예제 #1
0
        public DPAPIBackupKey(DirectoryObject dsObject, DirectorySecretDecryptor pek)
        {
            // Parameter validation
            Validator.AssertNotNull(dsObject, "dsObject");
            Validator.AssertNotNull(pek, "pek");
            // TODO: Test Object type

            // Decrypt the secret value
            byte[] encryptedSecret;
            dsObject.ReadAttribute(CommonDirectoryAttributes.CurrentValue, out encryptedSecret);
            this.RawKeyData = pek.DecryptSecret(encryptedSecret);

            // Parse DN to get key ID or pointer type:
            this.DistinguishedName = dsObject.DistinguishedName;
            var keyName = GetSecretNameFromDN(this.DistinguishedName);

            switch(keyName)
            {
                case null:
                    // We could not parse the DN, so exit with Unknown as the key type
                    this.Type = DPAPIBackupKeyType.Unknown;
                    break;
                case PreferredRSAKeyPointerName:
                    this.Type = DPAPIBackupKeyType.PreferredRSAKeyPointer;
                    // Interpret the raw data as Guid
                    this.KeyId = new Guid(this.RawKeyData);
                    break;
                case PreferredLegacyKeyPointerName:
                    this.Type = DPAPIBackupKeyType.PreferredLegacyKeyPointer;
                    // Interpret the raw data as Guid
                    this.KeyId = new Guid(this.RawKeyData);
                    break;
                default:
                    // Actual Key, so we parse its Guid and version
                    this.KeyId = Guid.Parse(keyName);
                    int version = BitConverter.ToInt32(this.RawKeyData, KeyVersionOffset);
                    switch(version)
                    {
                        case 1:
                            this.Type = DPAPIBackupKeyType.LegacyKey;
                            // Cut the version out of the data
                            this.RawKeyData = this.RawKeyData.Cut(KeyVersionSize);
                            break;
                        case 2:
                            this.Type = DPAPIBackupKeyType.RSAKey;
                            // Combine the certificate and key into PFX and replace the original decrypted data
                            this.RawKeyData = ConvertRSASecretToPFX(this.RawKeyData);
                            break;
                    }
                    break;
            }
        }
예제 #2
0
        public DSAccount(DirectoryObject dsObject, DirectorySecretDecryptor pek)
        {
            // Parameter validation
            Validator.AssertNotNull(dsObject, "dsObject");
            if (!dsObject.IsAccount)
            {
                // TODO: Exteption type
                throw new Exception("Not an account.");
            }

            // Guid:
            this.Guid = dsObject.Guid;

            // DN:
            this.DistinguishedName = dsObject.DistinguishedName;

            // Sid:
            this.Sid = dsObject.Sid;

            // SidHistory:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);

            // DisplayName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);

            // Description
            dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);

            // GivenName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);

            // Surname:
            dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);

            // Security Descriptor:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out this.securityDescriptor);

            // AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
            dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out this.adminCount);

            // UAC:
            int?numericUac;

            dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
            this.UserAccountControl = (UserAccountControl)numericUac.Value;

            // Deleted:
            dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);

            // LastLogon:
            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);

            // UPN:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);

            // SamAccountName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);

            // SamAccountType:
            // TODO: Move to DirectoryObject?
            int?numericAccountType;

            dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
            this.SamAccountType = (SamAccountType)numericAccountType.Value;

            // PrimaryGroupId
            int?groupId;

            dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
            this.PrimaryGroupId = groupId.Value;

            if (pek == null)
            {
                // Do not continue if we do not have a decryption key
                return;
            }
            // NTHash:
            byte[] encryptedNtHash;
            dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
            if (encryptedNtHash != null)
            {
                this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
            }

            // LMHash
            byte[] encryptedLmHash;
            dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
            if (encryptedLmHash != null)
            {
                this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
            }

            // NTHashHistory:
            byte[] encryptedNtHashHistory;
            dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
            if (encryptedNtHashHistory != null)
            {
                this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
            }

            // LMHashHistory:
            byte[] encryptedLmHashHistory;
            dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
            if (encryptedLmHashHistory != null)
            {
                this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
            }

            // SupplementalCredentials:
            byte[] encryptedSupplementalCredentials;
            dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
            if (encryptedSupplementalCredentials != null)
            {
                byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
                this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
            }
        }
예제 #3
0
        protected void LoadAccountInfo(DirectoryObject dsObject)
        {
            // Guid:
            this.Guid = dsObject.Guid;

            // DN:
            this.DistinguishedName = dsObject.DistinguishedName;

            // Sid:
            this.Sid = dsObject.Sid;

            // SidHistory:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);

            // DisplayName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);

            // Description
            dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);

            // GivenName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);

            // Surname:
            dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);

            // Security Descriptor:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out this.securityDescriptor);

            // AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
            dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out this.adminCount);

            // Service Principal Name(s)
            dsObject.ReadAttribute(CommonDirectoryAttributes.ServicePrincipalName, out this.spn);

            // UAC:
            int?numericUac;

            dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
            this.UserAccountControl = (UserAccountControl)numericUac.Value;

            // Deleted:
            dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);

            // LastLogon:
            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);

            // UPN:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);

            // SamAccountName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);

            // SamAccountType:
            int?numericAccountType;

            dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
            this.SamAccountType = (SamAccountType)numericAccountType.Value;

            // PrimaryGroupId
            int?groupId;

            dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
            this.PrimaryGroupId = groupId.Value;
        }
예제 #4
0
        protected void LoadAccountInfo(DirectoryObject dsObject, string netBIOSDomainName)
        {
            // Guid:
            this.Guid = dsObject.Guid;

            // DN:
            this.DistinguishedName = dsObject.DistinguishedName;

            // Sid:
            this.Sid = dsObject.Sid;

            // SidHistory:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out SecurityIdentifier[] sidHistory);
            this.SidHistory = sidHistory;

            // DisplayName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out string displayName);
            this.DisplayName = displayName;

            // Description
            dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out string description);
            this.Description = description;

            // GivenName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out string givenName);
            this.GivenName = givenName;

            // Surname:
            dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out string surname);
            this.Surname = surname;

            // Security Descriptor:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out RawSecurityDescriptor securityDescriptor);
            this.SecurityDescriptor = securityDescriptor;

            // AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
            dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out bool adminCount);
            this.AdminCount = adminCount;

            // Service Principal Name(s)
            dsObject.ReadAttribute(CommonDirectoryAttributes.ServicePrincipalName, out string[] spn);
            this.ServicePrincipalName = spn;

            // UAC:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out int?numericUac);
            this.UserAccountControl = (UserAccountControl)numericUac.Value;

            // Deleted:
            dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out bool isDeleted);
            this.Deleted = isDeleted;

            // LastLogon:
            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out DateTime? lastLogon);
            this.LastLogon = lastLogon;

            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogonTimestamp, out DateTime? lastLogonTimestamp);
            this.LastLogonTimestamp = lastLogonTimestamp;

            // UPN:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out string upn);
            this.UserPrincipalName = upn;

            // SamAccountName + LogonName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out string samAccountName);
            this.SamAccountName = samAccountName;
            this.LogonName      = new NTAccount(netBIOSDomainName, samAccountName).Value;

            // SamAccountType:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out int?numericAccountType);
            this.SamAccountType = (SamAccountType)numericAccountType.Value;

            // PrimaryGroupId
            dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out int?groupId);
            this.PrimaryGroupId = groupId.Value;

            // SuportedEncryptionTypes
            dsObject.ReadAttribute(CommonDirectoryAttributes.SupportedEncryptionTypes, out int?numericSupportedEncryptionTypes);
            // Note: The value is store as int in the DB, but the documentation says that it is an unsigned int
            this.SupportedEncryptionTypes = (SupportedEncryptionTypes?)numericSupportedEncryptionTypes;
        }
예제 #5
0
        protected void LoadAccountInfo(DirectoryObject dsObject, string netBIOSDomainName)
        {
            // Guid:
            this.Guid = dsObject.Guid;

            // DN:
            this.DistinguishedName = dsObject.DistinguishedName;

            // Sid:
            this.Sid = dsObject.Sid;

            // SidHistory:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out SecurityIdentifier[] sidHistory);
            this.SidHistory = sidHistory;

            // DisplayName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out string displayName);
            this.DisplayName = displayName;

            // Description
            dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out string description);
            this.Description = description;

            // GivenName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out string givenName);
            this.GivenName = givenName;

            // Surname:
            dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out string surname);
            this.Surname = surname;

            // Security Descriptor:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SecurityDescriptor, out RawSecurityDescriptor securityDescriptor);
            this.SecurityDescriptor = securityDescriptor;

            // AdminCount (Although the schema defines it as Int32, it can only have values 0 and 1, so we directly convert it to bool)
            dsObject.ReadAttribute(CommonDirectoryAttributes.AdminCount, out bool adminCount);
            this.AdminCount = adminCount;

            // Service Principal Name(s)
            dsObject.ReadAttribute(CommonDirectoryAttributes.ServicePrincipalName, out string[] spn);
            this.ServicePrincipalName = spn;

            // UAC:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out int?numericUac);
            this.UserAccountControl = (UserAccountControl)numericUac.Value;

            // Deleted:
            dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out bool isDeleted);
            this.Deleted = isDeleted;

            // LastLogon:
            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out DateTime? lastLogon);
            this.LastLogon = lastLogon;

            // lastLogon is not replicated, lastLogonTimestamp is but it's not as accurate, so if we can't find lastLogon, try using lastLogonTimestamp instead
            if (null == lastLogon)
            {
                dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogonTimestamp, out DateTime? lastLogonTimestamp);
                this.LastLogon = lastLogonTimestamp;
            }

            // UPN:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out string upn);
            this.UserPrincipalName = upn;

            // SamAccountName + LogonName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out string samAccountName);
            this.SamAccountName = samAccountName;
            this.LogonName      = new NTAccount(netBIOSDomainName, samAccountName).Value;

            // SamAccountType:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out int?numericAccountType);
            this.SamAccountType = (SamAccountType)numericAccountType.Value;

            // PrimaryGroupId
            dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out int?groupId);
            this.PrimaryGroupId = groupId.Value;
        }
예제 #6
0
        public DSAccount(DirectoryObject dsObject, DirectorySecretDecryptor pek)
        {
            // Parameter validation
            Validator.AssertNotNull(dsObject, "dsObject");
            if(!dsObject.IsAccount)
            {
                // TODO: Exteption type
                throw new Exception("Not an account.");
            }

            // Guid:
            this.Guid = dsObject.Guid;

            // DN:
            this.DistinguishedName = dsObject.DistinguishedName;
            
            // Sid:
            this.Sid = dsObject.Sid;

            // SidHistory:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SIDHistory, out this.sidHistory);

            // DisplayName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.DisplayName, out this.displayName);

            // Description
            dsObject.ReadAttribute(CommonDirectoryAttributes.Description, out this.description);

            // GivenName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.GivenName, out this.givenName);

            // Surname:
            dsObject.ReadAttribute(CommonDirectoryAttributes.Surname, out this.surname);

            // Enabled:
            // TODO: Move to DirectoryObject?
            int? numericUac;
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserAccountControl, out numericUac);
            UserAccountControl uac = (UserAccountControl)numericUac.Value;
            this.Enabled = !uac.HasFlag(UserAccountControl.Disabled);

            // Deleted:
            dsObject.ReadAttribute(CommonDirectoryAttributes.IsDeleted, out this.isDeleted);
            
            // LastLogon:
            dsObject.ReadAttribute(CommonDirectoryAttributes.LastLogon, out this.lastLogon);

            // UPN:
            dsObject.ReadAttribute(CommonDirectoryAttributes.UserPrincipalName, out this.upn);

            // SamAccountName:
            dsObject.ReadAttribute(CommonDirectoryAttributes.SAMAccountName, out this.samAccountName);

            // SamAccountType:
            // TODO: Move to DirectoryObject?
            int? numericAccountType;
            dsObject.ReadAttribute(CommonDirectoryAttributes.SamAccountType, out numericAccountType);
            this.SamAccountType = (SamAccountType)numericAccountType.Value;

            // PrimaryGroupId
            int? groupId;
            dsObject.ReadAttribute(CommonDirectoryAttributes.PrimaryGroupId, out groupId);
            this.PrimaryGroupId = groupId.Value;

            if(pek == null)
            {
                // Do not continue if we do not have a decryption key
                return;
            }
            // NTHash:
            byte[] encryptedNtHash;
            dsObject.ReadAttribute(CommonDirectoryAttributes.NTHash, out encryptedNtHash);
            if(encryptedNtHash != null)
            {
                this.NTHash = pek.DecryptHash(encryptedNtHash, this.Sid.GetRid());
            }

            // LMHash
            byte[] encryptedLmHash;
            dsObject.ReadAttribute(CommonDirectoryAttributes.LMHash, out encryptedLmHash);
            if (encryptedLmHash != null)
            {
                this.LMHash = pek.DecryptHash(encryptedLmHash, this.Sid.GetRid());
            }

            // NTHashHistory:
            byte[] encryptedNtHashHistory;
            dsObject.ReadAttribute(CommonDirectoryAttributes.NTHashHistory, out encryptedNtHashHistory);
            if (encryptedNtHashHistory != null)
            {
                this.NTHashHistory = pek.DecryptHashHistory(encryptedNtHashHistory, this.Sid.GetRid());
            }

            // LMHashHistory:
            byte[] encryptedLmHashHistory;
            dsObject.ReadAttribute(CommonDirectoryAttributes.LMHashHistory, out encryptedLmHashHistory);
            if (encryptedLmHashHistory != null)
            {
                this.LMHashHistory = pek.DecryptHashHistory(encryptedLmHashHistory, this.Sid.GetRid());
            }

            // SupplementalCredentials:
            byte[] encryptedSupplementalCredentials;
            dsObject.ReadAttribute(CommonDirectoryAttributes.SupplementalCredentials, out encryptedSupplementalCredentials);
            if (encryptedSupplementalCredentials != null)
            {
                byte[] binarySupplementalCredentials = pek.DecryptSecret(encryptedSupplementalCredentials);
                this.SupplementalCredentials = new SupplementalCredentials(binarySupplementalCredentials);
            }

        }