C# (CSharp) SearchResultEntry.GetPropertyAsArrayOfBytes 예제들

예제 #1

파일: LDAPPropertyProcessor.cs 프로젝트: 0x13d-git/SharpHoundCommon

        /// <summary>
        /// Attempts to parse all LDAP attributes outside of the ones already collected and converts them to a human readable format using a best guess
        /// </summary>
        /// <param name="entry"></param>
        private static Dictionary <string, object> ParseAllProperties(SearchResultEntry entry)
        {
            var flag  = IsTextUnicodeFlags.IS_TEXT_UNICODE_STATISTICS;
            var props = new Dictionary <string, object>();

            foreach (var property in entry.Attributes.AttributeNames)
            {
                var propName = property.ToString().ToLower();
                if (ReservedAttributes.Contains(propName))
                {
                    continue;
                }

                var collection = entry.Attributes[propName];
                if (collection.Count == 0)
                {
                    continue;
                }

                if (collection.Count == 1)
                {
                    var testBytes = entry.GetPropertyAsBytes(propName);

                    if (testBytes == null || testBytes.Length == 0 || !IsTextUnicode(testBytes, testBytes.Length, ref flag))
                    {
                        continue;
                    }

                    var testString = entry.GetProperty(propName);

                    if (!string.IsNullOrEmpty(testString))
                    {
                        if (propName == "badpasswordtime")
                        {
                            props.Add(propName, Helpers.ConvertFileTimeToUnixEpoch(testString));
                        }
                        else
                        {
                            props.Add(propName, BestGuessConvert(testString));
                        }
                    }
                }
                else
                {
                    var arrBytes = entry.GetPropertyAsArrayOfBytes(propName);
                    if (arrBytes.Length == 0 || !IsTextUnicode(arrBytes[0], arrBytes[0].Length, ref flag))
                    {
                        continue;
                    }

                    var arr = entry.GetPropertyAsArray(propName);
                    if (arr.Length > 0)
                    {
                        props.Add(propName, arr.Select(BestGuessConvert).ToArray());
                    }
                }
            }

            return(props);
        }

예제 #2

파일: SearchResultEntryWrapper.cs 프로젝트: BloodHoundAD/SharpHoundCommon

 public byte[][] GetByteArrayProperty(string propertyName)
 {
     return(_entry.GetPropertyAsArrayOfBytes(propertyName));
 }

예제 #3

파일: LDAPPropertyProcessor.cs 프로젝트: 0x13d-git/SharpHoundCommon

        public static async Task <ComputerProperties> ReadComputerProperties(SearchResultEntry entry)
        {
            var compProps = new ComputerProperties();
            var props     = new Dictionary <string, object>();

            var  uac = entry.GetProperty("useraccountcontrol");
            bool enabled, unconstrained, trustedToAuth;

            if (int.TryParse(uac, out var flag))
            {
                var flags = (UAC.UacFlags)flag;
                enabled       = (flags & UAC.UacFlags.AccountDisable) == 0;
                unconstrained = (flags & UAC.UacFlags.TrustedForDelegation) == UAC.UacFlags.TrustedForDelegation;
                trustedToAuth = (flags & UAC.UacFlags.TrustedToAuthForDelegation) != 0;
            }
            else
            {
                unconstrained = false;
                enabled       = true;
                trustedToAuth = false;
            }

            var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName);

            var comps = new List <TypedPrincipal>();

            if (trustedToAuth)
            {
                var delegates = entry.GetPropertyAsArray("msds-allowedToDelegateTo");
                props.Add("allowedtodelegate", delegates);

                foreach (var d in delegates)
                {
                    var hname = d.Contains("/") ? d.Split('/')[1] : d;
                    hname = hname.Split(':')[0];
                    var resolvedHost = await LDAPUtils.ResolveHostToSid(hname, domain);

                    if (resolvedHost.Contains(".") || resolvedHost.Contains("S-1"))
                    {
                        comps.Add(new TypedPrincipal
                        {
                            ObjectIdentifier = resolvedHost,
                            ObjectType       = Label.Computer
                        });
                    }
                }
            }

            compProps.AllowedToDelegate = comps.ToArray();

            var allowedToActPrincipals = new List <TypedPrincipal>();
            var rawAllowedToAct        = entry.GetPropertyAsBytes("msDS-AllowedToActOnBehalfOfOtherIdentity");

            if (rawAllowedToAct != null)
            {
                var sd = new ActiveDirectorySecurity();
                sd.SetSecurityDescriptorBinaryForm(rawAllowedToAct, AccessControlSections.Access);
                foreach (ActiveDirectoryAccessRule rule in sd.GetAccessRules(true, true, typeof(SecurityIdentifier)))
                {
                    var res = LDAPUtils.ResolveIDAndType(rule.IdentityReference.Value, domain);
                    allowedToActPrincipals.Add(res);
                }
            }

            compProps.AllowedToAct = allowedToActPrincipals.ToArray();

            props.Add("enabled", enabled);
            props.Add("unconstraineddelegation", unconstrained);
            props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty("lastlogon")));
            props.Add("lastlogontimestamp", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty("lastlogontimestamp")));
            props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty("pwdlastset")));
            props.Add("serviceprincipalnames", entry.GetPropertyAsArray("serviceprincipalname"));
            var os = entry.GetProperty("operatingsystem");
            var sp = entry.GetProperty("operatingsystemservicepack");

            if (sp != null)
            {
                os = $"{os} {sp}";
            }

            props.Add("operatingsystem", os);
            props.Add("description", entry.GetProperty("description"));

            var sh                   = entry.GetPropertyAsArrayOfBytes("sidhistory");
            var sidHistoryList       = new List <string>();
            var sidHistoryPrincipals = new List <TypedPrincipal>();

            foreach (var sid in sh)
            {
                string sSid;
                try
                {
                    sSid = new SecurityIdentifier(sid, 0).Value;
                }
                catch
                {
                    continue;
                }

                var res = LDAPUtils.ResolveIDAndType(sSid, domain);

                sidHistoryPrincipals.Add(res);
            }

            compProps.SidHistory = sidHistoryPrincipals.ToArray();

            props.Add("sidhistory", sidHistoryList.ToArray());

            compProps.Props = props;

            return(compProps);
        }

예제 #4

파일: LDAPPropertyProcessor.cs 프로젝트: 0x13d-git/SharpHoundCommon

        public static async Task <UserProperties> ReadUserProperties(SearchResultEntry entry)
        {
            var userProps = new UserProperties();
            var props     = new Dictionary <string, object>
            {
                { "description", entry.GetProperty("description") }
            };

            var  uac = entry.GetProperty("useraccountcontrol");
            bool enabled, trustedToAuth, sensitive, dontReqPreAuth, passwdNotReq, unconstrained, pwdNeverExpires;

            if (int.TryParse(uac, out var flag))
            {
                var flags = (UAC.UacFlags)flag;
                enabled         = (flags & UAC.UacFlags.AccountDisable) == 0;
                trustedToAuth   = (flags & UAC.UacFlags.TrustedToAuthForDelegation) != 0;
                sensitive       = (flags & UAC.UacFlags.NotDelegated) != 0;
                dontReqPreAuth  = (flags & UAC.UacFlags.DontReqPreauth) != 0;
                passwdNotReq    = (flags & UAC.UacFlags.PasswordNotRequired) != 0;
                unconstrained   = (flags & UAC.UacFlags.TrustedForDelegation) != 0;
                pwdNeverExpires = (flags & UAC.UacFlags.DontExpirePassword) != 0;
            }
            else
            {
                trustedToAuth   = false;
                enabled         = true;
                sensitive       = false;
                dontReqPreAuth  = false;
                passwdNotReq    = false;
                unconstrained   = false;
                pwdNeverExpires = false;
            }

            props.Add("sensitive", sensitive);
            props.Add("dontreqpreauth", dontReqPreAuth);
            props.Add("passwordnotreqd", passwdNotReq);
            props.Add("unconstraineddelegation", unconstrained);
            props.Add("pwdneverexpires", pwdNeverExpires);
            props.Add("enabled", enabled);
            var domain = Helpers.DistinguishedNameToDomain(entry.DistinguishedName);

            var comps = new List <TypedPrincipal>();

            if (trustedToAuth)
            {
                var delegates = entry.GetPropertyAsArray("msds-allowedToDelegateTo");
                props.Add("allowedtodelegate", delegates);

                foreach (var d in delegates)
                {
                    var hname = d.Contains("/") ? d.Split('/')[1] : d;
                    hname = hname.Split(':')[0];
                    var resolvedHost = await LDAPUtils.ResolveHostToSid(hname, domain);

                    if (resolvedHost.Contains(".") || resolvedHost.Contains("S-1"))
                    {
                        comps.Add(new TypedPrincipal
                        {
                            ObjectIdentifier = resolvedHost,
                            ObjectType       = Label.Computer
                        });
                    }
                }
            }

            userProps.AllowedToDelegate = comps.ToArray();

            props.Add("lastlogon", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty("lastlogon")));
            props.Add("lastlogontimestamp", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty("lastlogontimestamp")));
            props.Add("pwdlastset", Helpers.ConvertFileTimeToUnixEpoch(entry.GetProperty("pwdlastset")));
            var spn = entry.GetPropertyAsArray("serviceprincipalname");

            props.Add("serviceprincipalnames", spn);
            props.Add("hasspn", spn.Length > 0);
            props.Add("displayname", entry.GetProperty("displayname"));
            props.Add("email", entry.GetProperty("mail"));
            props.Add("title", entry.GetProperty("title"));
            props.Add("homedirectory", entry.GetProperty("homedirectory"));
            props.Add("description", entry.GetProperty("description"));
            props.Add("userpassword", entry.GetProperty("userpassword"));

            var ac = entry.GetProperty("admincount");

            if (ac != null)
            {
                var a = int.Parse(ac);
                props.Add("admincount", a != 0);
            }
            else
            {
                props.Add("admincount", false);
            }

            var sh                   = entry.GetPropertyAsArrayOfBytes("sidhistory");
            var sidHistoryList       = new List <string>();
            var sidHistoryPrincipals = new List <TypedPrincipal>();

            foreach (var sid in sh)
            {
                string sSid;
                try
                {
                    sSid = new SecurityIdentifier(sid, 0).Value;
                }
                catch
                {
                    continue;
                }

                var res = LDAPUtils.ResolveIDAndType(sSid, domain);

                sidHistoryPrincipals.Add(res);
            }

            userProps.SidHistory = sidHistoryPrincipals.ToArray();

            props.Add("sidhistory", sidHistoryList.ToArray());

            userProps.Props = props;

            return(userProps);
        }