override protected string GetCsvData(string computer)
{
StringBuilder sb = new StringBuilder();
string header = null;
NullSessionTester session = new NullSessionTester(Server,
(NTAccount server) =>
{
if (sb.Length != 0)
{
sb.AppendLine();
}
sb.Append(header);
sb.Append(server.Value);
});
bool enabled = false;
DisplayAdvancement(computer, "Testing MS-SAMR");
header = computer + " \tMS-SAMR\t";
if (session.EnumerateAccount(TypeOfEnumeration.Samr, (ScanningMode == 0 ? 1 : NullSessionEnumerationLimit)))
{
DisplayAdvancement(computer, "Null session is enabled (at least MS-SAMR)");
enabled = true;
}
else
{
DisplayAdvancement(computer, "MS-SAMR disabled");
}
if (!enabled)
{
DisplayAdvancement(computer, "Testing MS-LSAT");
header = computer + "\tMS-LSAT\t";
if (session.EnumerateAccount(TypeOfEnumeration.Lsa, (ScanningMode == 0 ? 1 : NullSessionEnumerationLimit)))
{
DisplayAdvancement(computer, "Null session is enabled (only MS-LSAT)");
enabled = true;
}
else
{
DisplayAdvancement(computer, "MS-LSAT disabled");
}
}
if (!enabled)
{
DisplayAdvancement(computer, "Null session is disabled");
sb.Append(computer);
sb.Append("\tNone\t");
}
return(sb.ToString());
}
/*
* public bool ExportHCRuleTask()
* {
* return StartTask("Export Healthcheck rules",
* () =>
* {
* HealthcheckRules rules = new HealthcheckRules();
* rules.GenerateRuleDescriptionFile("rules-V" + Assembly.GetExecutingAssembly().GetName().Version + ".xlsx");
* }
* );
* }
*/
public bool NullSessionTask()
{
return(StartTask("Null Session",
() =>
{
NullSessionTester session = new NullSessionTester(Server,
(NTAccount server) => { Console.WriteLine(server.Value); });
bool enabled = false;
Console.WriteLine("Testing MS-SAMR");
if (session.EnumerateAccount(TypeOfEnumeration.Samr, NullSessionEnumerationLimit))
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Null session is enabled (at least MS-SAMR)");
Console.ResetColor();
enabled = true;
}
else
{
Console.WriteLine("MS-SAMR disabled");
}
if (!enabled)
{
Console.WriteLine("Testing MS-LSAT");
if (session.EnumerateAccount(TypeOfEnumeration.Lsa, NullSessionEnumerationLimit))
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Null session is enabled (only MS-LSAT)");
Console.ResetColor();
enabled = true;
}
else
{
Console.WriteLine("MS-LSAT disabled");
}
}
if (!enabled)
{
Console.WriteLine("Null session is disabled");
}
}
));
}
public void EnumerateAccount(SecurityIdentifier DomainSid, int MaximumNumber, StreamWriter sw)
{
NativeMethods.UNICODE_STRING us = new NativeMethods.UNICODE_STRING();
NativeMethods.LSA_OBJECT_ATTRIBUTES loa = new NativeMethods.LSA_OBJECT_ATTRIBUTES();
us.Initialize(Server);
IntPtr PolicyHandle = IntPtr.Zero;
uint ret = NativeMethods.LsaOpenPolicy(ref us, ref loa, 0x00000800, out PolicyHandle);
us.Dispose();
if (ret != 0)
{
DisplayError("Error when connecting to the remote domain LsaOpenPolicy 0x" + ret.ToString("x"));
}
try
{
DisplayAdvancement("Connection established");
uint currentRid = 500;
int iteration = 0;
uint returnCode = 0;
int UserEnumerated = 0;
// allows 10*1000 sid non resolved
int retrycount = 0;
while ((returnCode == 0 || returnCode == 0x00000107 || (retrycount < 10 && returnCode == 0xC0000073)) && UserEnumerated < MaximumNumber)
{
Trace.WriteLine("LsaLookupSids iteration " + iteration++);
List <GCHandle> HandleToFree = new List <GCHandle>();
IntPtr Names = IntPtr.Zero, ReferencedDomains = IntPtr.Zero;
try
{
SecurityIdentifier[] SidEnumBuffer = new SecurityIdentifier[1000];
IntPtr[] SidHandles = new IntPtr[SidEnumBuffer.Length];
for (int i = 0; i < SidEnumBuffer.Length; i++)
{
SidEnumBuffer[i] = NullSessionTester.BuildSIDFromDomainSidAndRid(DomainSid, currentRid++);
byte[] sid = new byte[SidEnumBuffer[i].BinaryLength];
SidEnumBuffer[i].GetBinaryForm(sid, 0);
GCHandle handlesid = GCHandle.Alloc(sid, GCHandleType.Pinned);
HandleToFree.Add(handlesid);
SidHandles[i] = handlesid.AddrOfPinnedObject();
}
GCHandle sidHandle = GCHandle.Alloc(SidHandles, GCHandleType.Pinned);
HandleToFree.Add(sidHandle);
returnCode = NativeMethods.LsaLookupSids(PolicyHandle, SidEnumBuffer.Length, sidHandle.AddrOfPinnedObject(), out ReferencedDomains, out Names);
if (returnCode == 0 || returnCode == 0x00000107)
{
retrycount = 0;
NativeMethods.LSA_TRANSLATED_NAME[] lsaNames = new NativeMethods.LSA_TRANSLATED_NAME[SidEnumBuffer.Length];
NativeMethods.LSA_REFERENCED_DOMAIN_LIST domainList = (NativeMethods.LSA_REFERENCED_DOMAIN_LIST)Marshal.PtrToStructure(ReferencedDomains, typeof(NativeMethods.LSA_REFERENCED_DOMAIN_LIST));
for (int i = 0; i < SidEnumBuffer.Length; i++)
{
lsaNames[i] = (NativeMethods.LSA_TRANSLATED_NAME)Marshal.PtrToStructure(
new IntPtr(Names.ToInt64() + i * Marshal.SizeOf(typeof(NativeMethods.LSA_TRANSLATED_NAME)))
, typeof(NativeMethods.LSA_TRANSLATED_NAME));
if (lsaNames[i].Use > 0 && lsaNames[i].Use != NativeMethods.SID_NAME_USE.SidTypeUnknown)
{
string account = lsaNames[i].Name.ToString();
if (!String.IsNullOrEmpty(account))
{
NativeMethods.LSA_TRUST_INFORMATION trustInfo = (NativeMethods.LSA_TRUST_INFORMATION)Marshal.PtrToStructure
(new IntPtr(domainList.Domains.ToInt64() + lsaNames[i].DomainIndex * Marshal.SizeOf(typeof(NativeMethods.LSA_TRUST_INFORMATION))), typeof(NativeMethods.LSA_TRUST_INFORMATION));
sw.WriteLine(SidEnumBuffer[i] + "\t" + new NTAccount(trustInfo.Name.ToString(), account).Value);
UserEnumerated++;
if (UserEnumerated % 100 == 0)
{
DisplayAdvancement("Account enumerated: " + UserEnumerated);
}
}
}
}
}
else
{
retrycount++;
Trace.WriteLine("LsaLookupSids " + returnCode);
}
}
finally
{
if (ReferencedDomains != IntPtr.Zero)
{
NativeMethods.LsaFreeMemory(ReferencedDomains);
}
if (Names != IntPtr.Zero)
{
NativeMethods.LsaFreeMemory(Names);
}
foreach (GCHandle handle in HandleToFree)
{
handle.Free();
}
}
}
}
finally
{
NativeMethods.LsaClose(PolicyHandle);
}
}
