예제 #1
0
파일: Program.cs 프로젝트: Rackme/WcfScan
        static void Main(string[] args)
        {
            Console.WriteLine(".......\nWCF NET.TCP Scan\n");
            if (args.Count() < 1)
            {
                Console.WriteLine("ERROR: Missing endpoint URL");
                DisplayUsage();
                return;
            }
            var uri = new Uri(args[0]);
            Console.WriteLine(uri);
            string userid = "";
            string password = "";
            try
            {
                userid = args[1];
                password = args[2];
            }
            catch { }
            string currentUser = "";
            try
            {
                currentUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
            }
            catch
            {
                currentUser = "******";
            }
            if (!IsValidEndpoint(uri))
            {
                DisplayUsage();
                return;
            }
            Console.WriteLine(" + Testing with generic contract as {0}", currentUser);

            foreach (var mode in Enum.GetValues(typeof(SecurityMode)).Cast<SecurityMode>())
            {
                try
                {
                    var address = new EndpointAddress(uri);
                    var binding = new NetTcpBinding(mode);
                    var service = new ChannelFactory<IDataAccess>(binding, address).CreateChannel();
                    var result = service.SomeOperation("blah");
                }
                catch (ActionNotSupportedException)
                {
                    //Contract mismatch, i.e. the binding config is ok, but wrong contract is specified, which is what we expect...
                    Console.WriteLine(" + Server accepted \"{0}\" security mode", mode);
                    if (mode == SecurityMode.None)
                    {
                        Console.WriteLine("***WARNING*** No authentication or transport encryption enabled on binding!");
                    }
                    if (mode == SecurityMode.Transport)
                    {
                        try
                        {
                            //resend without creds to verify server is authenticating:
                            var address = new EndpointAddress(uri);
                            var binding = new NetTcpBinding(mode);
                            binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
                            var factory = new ChannelFactory<IDataAccess>(binding, address);
                            var service = factory.CreateChannel();
                            var result = service.SomeOperation("blah");
                        }
                        catch (ActionNotSupportedException anse)
                        {
                            Console.WriteLine("***WARNING**** Server does not require authentication!", mode);
                            Console.WriteLine(anse.InnerException.Message);
                        }
                        catch (Exception)
                        {
                            Console.WriteLine("   * Server required credentials: {0}", currentUser);
                        }
                    }
                }
                catch (ProtocolException)
                {
                    Console.WriteLine(" - Server rejected \"{0}\" mode", mode);
                }
                catch (SecurityNegotiationException sne)
                {
                    if (sne.InnerException.InnerException != null &&
                        sne.InnerException.InnerException.Message.ToLower().Contains("target principal"))
                    {
                        Console.WriteLine(" + \"{0}\" security mode accepted, but rejected {1}: {2}", mode, currentUser, sne.InnerException.InnerException.Message);
                        try
                        {
                            if (mode == SecurityMode.Transport
                                && !string.IsNullOrWhiteSpace(userid)
                                && !string.IsNullOrWhiteSpace(password))
                            {
                                //try it again with specified creds
                                var address = new EndpointAddress(uri);
                                var binding = new NetTcpBinding(mode);
                                binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;
                                var factory = new ChannelFactory<IDataAccess>(binding, address);
                                Console.WriteLine("   * Retrying specified credentials {0}:{1}", userid, password);
                                factory.Credentials.UserName.UserName = userid;
                                factory.Credentials.UserName.UserName = password;
                                var service = factory.CreateChannel();
                                var result = service.SomeOperation("blah");
                            }
                        }
                        catch (ActionNotSupportedException anse)
                        {
                            Console.WriteLine("   * Credentials accepted in \"{0}\" security mode.", mode);
                            Console.WriteLine(anse.InnerException.Message);
                        }
                        catch (Exception)
                        {
                            Console.WriteLine("   * Credentials rejected in \"{0}\" security mode.", mode);
                        }
                    }
                    else
                    {
                        Console.WriteLine(" - Server failed to negotiate \"{0}\" mode", mode);
                    }
                }
                catch (CommunicationException)
                {
                    Console.WriteLine(" - Connection forcibly dropped in \"{0}\" mode", mode);
                }
                catch (Exception ex)
                {
                    Console.WriteLine(ex);
                }
            }
        }