public void CheckLocalNesting(LocalSam samInfo) { foreach (GroupInfo ginfo in samInfo.Groups) { foreach (string sid in ginfo.SidList) { CheckAddGroup((SidInfo)ginfo); } } }
public void Load(string targetDC) { if (!Loaded) { Info.Clear(); Info.AddFormatted("WhoAmI: {0}\r\n", GlobalUserStore.Name); List <SidInfo> tokengoups = GetTokenGroups(targetDC, GlobalUserStore.SDDLSid); SamInfo = new LocalSam(); if (!SamInfo.IsDC && !SamInfo.Success) { Info.Add("Failed to read local SAM -> eval will not be complete!"); GlobalEventHandler.RaiseDebugInfoOccured("Failed to read local SAM -> eval will not be complete!"); } string uname = (GlobalUserStore.UPN != null) ? GlobalUserStore.UPN : GlobalUserStore.Name; TokenInfo = new TokenInformation(uname); if (!TokenInfo.Success) { GlobalEventHandler.RaiseDebugInfoOccured("Failed to inspect token -> exiting WhoAmI!"); return; } if (SamInfo.IsDC || (!TokenInfo.Sid.StartsWith(SamInfo.MachineSid))) { if (tokengoups.Count > 0) { TokenInfo.AddLdapGroups(tokengoups, SamInfo.IsDC); } else { Info.Add("Failed to read token from AD -> eval will not be complete!"); GlobalEventHandler.RaiseDebugInfoOccured("Failed to read token from AD -> eval will not be complete!"); } } if (!SamInfo.IsDC) { TokenInfo.CheckLocalNesting(SamInfo); } TokenInformation temptoken = null; if (TokenInfo.IsElevated) { URAInfoLocal = new UserRights(); temptoken = TokenInfo; if (URAInfoLocal.Success) { foreach (PrivilegeAndPrincipals privinfo in URAInfoLocal.Privileges) { privinfo.CheckApplicability(ref temptoken); } } string dcnb = (targetDC.Contains(".")) ? targetDC.Split('.')[0] : targetDC; if (dcnb.ToLowerInvariant() != SamInfo.MachineName.ToLowerInvariant()) { URAInfoRemote = new UserRights(targetDC); if (URAInfoRemote.Success) { foreach (PrivilegeAndPrincipals privinfo in URAInfoRemote.Privileges) { privinfo.CheckApplicability(ref temptoken); } } } TokenInfo = temptoken; } if (GlobalUserStore.ShowGroups) { Info.Add("\r\ngroups info:\r\n"); foreach (SidInfo group in TokenInfo.Groups) { Info.Add(group.ToString()); } } if (GlobalUserStore.ShowPrivs) { Info.Add("\r\nprivileges info:\r\n"); foreach (PrivilegeInfo priv in TokenInfo.Privileges) { Info.Add(priv.ToString()); } } if (GlobalUserStore.ShowURA) { Info.AddFormatted("\r\nuser rights assignments on {0}:\r\n", SamInfo.MachineName); if (TokenInfo.IsElevated) { if (URAInfoLocal.Success) { foreach (PrivilegeAndPrincipals privinfo in URAInfoLocal.Privileges) { Info.Add(privinfo.ToString()); } } else { Info.AddRange(URAInfoLocal.Messages); } Info.AddFormatted("\r\nuser rights assignments on {0}:\r\n", targetDC); if (URAInfoRemote != null) { if (URAInfoRemote.Success) { foreach (PrivilegeAndPrincipals privinfo in URAInfoRemote.Privileges) { Info.Add(privinfo.ToString()); } } else { Info.AddRange(URAInfoRemote.Messages); } } else { Info.Add("\tDid not evaluate - local and remote machine are the same"); } } else { Info.Add("\tThread is not elevated - cannot evaluate"); } } Loaded = true; } }