public static BruteForce.Hash CastAnalyzerHashToBruteForceHash(PcapAnalyzer.NetworkHash hash)
{
BruteForce.Hash res = null;
if (hash is PcapAnalyzer.HttpDigestHash)
{
res = CastAnalyzerHashToBruteForceHash(hash as PcapAnalyzer.HttpDigestHash);
}
else if (hash is PcapAnalyzer.CramMd5Hash)
{
res = CastAnalyzerrHashToBruteForceHash(hash as PcapAnalyzer.CramMd5Hash);
}
else if (hash is PcapAnalyzer.NtlmHash)
{
res = CastAnalyzerrHashToBruteForceHash(hash as PcapAnalyzer.NtlmHash);
}
else if (hash is PcapAnalyzer.KerberosHash)
{
res = CastAnalyzerrHashToBruteForceHash(hash as PcapAnalyzer.KerberosHash);
}
else
{
throw new Exception("Hash type not supported");
}
return(res);
}
public void HandleHash(PcapAnalyzer.NetworkHash hash)
{
// Usually the hashes username is named "User" \ "Username".
var user = GetPropValue(hash, "User");
var username = GetPropValue(hash, "Username");
var displayUserName = user != null ? user : username;
if (displayUserName != null)
{
var domain = GetPropValue(hash, "Domain");
if (domain != null)
{
if (domain.ToString().Length > 0)
{
displayUserName = domain.ToString() + @"\" + displayUserName;
}
}
var edgeText = $"{hash.HashType} Hash";
AddEdge(displayUserName.ToString(), hash.Destination, edgeText);
_graph.FindNode(displayUserName.ToString()).Attr.FillColor = Microsoft.Msagl.Drawing.Color.LightGreen;
}
}
