C# (CSharp) Gpo примеры использования

Язык программирования: C# (CSharp)

Класс/Тип: Gpo

Примеров на hotexamples.com: 8

C# (CSharp) Gpo - 8 примеров найдено. Это лучшие примеры C# (CSharp) кода для Gpo, полученные из open source проектов. Вы можете ставить оценку каждому примеру, чтобы помочь нам улучшить качество примеров.

Основные методы

Показать Скрыть

GenerateReport(2)

NotIdentified(1)

Пример #1

Показать файл

        private static List <Gpo> GetAllRsopGpos(JObject rsop)
        {
            var jsonGpos = rsop["Rsop"]["ComputerResults"]["GPO"];
            var gpos     = new List <Gpo>();

            var serializerSettings = new JsonSerializerSettings {
                NullValueHandling = NullValueHandling.Ignore
            };

            try
            {
                gpos = JsonConvert.DeserializeObject <List <Gpo> >(jsonGpos.ToString(), serializerSettings);
            }
            catch
            {
                var setting      = new Gpo();
                var undefinedGpo = setting.NotIdentified();
                gpos.Add(undefinedGpo);
            }

            return(gpos);
        }

Пример #2

Показать файл

Файл: EnumerationRunner.cs Проект: munsy/SharpHound

        private Task StartRunner(BlockingCollection <Wrapper <SearchResultEntry> > processQueue,
                                 BlockingCollection <Wrapper <JsonBase> > output)
        {
            return(Task.Factory.StartNew(() =>
            {
                foreach (var wrapper in processQueue.GetConsumingEnumerable())
                {
                    var entry = wrapper.Item;
                    var resolved = entry.ResolveAdEntry();

                    if (resolved == null)
                    {
                        Interlocked.Increment(ref _currentCount);
                        wrapper.Item = null;
                        continue;
                    }

                    var sid = entry.GetSid();
                    var domain = Utils.ConvertDnToDomain(entry.DistinguishedName).ToUpper();
                    var domainSid = _utils.GetDomainSid(domain);

                    if (resolved.ObjectType == "user")
                    {
                        var obj = new User
                        {
                            Name = resolved.BloodHoundDisplay
                        };

                        obj.Properties.Add("domain", domain);
                        obj.Properties.Add("objectsid", sid);
                        obj.Properties.Add("highvalue", false);

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "group")
                    {
                        var obj = new Group
                        {
                            Name = resolved.BloodHoundDisplay
                        };

                        if (sid.EndsWith("-512") || sid.EndsWith("-516") || sid.EndsWith("-519") ||
                            sid.EndsWith("-520") || sid.Equals("S-1-5-32-544") || sid.Equals("S-1-5-32-550") ||
                            sid.Equals("S-1-5-32-549") || sid.Equals("S-1-5-32-551") || sid.Equals("S-1-5-32-548"))
                        {
                            obj.Properties.Add("highvalue", true);
                        }
                        else
                        {
                            obj.Properties.Add("highvalue", false);
                        }

                        obj.Properties.Add("domain", domain);
                        obj.Properties.Add("objectsid", sid);

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "computer")
                    {
                        var obj = new Computer
                        {
                            Name = resolved.BloodHoundDisplay,
                            LocalAdmins = new LocalMember[] {},
                            RemoteDesktopUsers = new LocalMember[] {}
                        };

                        obj.Properties.Add("objectsid", sid);
                        obj.Properties.Add("highvalue", false);
                        obj.Properties.Add("domain", domain);


                        if (Utils.IsMethodSet(ResolvedCollectionMethod.Group))
                        {
                            if (entry.DistinguishedName.ToLower().Contains("domain controllers"))
                            {
                                _entDcs.Enqueue(new GroupMember
                                {
                                    MemberName = resolved.BloodHoundDisplay,
                                    MemberType = "computer"
                                });
                            }
                        }

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        if (!_utils.PingHost(resolved.BloodHoundDisplay))
                        {
                            Interlocked.Increment(ref _noPing);
                        }
                        else
                        {
                            var timeout = false;
                            try
                            {
                                obj.LocalAdmins = LocalGroupHelpers
                                                  .GetGroupMembers(resolved, LocalGroupHelpers.LocalGroupRids.Administrators)
                                                  .ToArray();
                            }
                            catch (TimeoutException)
                            {
                                timeout = true;
                            }

                            try
                            {
                                obj.RemoteDesktopUsers = LocalGroupHelpers.GetGroupMembers(resolved,
                                                                                           LocalGroupHelpers.LocalGroupRids.RemoteDesktopUsers).ToArray();
                            }
                            catch (TimeoutException)
                            {
                                timeout = true;
                            }

                            try
                            {
                                obj.DcomUsers = LocalGroupHelpers.GetGroupMembers(resolved,
                                                                                  LocalGroupHelpers.LocalGroupRids.DcomUsers).ToArray();
                            }
                            catch (TimeoutException)
                            {
                                timeout = true;
                            }

                            try
                            {
                                foreach (var s in SessionHelpers.GetNetSessions(resolved, domain))
                                {
                                    output.Add(new Wrapper <JsonBase>
                                    {
                                        Item = s
                                    });
                                }
                            }
                            catch (TimeoutException)
                            {
                                timeout = true;
                            }

                            try
                            {
                                foreach (var s in SessionHelpers.DoLoggedOnCollection(resolved, domain))
                                {
                                    output.Add(new Wrapper <JsonBase>
                                    {
                                        Item = s
                                    });
                                }
                            }
                            catch (TimeoutException)
                            {
                                timeout = true;
                            }

                            if (timeout)
                            {
                                Interlocked.Increment(ref _timeouts);
                            }
                        }

                        if (!_options.SessionLoopRunning)
                        {
                            output.Add(new Wrapper <JsonBase>
                            {
                                Item = obj
                            });
                        }
                    }
                    else if (resolved.ObjectType == "domain")
                    {
                        var obj = new Domain
                        {
                            Name = resolved.BloodHoundDisplay
                        };

                        obj.Properties.Add("objectsid", sid);
                        obj.Properties.Add("highvalue", true);

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);
                        ContainerHelpers.ResolveContainer(entry, resolved, ref obj);
                        TrustHelpers.DoTrustEnumeration(resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "gpo")
                    {
                        var obj = new Gpo
                        {
                            Name = resolved.BloodHoundDisplay,
                            Guid = entry.GetProp("name").Replace("{", "").Replace("}", "")
                        };

                        obj.Properties.Add("highvalue", false);

                        AclHelpers.GetObjectAces(entry, resolved, ref obj);
                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);

                        foreach (var a in LocalGroupHelpers.GetGpoMembers(entry, domain))
                        {
                            output.Add(new Wrapper <JsonBase>
                            {
                                Item = a
                            });
                        }

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "ou")
                    {
                        var obj = new Ou
                        {
                            Guid = new Guid(entry.GetPropBytes("objectguid")).ToString().ToUpper()
                        };

                        obj.Properties.Add("name", resolved.BloodHoundDisplay);
                        obj.Properties.Add("highvalue", false);

                        ContainerHelpers.ResolveContainer(entry, resolved, ref obj);
                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }

                    Interlocked.Increment(ref _currentCount);
                    wrapper.Item = null;
                }
            }, TaskCreationOptions.LongRunning));
        }

Пример #3

Показать файл

Файл: EnumerationRunner.cs Проект: munsy/SharpHound

        internal void StartStealthEnumeration()
        {
            var output = new BlockingCollection <Wrapper <JsonBase> >();
            var writer = StartOutputWriter(output);

            foreach (var domainName in _utils.GetDomainList())
            {
                Extensions.SetPrimaryDomain(domainName);

                _currentCount = 0;
                _timeouts     = 0;
                _noPing       = 0;
                _watch        = Stopwatch.StartNew();

                Console.WriteLine($"Starting Stealth Enumeration for {domainName}");
                _statusTimer.Start();

                var domainSid = _utils.GetDomainSid(domainName);
                var res       = _options.ResolvedCollMethods;
                var data      = LdapFilter.BuildLdapData(res, _options.ExcludeDC, _options.LdapFilter);

                ContainerHelpers.BuildGpoCache(domainName);

                foreach (var entry in _utils.DoSearch(data.Filter, SearchScope.Subtree, data.Properties, domainName))
                {
                    var resolved = entry.ResolveAdEntry();
                    _currentCount++;
                    if (resolved == null)
                    {
                        continue;
                    }

                    Console.WriteLine(resolved.BloodHoundDisplay);
                    Console.WriteLine(resolved.ObjectType);
                    var domain = Utils.ConvertDnToDomain(entry.DistinguishedName);
                    var sid    = entry.GetSid();

                    if (resolved.ObjectType == "user")
                    {
                        var obj = new User
                        {
                            Name = resolved.BloodHoundDisplay
                        };

                        obj.Properties.Add("domain", domain);
                        obj.Properties.Add("objectsid", sid);
                        obj.Properties.Add("highvalue", false);

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "group")
                    {
                        var obj = new Group
                        {
                            Name = resolved.BloodHoundDisplay
                        };

                        obj.Properties.Add("domain", domain);
                        obj.Properties.Add("objectsid", sid);

                        if (sid.EndsWith("-512") || sid.EndsWith("-516") || sid.EndsWith("-519") ||
                            sid.EndsWith("-520") || sid.Equals("S-1-5-32-544") || sid.Equals("S-1-5-32-550") ||
                            sid.Equals("S-1-5-32-549") || sid.Equals("S-1-5-32-551") || sid.Equals("S-1-5-32-548"))
                        {
                            obj.Properties.Add("highvalue", true);
                        }
                        else
                        {
                            obj.Properties.Add("highvalue", false);
                        }

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "computer")
                    {
                        var obj = new Computer
                        {
                            Name = resolved.BloodHoundDisplay,
                        };

                        obj.Properties.Add("domain", domain);
                        obj.Properties.Add("objectsid", sid);
                        obj.Properties.Add("highvalue", false);

                        if (entry.DistinguishedName.ToLower().Contains("domain controllers"))
                        {
                            _entDcs.Enqueue(new GroupMember
                            {
                                MemberType = "computer",
                                MemberName = resolved.BloodHoundDisplay
                            });
                        }

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        GroupHelpers.GetGroupInfo(entry, resolved, domainSid, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "domain")
                    {
                        var obj = new Domain
                        {
                            Name = resolved.BloodHoundDisplay,
                        };

                        obj.Properties.Add("objectsid", sid);
                        obj.Properties.Add("highvalue", true);

                        ObjectPropertyHelpers.GetProps(entry, resolved, ref obj);
                        AclHelpers.GetObjectAces(entry, resolved, ref obj);
                        ContainerHelpers.ResolveContainer(entry, resolved, ref obj);
                        TrustHelpers.DoTrustEnumeration(resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "gpo")
                    {
                        var obj = new Gpo
                        {
                            Name = resolved.BloodHoundDisplay,
                            Guid = entry.GetProp("name").Replace("{", "").Replace("}", "")
                        };

                        obj.Properties.Add("highvalue", false);

                        AclHelpers.GetObjectAces(entry, resolved, ref obj);

                        foreach (var a in LocalGroupHelpers.GetGpoMembers(entry, domain))
                        {
                            output.Add(new Wrapper <JsonBase>
                            {
                                Item = a
                            });
                        }

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                    else if (resolved.ObjectType == "ou")
                    {
                        var obj = new Ou
                        {
                            Guid = new Guid(entry.GetPropBytes("objectguid")).ToString().ToUpper()
                        };

                        obj.Properties.Add("name", resolved.BloodHoundDisplay);
                        obj.Properties.Add("highvalue", false);

                        ContainerHelpers.ResolveContainer(entry, resolved, ref obj);

                        output.Add(new Wrapper <JsonBase>
                        {
                            Item = obj
                        });
                    }
                }

                if (Utils.IsMethodSet(ResolvedCollectionMethod.Session))
                {
                    Console.WriteLine("Doing stealth session enumeration");
                    foreach (var target in SessionHelpers.CollectStealthTargets(domainName))
                    {
                        if (!_utils.PingHost(target.BloodHoundDisplay))
                        {
                            _noPing++;
                            continue;
                        }

                        try
                        {
                            foreach (var session in SessionHelpers.GetNetSessions(target, domainName))
                            {
                                output.Add(new Wrapper <JsonBase>
                                {
                                    Item = session
                                });
                            }
                        }
                        catch (TimeoutException)
                        {
                            _timeouts++;
                        }
                    }
                }

                if (_entDcs.Count > 0)
                {
                    var dObj = _utils.GetForest(domainName);
                    var d    = dObj == null ? domainName : dObj.RootDomain.Name;
                    var n    = $"ENTERPRISE DOMAIN CONTROLLERS@{d}";
                    var obj  = new Group
                    {
                        Name    = n,
                        Members = _entDcs.ToArray()
                    };

                    obj.Properties.Add("domain", d);
                    obj.Properties.Add("objectsid", "S-1-5-9");
                    obj.Properties.Add("highvalue", true);

                    output.Add(new Wrapper <JsonBase>
                    {
                        Item = obj
                    });
                }


                PrintStatus();
                _statusTimer.Stop();

                Console.WriteLine($"Finished stealth enumeration for {domainName} in {_watch.Elapsed}");
                Console.WriteLine($"{_noPing} hosts failed ping. {_timeouts} hosts timedout.");
            }
            output.CompleteAdding();
            Utils.Verbose("Waiting for writer thread to finish");
            writer.Wait();
        }

Пример #4

Показать файл

Файл: ACLHelpers.cs Проект: leechristensen/SharpHound

        public static void GetObjectAces(SearchResultEntry entry, ResolvedEntry resolved, ref Gpo obj)
        {
            if (!Utils.IsMethodSet(ResolvedCollectionMethod.ACL))
            {
                return;
            }

            var aces = new List <ACL>();
            var ntSecurityDescriptor = entry.GetPropBytes("ntsecuritydescriptor");

            //If the ntsecuritydescriptor is null, no point in continuing
            //I'm still not entirely sure what causes this, but it can happen
            if (ntSecurityDescriptor == null)
            {
                return;
            }

            var domainName = Utils.ConvertDnToDomain(entry.DistinguishedName);

            var newDescriptor = new ActiveDirectorySecurity();

            newDescriptor.SetSecurityDescriptorBinaryForm(ntSecurityDescriptor);
            var owner = GetAclOwner(newDescriptor, domainName);

            if (owner != null)
            {
                aces.Add(new ACL
                {
                    AceType       = "",
                    RightName     = "Owner",
                    PrincipalName = owner.PrincipalName,
                    PrincipalType = owner.ObjectType
                });
            }


            foreach (ActiveDirectoryAccessRule ace in newDescriptor.GetAccessRules(true, true, typeof(SecurityIdentifier)))
            {
                //Ignore null aces
                if (ace == null)
                {
                    continue;
                }

                //Ignore Deny aces
                if (!ace.AccessControlType.Equals(AccessControlType.Allow))
                {
                    continue;
                }

                //Resolve the principal in the ACE
                var principal = GetAcePrincipal(ace, domainName);

                //If its null, we don't care so move on
                if (principal == null)
                {
                    continue;
                }

                //Check if our ACE applies through inheritance rules
                if (!CheckAceInheritanceRules(ace, resolved.ObjectType))
                {
                    continue;
                }

                //Interesting GPO ACEs - GenericAll, WriteDacl, WriteOwner
                var rights        = ace.ActiveDirectoryRights;
                var objectAceType = ace.ObjectType.ToString();

                if (rights.HasFlag(ActiveDirectoryRights.GenericAll))
                {
                    if (objectAceType == AllGuid || objectAceType == "")
                    {
                        aces.Add(new ACL
                        {
                            AceType       = "",
                            RightName     = "GenericAll",
                            PrincipalName = principal.PrincipalName,
                            PrincipalType = principal.ObjectType
                        });
                    }
                    //GenericAll includes every other flag, so continue here so we don't duplicate privs
                    continue;
                }

                if (rights.HasFlag(ActiveDirectoryRights.WriteDacl))
                {
                    aces.Add(new ACL
                    {
                        AceType       = "",
                        RightName     = "WriteDacl",
                        PrincipalName = principal.PrincipalName,
                        PrincipalType = principal.ObjectType
                    });
                }

                if (rights.HasFlag(ActiveDirectoryRights.WriteOwner))
                {
                    aces.Add(new ACL
                    {
                        AceType       = "",
                        RightName     = "WriteOwner",
                        PrincipalName = principal.PrincipalName,
                        PrincipalType = principal.ObjectType
                    });
                }
            }

            obj.Aces = aces.Distinct().ToArray();
        }

Пример #5

Показать файл

Файл: ObjectPropertyHelpers.cs Проект: hex0punk/SharpHound

        internal static void GetProps(SearchResultEntry entry, ResolvedEntry resolved, ref Gpo obj)
        {
            if (!Utils.IsMethodSet(ResolvedCollectionMethod.ObjectProps))
            {
                return;
            }

            obj.Properties.Add("description", entry.GetProp("description"));
            obj.Properties.Add("gpcpath", entry.GetProp("gpcfilesyspath"));
        }

Пример #6

Показать файл

Файл: ACLHelpers.cs Проект: richroc/SharpHound

        public static void GetObjectAces(SearchResultEntry entry, ResolvedEntry resolved, ref Gpo g)
        {
            if (!Utils.IsMethodSet(ResolvedCollectionMethod.ACL))
            {
                return;
            }

            var aces = new List <ACL>();
            var ntSecurityDescriptor = entry.GetPropBytes("ntsecuritydescriptor");

            //If the ntsecuritydescriptor is null, no point in continuing
            //I'm still not entirely sure what causes this, but it can happen
            if (ntSecurityDescriptor == null)
            {
                return;
            }

            var domainName = Utils.ConvertDnToDomain(entry.DistinguishedName);

            //Convert the ntsecuritydescriptor bytes to a .net object
            var descriptor = new RawSecurityDescriptor(ntSecurityDescriptor, 0);

            //Grab the DACL
            var rawAcl = descriptor.DiscretionaryAcl;
            //Grab the Owner
            var ownerSid = descriptor.Owner.ToString();

            //Determine the owner of the object. Start by checking if we've already determined this is null
            if (!_nullSids.TryGetValue(ownerSid, out _))
            {
                //Check if its a common SID
                if (!MappedPrincipal.GetCommon(ownerSid, out var owner))
                {
                    //Resolve the sid manually if we still dont have it
                    var ownerDomain = _utils.SidToDomainName(ownerSid) ?? domainName;
                    owner = _utils.UnknownSidTypeToDisplay(ownerSid, ownerDomain, Props);
                }
                else
                {
                    owner.PrincipalName = $"{owner.PrincipalName}@{domainName}";
                }

                //Filter out the Local System principal which pretty much every entry has
                if (owner != null && !owner.PrincipalName.Contains("LOCAL SYSTEM") && !owner.PrincipalName.Contains("CREATOR OWNER"))
                {
                    aces.Add(new ACL
                    {
                        AceType       = "",
                        RightName     = "Owner",
                        PrincipalName = owner.PrincipalName,
                        PrincipalType = owner.ObjectType
                    });
                }
                else
                {
                    //We'll cache SIDs we've failed to resolve previously so we dont keep trying
                    _nullSids.TryAdd(ownerSid, new byte());
                }
            }

            foreach (var genericAce in rawAcl)
            {
                var qAce = genericAce as QualifiedAce;
                if (qAce == null)
                {
                    continue;
                }

                var objectSid = qAce.SecurityIdentifier.ToString();
                if (_nullSids.TryGetValue(objectSid, out _))
                {
                    continue;
                }

                //Check if its a common sid
                if (!MappedPrincipal.GetCommon(objectSid, out var mappedPrincipal))
                {
                    //If not common, lets resolve it normally
                    var objectDomain =
                        _utils.SidToDomainName(objectSid) ??
                        domainName;
                    mappedPrincipal = _utils.UnknownSidTypeToDisplay(objectSid, objectDomain, Props);
                    if (mappedPrincipal == null)
                    {
                        _nullSids.TryAdd(objectSid, new byte());
                        continue;
                    }
                }
                else
                {
                    if (mappedPrincipal.PrincipalName == "ENTERPRISE DOMAIN CONTROLLERS")
                    {
                        var dObj = _utils.GetForest(domainName);
                        var d    = dObj == null ? domainName : dObj.RootDomain.Name;
                        mappedPrincipal.PrincipalName = $"{mappedPrincipal.PrincipalName}@{d}".ToUpper();
                    }
                    else
                    {
                        mappedPrincipal.PrincipalName = $"{mappedPrincipal.PrincipalName}@{domainName}".ToUpper();
                    }
                }

                if (mappedPrincipal.PrincipalName.Contains("LOCAL SYSTEM") || mappedPrincipal.PrincipalName.Contains("CREATOR OWNER"))
                {
                    continue;
                }

                //Convert our right to an ActiveDirectoryRight enum object, and then to a string
                var adRight       = (ActiveDirectoryRights)Enum.ToObject(typeof(ActiveDirectoryRights), qAce.AccessMask);
                var adRightString = adRight.ToString();

                //Get the ACE for our right
                var ace  = qAce as ObjectAce;
                var guid = ace != null?ace.ObjectAceType.ToString() : "";

                var inheritedObjectType = ace != null?ace.InheritedObjectAceType.ToString() : "00000000-0000-0000-0000-000000000000";

                var isInherited = inheritedObjectType == "00000000-0000-0000-0000-000000000000" ||
                                  inheritedObjectType == "f30e3bc2-9ff0-11d1-b603-0000f80367c1";

                var flags = ace == null ? AceFlags.None : ace.AceFlags;
                if ((flags & AceFlags.InheritOnly) != 0)
                {
                    isInherited = false;
                }

                if (!isInherited && (flags & AceFlags.InheritOnly) != AceFlags.InheritOnly && (flags & AceFlags.Inherited) != AceFlags.Inherited)
                {
                    //If these conditions hold the ACE applies to this object anyway
                    isInherited = true;
                }

                if (!isInherited)
                {
                    continue;
                }

                var toContinue = false;

                //Interesting GPO ACEs - GenericAll, WriteDacl, WriteOwner, GenericWrite
                toContinue |= (adRightString.Contains("WriteDacl") || adRightString.Contains("WriteOwner"));
                if (adRightString.Contains("GenericAll"))
                {
                    toContinue |= ("00000000-0000-0000-0000-000000000000".Equals(guid) || guid.Equals("") || toContinue);
                }

                if (!toContinue)
                {
                    continue;
                }


                if (adRightString.Contains("GenericAll"))
                {
                    aces.Add(new ACL
                    {
                        AceType       = "",
                        PrincipalName = mappedPrincipal.PrincipalName,
                        PrincipalType = mappedPrincipal.ObjectType,
                        RightName     = "GenericAll"
                    });
                }

                if (adRightString.Contains("WriteOwner"))
                {
                    aces.Add(new ACL
                    {
                        AceType       = "",
                        PrincipalName = mappedPrincipal.PrincipalName,
                        PrincipalType = mappedPrincipal.ObjectType,
                        RightName     = "WriteOwner"
                    });
                }

                if (adRightString.Contains("WriteDacl"))
                {
                    aces.Add(new ACL
                    {
                        AceType       = "",
                        PrincipalName = mappedPrincipal.PrincipalName,
                        PrincipalType = mappedPrincipal.ObjectType,
                        RightName     = "WriteDacl"
                    });
                }
            }

            g.Aces = aces.Distinct().ToArray();
        }

Пример #7

Показать файл

Файл: Form1 - Copy.cs Проект: georgeatgrayson/Windows-GPO-Security-Checker

        private void NextButton_Click(object sender, EventArgs e)
        {
            if (state == 0)
            {
                /*StreamReader sr = new StreamReader(path);
                 * string line = sr.ReadLine();
                 * string[] parsed = line.Split(new String[] { " = " }, StringSplitOptions.None);
                 * while (line != null)
                 * {
                 *  parsed = line.Split(new String[] { " = " },StringSplitOptions.None);
                 *  if (parsed.Length > 1) {
                 *      Policies.Add(parsed[0], Int32.Parse(parsed[parsed.Length - 1]));
                 *  }
                 *
                 *  /*parsed = line.Split(new Char[] { ' ', '=', ' ' });
                 *  if (parsed.Length > 1)
                 *  {
                 *      if (Policies.ContainsKey(parsed[0]))
                 *      {
                 *          advice.Add(Policies[parsed[0]].DynamicInvoke(Int32.Parse(parsed[parsed.Length-1])) + "\n");
                 *      }
                 *  }*/
                //        line = sr.ReadLine();
                //    }
                //label1.Text = advice;


                var guid   = new Guid("31B2F340-016D-11D2-945F-00C04FB984F9");
                var domain = new GPDomain(System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName);
                gpo = domain.GetGpo(guid);
                var gpoReport = gpo.GenerateReport(ReportType.Xml);

                //gpb = gpo.Backup(Path.GetTempPath(), null);
                //path = Path.GetTempPath() + "{" + gpb.Id + "}\\DomainSysvol\\GPO\\Machine\\microsoft\\windows nt\\SecEdit\\GptTmpl.inf";
                //StreamReader sr = new StreamReader(path);

                XmlDocument doc = new XmlDocument();
                doc.LoadXml(gpoReport);

                List <XmlNode> extensionData = new List <XmlNode>();
                XmlNode        extIter       = GetChildByName(GetChildByName(doc.LastChild, "Computer"), "ExtensionData");
                while (extIter != null)
                {
                    if (extIter.Name == "ExtensionData")
                    {
                        extensionData.Add(extIter);
                    }
                    extIter = extIter.NextSibling;
                }

                extIter = GetChildByName(GetChildByName(doc.LastChild, "User"), "ExtensionData");
                while (extIter != null)
                {
                    if (extIter.Name == "ExtensionData")
                    {
                        extensionData.Add(extIter);
                    }
                    extIter = extIter.NextSibling;
                }

                /*XmlNode extensiondata1 = GetChildByName(GetChildByName(doc.LastChild, "Computer"), "ExtensionData");
                 * MessageBox.Show(extensiondata1.ToString());
                 * XmlNode extensiondata5 = extensiondata1.NextSibling.NextSibling.NextSibling.NextSibling;
                 * MessageBox.Show(extensiondata5.ToString());
                 * XmlNode extensiondata6 = GetChildByName(GetChildByName(doc.LastChild, "User"), "ExtensionData");
                 * MessageBox.Show(extensiondata6.ToString());
                 * MessageBox.Show(extensions.ToString());*/
                var i = 2;
                foreach (XmlNode data in extensionData)
                {
                    XmlNode extensions = data.FirstChild;
                    if (data == extensionData[0])
                    {
                        foreach (XmlNode pol in extensions)
                        {
                            if (pol.Name == "q1:Account")
                            {
                                var name = GetChildByName(pol, "q1:Name");
                                var num  = GetChildByName(pol, "q1:SettingNumber");
                                var tf   = GetChildByName(pol, "q1:SettingBoolean");
                                if (name != null && num != null)
                                {
                                    Policies.Add(pol.ChildNodes[0].InnerText, Int32.Parse(pol.ChildNodes[1].InnerText));
                                }
                                if (name != null && tf != null)
                                {
                                    if (tf.InnerText == "true")
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 1);
                                    }
                                    else
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 0);
                                    }
                                }
                            }
                        }
                    }
                    else
                    {
                        foreach (XmlNode pol in extensions)
                        {
                            if (pol.Name == "q" + i.ToString() + ":Policy")
                            {
                                var name  = GetChildByName(pol, "q" + i.ToString() + ":Name");
                                var state = GetChildByName(pol, "q" + i.ToString() + ":State");
                                if (name != null && state != null)
                                {
                                    if (state.InnerText == "Enabled")
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 1);
                                    }
                                    else if (state.InnerText == "Disabled")
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 0);
                                    }
                                    else
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 2);
                                    }
                                }
                            }
                        }
                        i++;
                    }
                }



                XmlDocument policies = new XmlDocument();
                //XmlDocument updater = new XmlDocument();
                Assembly assembly = Assembly.GetExecutingAssembly();
                var      a        = assembly.GetManifestResourceNames();
                Stream   stream   = assembly.GetManifestResourceStream("WindowsFormsApp1.PoliciesXML.xml");
                //Stream stream1 = assembly.GetManifestResourceStream("WindowsFormsApp1.UpdaterXML.xml");
                policies.Load(stream);
                //updater.Load(stream1);

                XmlNode p = policies.ChildNodes[1].ChildNodes[0];
                //XmlNode u = updater.ChildNodes[1].ChildNodes[0];

                while (p != null)
                {
                    if (p.NodeType.ToString() == "Element")
                    {
                        Pols.Add(new Policy(p));
                    }
                    p = p.NextSibling;
                    //u = u.NextSibling;
                }


                maxPage = Pols.Count;
                state   = 1;
                GuidanceButton.Visible = true;
                // UpdateButton.Visible = true;
                MarkAsDone.Visible = true;
                NextButton.Text    = "Next >>";
            }
            if (state == 1)
            {
                if (page == maxPage)
                {
                    InfoBox.Text           = "";
                    state                  = 2;
                    PrevButton.Visible     = false;
                    GuidanceButton.Visible = false;
                    //UpdateButton.Visible = false;
                }
                else
                {
                    var name = Pols[page].getName();
                    if (Policies.ContainsKey(name))
                    {
                        InfoBox.Text = Pols[page].check(Policies[name]).Trim();
                    }
                    else
                    {
                        InfoBox.Text = Pols[page].useDefault().Trim();
                    }
                    if (Pols[page].guidance() == "")
                    {
                        GuidanceButton.Visible = false;
                    }
                    else
                    {
                        GuidanceButton.Visible = true;
                    }

                    page += 1;
                    if (page == maxPage)
                    {
                        NextButton.Text = "Finish";
                    }
                    if (page == 2)
                    {
                        PrevButton.Visible = true;
                    }
                }
            }
            else
            {
                this.Close();
            }
        }

Пример #8

Показать файл

Файл: Form1.cs Проект: georgeatgrayson/Windows-GPO-Security-Checker

        private void NextButton_Click(object sender, EventArgs e)
        {
            if (state == 0)
            {
                //Gets GP XML

                var guid   = new Guid("31B2F340-016D-11D2-945F-00C04FB984F9");
                var domain = new GPDomain(System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName);
                gpo = domain.GetGpo(guid);
                var         gpoReport = gpo.GenerateReport(ReportType.Xml);
                XmlDocument doc       = new XmlDocument();
                doc.LoadXml(gpoReport);

                //Parses GP XML

                List <XmlNode> extensionData = new List <XmlNode>();
                XmlNode        extIter       = GetChildByName(GetChildByName(doc.LastChild, "Computer"), "ExtensionData");
                while (extIter != null)
                {
                    if (extIter.Name == "ExtensionData")
                    {
                        extensionData.Add(extIter);
                    }
                    extIter = extIter.NextSibling;
                }

                extIter = GetChildByName(GetChildByName(doc.LastChild, "User"), "ExtensionData");
                while (extIter != null)
                {
                    if (extIter.Name == "ExtensionData")
                    {
                        extensionData.Add(extIter);
                    }
                    extIter = extIter.NextSibling;
                }

                var i = 2;
                foreach (XmlNode data in extensionData)
                {
                    XmlNode extensions = data.FirstChild;
                    if (data == extensionData[0])
                    {
                        foreach (XmlNode pol in extensions)
                        {
                            if (pol.Name == "q1:Account")
                            {
                                var name = GetChildByName(pol, "q1:Name");
                                var num  = GetChildByName(pol, "q1:SettingNumber");
                                var tf   = GetChildByName(pol, "q1:SettingBoolean");
                                if (name != null && num != null)
                                {
                                    Policies.Add(pol.ChildNodes[0].InnerText, Int32.Parse(pol.ChildNodes[1].InnerText));
                                }
                                if (name != null && tf != null)
                                {
                                    if (tf.InnerText == "true")
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 1);
                                    }
                                    else
                                    {
                                        Policies.Add(pol.ChildNodes[0].InnerText, 0);
                                    }
                                }
                            }
                        }
                    }
                    else
                    {
                        if (GetChildByName(data, "Name") != null && GetChildByName(data, "Name").InnerText == "Windows Firewall")
                        {
                            //Special case as the firewall is displayed differently

                            foreach (XmlNode pol in extensions)
                            {
                                if (pol.Name == "q" + i + ":DomainProfile")
                                {
                                    var lpm      = GetChildByName(pol, "q" + i + ":AllowLocalPolicyMerge");
                                    var lpmState = (lpm == null) ? 2 : (lpm.InnerText == "true") ? 1 : 0;
                                    Policies.Add("Domain Profile - Apply local firewall rules", lpmState);
                                    var efw      = GetChildByName(pol, "q" + i + ":EnableFirewall");
                                    var efwState = (efw == null) ? 2 : (efw.InnerText == "true") ? 1 : 0;
                                    Policies.Add("Domain Profile", efwState);
                                    //var ibc = GetChildByName(pol, "q5:DefaultInboundAction");
                                    //var ibcState = (ibc == null) ? 0 : (ibc.InnerText=="true")?1:0;
                                    //var obc = GetChildByName(pol, "q5:DefaultOutboundAction");
                                    //var obcState = (obc == null) ? 0 : (obc.InnerText == "true") ? 1 : 0;
                                }
                                else if (pol.Name == "q" + i + ":PrivateProfile")
                                {
                                    var lpm      = GetChildByName(pol, "q" + i + ":AllowLocalPolicyMerge");
                                    var lpmState = (lpm == null) ? 2 : (lpm.InnerText == "true") ? 1 : 0;
                                    Policies.Add("Private Profile - Apply local firewall rules", lpmState);
                                    var efw      = GetChildByName(pol, "q" + i + ":EnableFirewall");
                                    var efwState = (efw == null) ? 2 : (efw.InnerText == "true") ? 1 : 0;
                                    Policies.Add("Private Profile", efwState);
                                }
                                else if (pol.Name == "q5:PublicProfile")
                                {
                                    var lpm      = GetChildByName(pol, "q" + i + ":AllowLocalPolicyMerge");
                                    var lpmState = (lpm == null) ? 2 : (lpm.InnerText == "true") ? 1 : 0;
                                    Policies.Add("Public Profile - Apply local firewall rules", lpmState);
                                    var efw      = GetChildByName(pol, "q" + i + ":EnableFirewall");
                                    var efwState = (efw == null) ? 2 : (efw.InnerText == "true") ? 1 : 0;
                                    Policies.Add("Public Profile", efwState);
                                }
                            }
                        }
                        else
                        {
                            foreach (XmlNode pol in extensions)
                            {
                                if (pol.Name == "q" + i.ToString() + ":Policy")
                                {
                                    //Parses enabled/disabled/not configured to numbers

                                    var name  = GetChildByName(pol, "q" + i.ToString() + ":Name");
                                    var state = GetChildByName(pol, "q" + i.ToString() + ":State");
                                    if (name != null && state != null)
                                    {
                                        if (state.InnerText == "Enabled")
                                        {
                                            Policies.Add(pol.ChildNodes[0].InnerText, 1);
                                        }
                                        else if (state.InnerText == "Disabled")
                                        {
                                            Policies.Add(pol.ChildNodes[0].InnerText, 0);
                                        }
                                        else
                                        {
                                            Policies.Add(pol.ChildNodes[0].InnerText, 2);
                                        }
                                    }
                                }
                            }
                        }
                        i++;
                    }
                }

                //Parses PoliciesXML to the dictionary to generate the pages

                XmlDocument policies = new XmlDocument();
                Assembly    assembly = Assembly.GetExecutingAssembly();
                var         a        = assembly.GetManifestResourceNames();
                Stream      stream   = assembly.GetManifestResourceStream("WindowsFormsApp1.PoliciesXML.xml");
                policies.Load(stream);

                XmlNode p = policies.ChildNodes[1].ChildNodes[0];

                while (p != null)
                {
                    if (p.NodeType.ToString() == "Element")
                    {
                        Pols.Add(new PolicySection(p));
                    }
                    p = p.NextSibling;
                }

                //Configure first page

                state = 1;
                GuidanceButton.Visible = true;
                MarkAsDone.Visible     = true;
                NextButton.Text        = "Next >>";
                this.Text = Pols[section].name;
            }
            //If within pages
            if (state == 1)
            {
                if (!Pols[section].isPolicyAt(page - 1) && page != 0 && section == Pols.Count - 1)
                {
                    //Exit to finish page

                    InfoBox.Text           = "";
                    state                  = 2;
                    PrevButton.Visible     = false;
                    GuidanceButton.Visible = false;
                    MarkAsDone.Visible     = false;
                    NameLabel.Text         = "";
                    NextButton.Text        = "Finish";
                }
                else
                {
                    if (!Pols[section].isPolicyAt(page - 1) && page != 0)
                    {
                        //Change section

                        section  += 1;
                        this.Text = Pols[section].name;
                        page      = 0;
                    }
                    if (page == 0)
                    {
                        //Display header page for page 0

                        NameLabel.Text = "";
                        InfoBox.Text   = Pols[section].headerText(Policies);
                        if (Pols[section].isSafe())
                        {
                            SkipButton.Visible = true;
                        }
                        else
                        {
                            SkipButton.Visible = false;
                        }
                        GuidanceButton.Visible = false;
                        page += 1;
                        MarkAsDone.Visible = false;
                    }
                    else
                    {
                        //Display individual policy page

                        SkipButton.Visible = false;
                        var currentPolicy = Pols[section].policyAt(page - 1);
                        var name          = currentPolicy.getName();
                        NameLabel.Text = name;
                        InfoBox.Height = 329 - NameLabel.Height;             //Avoids height overflow on name
                        InfoBox.Top    = 18 + NameLabel.Height;
                        if (Policies.ContainsKey(name))
                        {
                            //Use setting found
                            InfoBox.Text        = currentPolicy.check(Policies[name]).Trim();
                            NameLabel.ForeColor = (currentPolicy.isRecommended(Policies[name])) ? currentPolicy.recColour() : currentPolicy.nonRecColour();
                        }
                        else
                        {
                            //Otherwise use default
                            InfoBox.Text        = currentPolicy.useDefault().Trim();
                            NameLabel.ForeColor = (currentPolicy.isRecommended(-1)) ? currentPolicy.recColour() : currentPolicy.nonRecColour();
                        }
                        if (currentPolicy.guidance() == "")
                        {
                            GuidanceButton.Visible = false;
                        }
                        else
                        {
                            GuidanceButton.Visible = true;
                        }

                        page += 1;
                        PrevButton.Visible = true;
                        MarkAsDone.Visible = true;
                        //Very last page show finish instead of next
                        if (!Pols[section].isPolicyAt(page - 1) && section == Pols.Count - 1)
                        {
                            NextButton.Text    = "Finish";
                            MarkAsDone.Visible = false;
                        }
                    }
                }
            }
            else
            {
                this.Close();
            }
        }