domainInfo); ExportReportData(adws, domainInfo, relationFactory, Storage, objectReference, UsersToInvestigate); } DisplayAdvancement("Inserting relations between nodes in the database"); Trace.WriteLine("Inserting relations on hold"); Storage.InsertRelationOnHold(); Trace.WriteLine("Add trusted domains"); AddTrustedDomains(Storage); Trace.WriteLine("Done"); DisplayAdvancement("Export completed"); DisplayAdvancement("Doing the analysis"); return(objectReference); }
private void ExportReportData(GraphObjectReference objectReference, List <string> UsersToInvestigate) { List <ADItem> aditems = null; foreach (var typology in objectReference.Objects.Keys) { var toDelete = new List <GraphSingleObject>(); foreach (var obj in objectReference.Objects[typology]) { Trace.WriteLine("Working on " + obj.Description); aditems = Search(obj.Name); if (aditems.Count != 0) { RelationFactory.AnalyzeADObject(aditems[0]); } else { Trace.WriteLine("Unable to find the user: "******"Working on " + user); aditems = Search(user); if (aditems.Count != 0) { string userKey = user; if (aditems[0].ObjectSid != null) { userKey = aditems[0].ObjectSid.Value; } objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(userKey, user)); RelationFactory.AnalyzeADObject(aditems[0]); } else { Trace.WriteLine("Unable to find the user: " + user); } } } foreach (var item in objectReference.TechnicalObjects) { aditems = Search(item); if (aditems.Count != 0) { RelationFactory.AnalyzeADObject(aditems[0]); } } AnalyzeMissingObjets(); }
private void PrepareStopNodes(GraphObjectReference ObjectReference) { stopNodes.Clear(); foreach (var typology in ObjectReference.Objects.Keys) { foreach (var obj in ObjectReference.Objects[typology]) { stopNodes.Add(obj.Name); } } }
void PrepareDetailledData(CompromiseGraphData data, GraphObjectReference ObjectReference) { foreach (var typology in ObjectReference.Objects.Keys) { foreach (var obj in ObjectReference.Objects[typology]) { ProduceReportFile(data, typology, obj.Risk, obj.Description, obj.Name); } } data.Data.Sort( (SingleCompromiseGraphData a, SingleCompromiseGraphData b) => { return(string.Compare(a.Description, b.Description)); }); }
public GraphObjectReference ExportData(List <string> UsersToInvestigate) { GraphObjectReference objectReference = null; DisplayAdvancement("- Initialize"); Storage.Initialize(domainInfo); Trace.WriteLine("- Creating new relation factory"); RelationFactory = new RelationFactory(Storage, domainInfo); RelationFactory.Initialize(adws); DisplayAdvancement("- Searching for critical and infrastructure objects"); objectReference = new GraphObjectReference(domainInfo); BuildDirectDelegationData(); ExportReportData(objectReference, UsersToInvestigate); DisplayAdvancement("- Completing object collection"); Trace.WriteLine("Inserting relations on hold"); Storage.InsertRelationOnHold(); Trace.WriteLine("Done"); DisplayAdvancement("- Export completed"); return(objectReference); }
private void ExportReportData(ADWebService adws, ADDomainInfo domainInfo, RelationFactory relationFactory, LiveDataStorage storage, GraphObjectReference objectReference, List <string> UsersToInvestigate) { ADItem aditem = null; foreach (var typology in objectReference.Objects.Keys) { var toDelete = new List <GraphSingleObject>(); foreach (var obj in objectReference.Objects[typology]) { DisplayAdvancement("Working on " + obj.Description); aditem = Search(adws, domainInfo, obj.Name); if (aditem != null) { relationFactory.AnalyzeADObject(aditem); } else { Trace.WriteLine("Unable to find the user: "******"Working on " + user); aditem = Search(adws, domainInfo, user); if (aditem != null) { objectReference.Objects[Data.CompromiseGraphDataTypology.UserDefined].Add(new GraphSingleObject(user, user)); relationFactory.AnalyzeADObject(aditem); } else { Trace.WriteLine("Unable to find the user: " + user); } } AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage); relationFactory.InsertFiles(); AnalyzeMissingObjets(adws, domainInfo, relationFactory, storage); }