public bool NullTrustsTask()
{
return(StartTask("Null Session",
() =>
{
nrpc session = new nrpc();;
Console.WriteLine("Trusts obtained via null session");
List <TrustedDomain> domains;
int res = session.DsrEnumerateDomainTrusts(Server, 0x3F, out domains);
if (res != 0)
{
Console.WriteLine("Error " + res + " (" + new Win32Exception(res).Message + ")");
return;
}
Console.WriteLine("Success");
int i = 0;
foreach (var domain in domains)
{
Console.WriteLine("=== Trust " + i++ + "===");
Console.WriteLine("DnsDomainName: " + domain.DnsDomainName);
Console.WriteLine("NetbiosDomainName: " + domain.NetbiosDomainName);
Console.WriteLine("TrustAttributes: " + TrustAnalyzer.GetTrustAttribute(domain.TrustAttributes) + " (" + domain.TrustAttributes + ")");
Console.WriteLine("TrustType: " + TrustAnalyzer.GetTrustType(domain.TrustType) + " (" + domain.TrustType + ")");
Console.WriteLine("Flags: " + domain.Flags);
Console.WriteLine("DomainGuid: " + domain.DomainGuid);
Console.WriteLine("DomainSid: " + domain.DomainSid);
Console.WriteLine("ParentIndex: " + domain.ParentIndex);
}
}
));
}
public void Export(string filename)
{
DisplayAdvancement("Starting");
nrpc session = new nrpc();;
DisplayAdvancement("Trusts obtained via null session");
List <TrustedDomain> domains;
int res = session.DsrEnumerateDomainTrusts(Server, 0x3F, out domains);
if (res != 0)
{
DisplayAdvancement("Error " + res + " (" + new Win32Exception(res).Message + ")");
return;
}
DisplayAdvancement("Success - " + domains.Count + " trusts found");
using (StreamWriter sw = File.CreateText(filename))
{
sw.WriteLine("Trust index,DnsDomainName,NetbiosDomainName,TrustAttributes,TrustType,Flags,DomainGuid,DomainSid,ParentIndex");
int i = 0;
foreach (var domain in domains)
{
sw.WriteLine(i++ + "\t" + domain.DnsDomainName + "\t" + domain.NetbiosDomainName + "\t" +
TrustAnalyzer.GetTrustAttribute(domain.TrustAttributes) + " (" + domain.TrustAttributes + ")" + "\t" +
TrustAnalyzer.GetTrustType(domain.TrustType) + " (" + domain.TrustType + ")" + "\t" + domain.Flags + "\t" +
domain.DomainGuid + "\t" + domain.DomainSid + "\t" + domain.ParentIndex);
}
}
}
private void GenerateTrustInformation()
{
List <string> knowndomains = new List <string>();
GenerateSubSection("Discovered domains");
AddBeginTable();
AddHeaderText("Domain");
AddHeaderText("Trust Partner");
AddHeaderText("Type");
AddHeaderText("Attribut");
AddHeaderText("Direction");
AddHeaderText("SID Filtering active");
AddHeaderText("TGT Delegation");
AddHeaderText("Creation");
AddHeaderText("Is Active ?");
AddBeginTableData();
foreach (HealthcheckData data in Report)
{
if (!knowndomains.Contains(data.DomainFQDN))
{
knowndomains.Add(data.DomainFQDN);
}
data.Trusts.Sort(
(HealthCheckTrustData a, HealthCheckTrustData b)
=>
{
return(String.Compare(a.TrustPartner, b.TrustPartner));
}
);
foreach (HealthCheckTrustData trust in data.Trusts)
{
if (!knowndomains.Contains(trust.TrustPartner))
{
knowndomains.Add(trust.TrustPartner);
}
AddBeginRow();
AddPrintDomain(data.Domain);
AddPrintDomain(trust.Domain);
AddCellText(TrustAnalyzer.GetTrustType(trust.TrustType));
AddCellText(TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes));
AddCellText(TrustAnalyzer.GetTrustDirection(trust.TrustDirection));
AddCellText(TrustAnalyzer.GetSIDFiltering(trust));
AddCellText(TrustAnalyzer.GetTGTDelegation(trust));
AddCellDate(trust.CreationDate);
AddCellText(trust.IsActive.ToString());
AddEndRow();
}
}
AddEndTable();
GenerateSubSection("Other discovered domains");
AddBeginTable();
AddHeaderText("From");
AddHeaderText("Reachable domain");
AddHeaderText("Discovered using");
AddHeaderText("Netbios");
AddHeaderText("Creation date");
AddBeginTableData();
foreach (HealthcheckData data in Report)
{
foreach (HealthCheckTrustData trust in data.Trusts)
{
if (trust.KnownDomains == null)
{
continue;
}
trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b)
=>
{
return(String.Compare(a.DnsName, b.DnsName));
}
);
foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
{
if (knowndomains.Contains(di.DnsName))
{
continue;
}
knowndomains.Add(di.DnsName);
AddBeginRow();
AddPrintDomain(data.Domain);
AddCellText(di.DnsName);
AddCellText(trust.TrustPartner);
AddCellText(di.NetbiosName);
AddCellDate(di.CreationDate);
AddEndRow();
}
}
}
foreach (HealthcheckData data in Report)
{
if (data.ReachableDomains != null)
{
foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
{
if (knowndomains.Contains(di.DnsName))
{
continue;
}
knowndomains.Add(di.DnsName);
AddBeginRow();
AddPrintDomain(data.Domain);
AddCellText(di.DnsName);
AddCellText("Unknown");
AddCellText(di.NetbiosName);
AddCellText("Unknown");
AddEndRow();
}
}
}
AddEndTable();
// prepare a SID map to locate unknown account
SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>();
GenerateSubSection("SID Map");
AddBeginTable();
AddHeaderText("Domain");
AddHeaderText("Domain SID");
AddBeginTableData();
foreach (HealthcheckData data in Report)
{
if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid))
{
sidmap.Add(data.DomainFQDN, data.DomainSid);
}
foreach (HealthCheckTrustData trust in data.Trusts)
{
if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID))
{
sidmap.Add(trust.TrustPartner, trust.SID);
}
foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
{
if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
{
sidmap.Add(di.DnsName, di.Sid);
}
}
}
}
foreach (HealthcheckData data in Report)
{
if (data.ReachableDomains != null)
{
foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
{
if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
{
sidmap.Add(di.DnsName, di.Sid);
}
}
}
}
foreach (string domain in sidmap.Keys)
{
AddBeginRow();
AddCellText(domain);
AddCellText(sidmap[domain]);
AddEndRow();
}
AddEndTable();
}
public bool AnalysisTask <T>(string server) where T : IPingCastleReport
{
Trace.WriteLine("Working on " + server);
if (server == "*" && InteractiveMode)
{
Trace.WriteLine("Setting reachable domains to on because interactive + server = *");
AnalyzeReachableDomains = true;
}
if (server.Contains("*"))
{
List <string> domains = GetListOfDomainToExploreFromGenericName(server);
int i = 1;
foreach (var domain in domains)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("");
string display = "Starting the report for " + domain + " (" + i++ + "/" + domains.Count + ")";
Console.WriteLine(display);
Console.WriteLine(new String('=', display.Length));
Console.ResetColor();
PerformTheAnalysis <T>(domain);
}
}
else
{
var data = PerformTheAnalysis <T>(server);
var hcData = data as HealthcheckData;
// do additional exploration based on trust results ?
if (hcData != null && (ExploreTerminalDomains || ExploreForestTrust))
{
if (hcData.Trusts != null)
{
List <string> domainToExamine = new List <string>();
foreach (var trust in hcData.Trusts)
{
string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes);
string direction = TrustAnalyzer.GetTrustDirection(trust.TrustDirection);
if (direction.Contains("Inbound") || direction.Contains("Disabled"))
{
continue;
}
if (attributes.Contains("Intra-Forest"))
{
continue;
}
// explore forest trust only if explore forest trust is set
if (attributes.Contains("Forest Trust"))
{
if (ExploreForestTrust)
{
if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
{
domainToExamine.Add(trust.TrustPartner);
}
if (trust.KnownDomains != null)
{
foreach (var di in trust.KnownDomains)
{
if (!ShouldTheDomainBeNotExplored(di.DnsName))
{
domainToExamine.Add(di.DnsName);
}
}
}
}
}
else
{
if (ExploreTerminalDomains)
{
if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
{
domainToExamine.Add(trust.TrustPartner);
}
}
}
}
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("List of domains that will be queried");
Console.ResetColor();
foreach (var domain in domainToExamine)
{
Console.WriteLine(domain);
}
foreach (string domain in domainToExamine)
{
PerformTheAnalysis <T>(domain);
}
}
}
return(hcData != null);
}
return(true);
}
private void GenerateTrustInformation()
{
List <string> knowndomains = new List <string>();
GenerateSubSection("Discovered domains");
Add(@"
<div class=""row"">
<div class=""col-md-12 table-responsive"">
<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
<thead><tr>
<th>Domain</th>
<th>Trust Partner</th>
<th>Type</th>
<th>Attribut</th>
<th>Direction</th>
<th>SID Filtering active</th>
<th>Creation</th>
<th>Is Active ?</th>
</tr>
</thead>
<tbody>
");
foreach (HealthcheckData data in Report)
{
if (!knowndomains.Contains(data.DomainFQDN))
{
knowndomains.Add(data.DomainFQDN);
}
data.Trusts.Sort(
(HealthCheckTrustData a, HealthCheckTrustData b)
=>
{
return(String.Compare(a.TrustPartner, b.TrustPartner));
}
);
foreach (HealthCheckTrustData trust in data.Trusts)
{
if (!knowndomains.Contains(trust.TrustPartner))
{
knowndomains.Add(trust.TrustPartner);
}
Add(@"
<tr>
<td class='text'>" + PrintDomain(data.Domain) + @"</td>
<td class='text'>" + PrintDomain(trust.Domain) + @"</td>
<td class='text'>" + TrustAnalyzer.GetTrustType(trust.TrustType) + @"</td>
<td class='text'>" + TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes) + @"</td>
<td class='text'>" + TrustAnalyzer.GetTrustDirection(trust.TrustDirection) + @"</td>
<td class='text'>" + TrustAnalyzer.GetSIDFiltering(trust) + @"</td>
<td class='text'>" + trust.CreationDate.ToString("u") + @"</td>
<td class='text'>" + trust.IsActive + @"</td>
</tr>
");
}
}
Add(@"
</tbody>
</table>
</div>
</div>
");
GenerateSubSection("Other discovered domains");
Add(@"
<div class=""row"">
<div class=""col-md-12 table-responsive"">
<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
<thead><tr>
<th>From</th>
<th>Reachable domain</th>
<th>Via</th>
<th>Netbios</th>
<th>Creation date</th>
</tr>
</thead>
<tbody>
");
foreach (HealthcheckData data in Report)
{
foreach (HealthCheckTrustData trust in data.Trusts)
{
if (trust.KnownDomains == null)
{
continue;
}
trust.KnownDomains.Sort((HealthCheckTrustDomainInfoData a, HealthCheckTrustDomainInfoData b)
=>
{
return(String.Compare(a.DnsName, b.DnsName));
}
);
foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
{
if (knowndomains.Contains(di.DnsName))
{
continue;
}
knowndomains.Add(di.DnsName);
Add(@"
<tr>
<td class='text'>" );
Add(PrintDomain(data.Domain));
Add(@"</td>
<td class='text'>" );
AddEncoded(di.DnsName);
Add(@"</td>
<td class='text'>" );
AddEncoded(trust.TrustPartner);
Add(@"</td>
<td class='text'>" );
AddEncoded(di.NetbiosName);
Add(@"</td>
<td class='text'>" );
Add(di.CreationDate);
Add(@"</td>
</tr>
");
}
}
}
foreach (HealthcheckData data in Report)
{
if (data.ReachableDomains != null)
{
foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
{
if (knowndomains.Contains(di.DnsName))
{
continue;
}
knowndomains.Add(di.DnsName);
Add(@"
<tr>
<td class='text'>" );
Add(PrintDomain(data.Domain));
Add(@"</td>
<td class='text'>" );
AddEncoded(di.DnsName);
Add(@"</td>
<td class='text'>Unknown</td>
<td class='text'>" );
AddEncoded(di.NetbiosName);
Add(@"</td>
<td class='text'>Unknown</td>
</tr>
");
}
}
}
Add(@"
</tbody>
</table>
</div>
</div>
");
// prepare a SID map to locate unknown account
SortedDictionary <string, string> sidmap = new SortedDictionary <string, string>();
GenerateSubSection("SID Map");
Add(@"
<div class=""row"">
<div class=""col-md-12 table-responsive"">
<table class=""table table-striped table-bordered sortable-theme-bootstrap"" data-sortable="""">
<thead><tr>
<th>Domain</th>
<th>Domain SID</th>
</tr>
</thead>
<tbody>
");
foreach (HealthcheckData data in Report)
{
if (!sidmap.ContainsKey(data.DomainFQDN) && !String.IsNullOrEmpty(data.DomainSid))
{
sidmap.Add(data.DomainFQDN, data.DomainSid);
}
foreach (HealthCheckTrustData trust in data.Trusts)
{
if (!sidmap.ContainsKey(trust.TrustPartner) && !String.IsNullOrEmpty(trust.SID))
{
sidmap.Add(trust.TrustPartner, trust.SID);
}
foreach (HealthCheckTrustDomainInfoData di in trust.KnownDomains)
{
if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
{
sidmap.Add(di.DnsName, di.Sid);
}
}
}
}
foreach (HealthcheckData data in Report)
{
if (data.ReachableDomains != null)
{
foreach (HealthCheckTrustDomainInfoData di in data.ReachableDomains)
{
if (!sidmap.ContainsKey(di.DnsName) && !String.IsNullOrEmpty(di.Sid))
{
sidmap.Add(di.DnsName, di.Sid);
}
}
}
}
foreach (string domain in sidmap.Keys)
{
Add(@"
<tr>
<td class='text'>" );
AddEncoded(domain);
Add(@"</td>
<td class='text'>" );
Add(sidmap[domain]);
Add(@"</td>
</tr>
");
}
Add(@"
</tbody>
</table>
</div>
</div>
");
}
public bool HeatlthCheckTask(string server, Dictionary <string, string> xmlreports, Dictionary <string, string> htmlreports)
{
Trace.WriteLine("Working on " + server);
if (server == "*" && InteractiveMode)
{
Trace.WriteLine("Setting reachable domains to on because interactive + server = *");
AnalyzeReachableDomains = true;
}
if (server.Contains("*"))
{
List <HealthcheckAnalyzer.ReachableDomainInfo> domains = null;
StartTask("Exploration",
() =>
{
HealthcheckAnalyzer hcroot = new HealthcheckAnalyzer();
domains = hcroot.GetAllReachableDomains(ADWSPort, Credential);
List <HealthcheckAnalyzer.ReachableDomainInfo> domainsfiltered = new List <HealthcheckAnalyzer.ReachableDomainInfo>();
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("List of domains that will be queried");
Console.ResetColor();
foreach (var domain in domains)
{
if (compareStringWithWildcard(server, domain.domain) && !ShouldTheDomainBeNotExplored(domain.domain))
{
domainsfiltered.Add(domain);
Console.WriteLine(domain.domain);
}
}
domains = domainsfiltered;
});
int i = 1;
foreach (var domain in domains)
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("");
string display = "Starting the report for " + domain.domain + " (" + i++ + "/" + domains.Count + ")";
Console.WriteLine(display);
Console.WriteLine(new String('=', display.Length));
Console.ResetColor();
HealthcheckData hcData;
HealthcheckSubTask(domain.domain, xmlreports, htmlreports, AnalyzeReachableDomains, out hcData);
}
}
else
{
HealthcheckData hcData;
bool output = HealthcheckSubTask(server, xmlreports, htmlreports, AnalyzeReachableDomains, out hcData);
// do additional exploration based on trust results ?
if (output && (ExploreTerminalDomains || ExploreForestTrust))
{
if (hcData.Trusts != null)
{
List <string> domainToExamine = new List <string>();
foreach (var trust in hcData.Trusts)
{
string attributes = TrustAnalyzer.GetTrustAttribute(trust.TrustAttributes);
string direction = TrustAnalyzer.GetTrustDirection(trust.TrustDirection);
if (direction.Contains("Inbound") || direction.Contains("Disabled"))
{
continue;
}
if (attributes.Contains("Intra-Forest"))
{
continue;
}
// explore forest trust only if explore forest trust is set
if (attributes.Contains("Forest Trust"))
{
if (ExploreForestTrust)
{
if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
{
domainToExamine.Add(trust.TrustPartner);
}
if (trust.KnownDomains != null)
{
foreach (var di in trust.KnownDomains)
{
if (!ShouldTheDomainBeNotExplored(di.DnsName))
{
domainToExamine.Add(di.DnsName);
}
}
}
}
}
else
{
if (ExploreTerminalDomains)
{
if (!ShouldTheDomainBeNotExplored(trust.TrustPartner))
{
domainToExamine.Add(trust.TrustPartner);
}
}
}
}
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("List of domains that will be queried");
Console.ResetColor();
foreach (var domain in domainToExamine)
{
Console.WriteLine(domain);
}
foreach (string domain in domainToExamine)
{
HealthcheckData hcDataTemp;
HealthcheckSubTask(domain, xmlreports, htmlreports, AnalyzeReachableDomains, out hcDataTemp);
}
}
}
return(output);
}
return(true);
}
