protected override void BeginProcessing()
{
// TODO: Debug output
// TODO: Exception handling
//this.WriteDebug("Opening the Active Directory database.");
NetworkCredential netCredential = null;
if (this.Credential != null)
{
// Convert PSCredential to NetworkCredential
netCredential = this.Credential.GetNetworkCredential();
}
this.ReplicationClient = new DirectoryReplicationClient(this.Server, this.Protocol, netCredential);
//try
//{
//}
//catch(SessionStateException ex)
//{
// // This may be DriveNotFoundException, ItemNotFoundException, ProviderNotFoundException, etc.
// // Terminate on this error:
// this.ThrowTerminatingError(new ErrorRecord(ex.ErrorRecord, ex));
//}
//catch (Exception ex)
//{
// ErrorRecord error = new ErrorRecord(ex, "DBContextError", ErrorCategory.OpenError, null);
// // Terminate on this error:
// this.ThrowTerminatingError(error);
//}
}
private bool createConnection()
{
nameContext = "";
dRep = null;
string server = currDc.Name.Split('.')[0];
string fullPath = currDc.GetDirectoryEntry().Path.ToString();
foreach (string token in fullPath.Split(','))
{
if (token.ToLower().Contains("dc="))
{
nameContext += token + ",";
}
}
nameContext = nameContext.Remove(nameContext.Length - 1);
MessageBox.Show(nameContext + " " + server);
try
{
dRep = new DirectoryReplicationClient(server, RpcProtocol.TCP, null);
}
catch (Exception ex)
{
MessageBox.Show("Error creating replication connection\n\n" + ex.ToString());
return(false);
}
MessageBox.Show("Created connection to : " + server + "\nwith NameContext : " + nameContext);
return(true);
}
/// <summary>
/// This method is used to get the password hash of the ad user
/// </summary>
/// <param name="distinguishedName">distinguished name of the user</param>
/// <param name="userName">User name</param>
/// <param name="password">Password</param>
/// <param name="domain">domain name</param>
/// <param name="serverName">server name</param>
/// <returns>string that represents the password hash of the ad user</returns>
static string GetPasswordHash(string distinguishedName, string userName, string password, string domain, string serverName)
{
try
{
if (string.IsNullOrEmpty(serverName))
{
serverName = System.Net.Dns.GetHostEntry(System.Net.Dns.GetHostName()).HostName;
}
System.Net.NetworkCredential domainCredential = null;
if (!string.IsNullOrEmpty(userName))
{
domainCredential = new System.Net.NetworkCredential(userName, password, domain);
}
//Create client connection to the AD server.
DirectoryReplicationClient client = new DirectoryReplicationClient(serverName, RpcProtocol.TCP, domainCredential);
// Get the account based on the distinguished name.
DSAccount acc = client.GetAccount(distinguishedName);
// Hash
byte[] hash = acc.NTHash;
return(hash.ToHex());
}
catch (Exception ex)
{
new ExceptionHandler("Distinguished Name - " + distinguishedName + Environment.NewLine + "Error Message - " + ex.Message);
return("");
}
}
protected virtual void Dispose(bool disposing)
{
if (disposing && this.ReplicationClient != null)
{
this.ReplicationClient.Dispose();
this.ReplicationClient = null;
}
}
protected override void BeginProcessing()
{
NetworkCredential netCredential = null;
if (this.Credential != null)
{
// Convert PSCredential to NetworkCredential
netCredential = this.Credential.GetNetworkCredential();
}
this.ReplicationClient = new DirectoryReplicationClient(this.Server, this.Protocol, netCredential);
}
public PasswordAuditHelper(string saveFile, string passwordList, DomainController currDc)
{
this.saveFile = saveFile;
this.passwordList = passwordList;
this.currDc = currDc;
this.dRep = null;
this.nameContext = "";
accs = null;
findingNames = new List <string>();
findingNames.Add("Password Never Expires");
findingNames.Add("Only DES Kerberos Encryption Used");
findingNames.Add("Admin Account can be Delegated");
findingNames.Add("Password not Required");
findingNames.Add("Pre-authentication not Required");
findingNames.Add("Password Stored in Cleartext");
findingNames.Add("Account is Missing AES Kerberos Keys");
findingNames.Add("Account has LM Hash");
findingNames.Add("Account has no Password");
findingNames.Add("Account has an Empty Password");
}
static List <EnvironmentRecord> AcquireRecords(string domain_name, string naming_context)
{
List <EnvironmentRecord> records = new List <EnvironmentRecord>();
try
{
string server = FindDomainController(domain_name);
if (server == null)
{
Console.WriteLine("Could not find a domain controller with the given parameters.");
}
else
{
Console.WriteLine("Found domain controller: " + server);
using (var client = new DirectoryReplicationClient(server, RpcProtocol.TCP))
{
Console.WriteLine("Attempting to query Active Directory records...\n");
foreach (var account in client.GetAccounts(naming_context, null))
{
if (account.SamAccountType == DSInternals.Common.Data.SamAccountType.User && account.NTHash != null)
{
records.Add(new EnvironmentRecord(new AccountData(account.Guid), account.SamAccountName,
new PasswordData(account.NTHash, account.LMHash),
new RecordData(account.Enabled, account.Deleted, DateTime.Now)));
}
}
}
}
}
catch (Exception e)
{
Console.WriteLine("Exception: " + e.Message);
}
return(records);
}
protected override void BeginProcessing()
{
Global.OpenExistingDefaultOrThrow();
base.BeginProcessing();
this.client = new DirectoryReplicationClient(this.Server ?? Environment.GetEnvironmentVariable("UserDNSDomain"), RpcProtocol.TCP, this.Credential?.GetNetworkCredential());
}
