private bool DetectDC(DomainInfo domain, Server dc, KerberosDetector detector) { logWriter.AddLog(string.Format("===== Detect DC in Domain {0} =====", domain.Name), LogLevel.Normal); DirectoryContext context = new DirectoryContext(DirectoryContextType.Domain, domain.Name, domain.Admin, domain.AdminPassword); string hostName = DomainController.FindOne(context).Name; var hostEntry = Dns.GetHostEntry(hostName); try { string computerName = hostEntry.HostName; computerName = computerName.Split('.')[0]; dc.ComputerName = computerName; dc.FQDN = ServerHelper.GetDCAttribute(computerName, "dNSHostName", domain.Name, domain.Admin, domain.AdminPassword); dc.IsWindows = detector.FetchPlatformInfo(computerName); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } if (dc.FQDN == null) { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } try { dc.NetBIOS = ServerHelper.GetDCAttribute(dc.ComputerName, "sAMAccountName", domain.Name, domain.Admin, domain.AdminPassword);//DC01$: NetBIOS name dc.DefaultServiceName = "krbtgt/" + domain.Name.ToUpper(); dc.ServiceSalt = domain.Name.ToUpper() + "host"+ dc.FQDN.ToLower(); dc.ldapService.LdapServiceName = "ldap/" + dc.FQDN.ToLower(); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } try { domain.FunctionalLevel = ServerHelper.GetDomainFunctionalLevel(domain.Name, domain.Admin, domain.AdminPassword); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } logWriter.AddLog("Success", LogLevel.Normal, false, LogStyle.StepPassed); logWriter.AddLineToLog(LogLevel.Advanced); return true; }
/// <summary> /// Run property autodetection. /// </summary> /// <returns>Return true if the function is succeeded.</returns> public bool RunDetection() { logWriter.AddLog("===== Start detecting =====", LogLevel.Normal, false); KerberosDetector detector = new KerberosDetector(logWriter); // detect #region //local client if (!DetectClient(detectionInfo.localDomain, detectionInfo.localClient)) { return false; } //local dc if (!DetectDC(detectionInfo.localDomain, detectionInfo.localDC, detector)) { return false; } //local smb2 and http ap if (hasLocalSmbAP || hasLocalWebAP) { if (!DetectAP(detectionInfo.localDomain, detectionInfo.localAP, detector)) { return false; } } //local users DetectUsers(ref detectionInfo.localUsers, detectionInfo.localDomain); if (detectionInfo.trustType != KerberosTrustType.NoTrust) { //trust dc if (!DetectDC(detectionInfo.trustDomain, detectionInfo.trustDC, detector)) { return false; } //trust users DetectUsers(ref detectionInfo.trustUsers, detectionInfo.trustDomain); if (hasTrustSmbAP || hasTrustWebAP) { //trust smb2 and http ap DetectAP(detectionInfo.trustDomain, detectionInfo.trustAP, detector); } } #endregion logWriter.AddLog("Passed", LogLevel.Normal, false, LogStyle.StepPassed); logWriter.AddLog("===== End detecting =====", LogLevel.Normal); return true; }
private bool DetectAP(DomainInfo domain, Server ap, KerberosDetector detector) { logWriter.AddLog(string.Format("===== Detect Application Server in Domain {0} =====", domain.Name), LogLevel.Normal); string hostname = ap.FQDN; IPAddress ip = IPAddress.Loopback; try { var hostentry = Dns.GetHostEntry(hostname); ip = hostentry.AddressList[0]; ap.IPv4 = ip.ToString(); string computerName = hostentry.HostName; string machineName = computerName.Split('.')[0]; ap.FQDN = ServerHelper.GetAccountAttribute(machineName, "Computers", "dNSHostName", domain.Name, domain.Admin, domain.AdminPassword); ap.IsWindows = detector.FetchPlatformInfo(computerName); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } if (ap.FQDN == null) { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } string[] tempArray = ap.FQDN.Split('.'); ap.ComputerName = tempArray[0]; try { ap.NetBIOS = ServerHelper.GetAccountAttribute(ap.ComputerName, "Computers", "sAMAccountName", domain.Name, domain.Admin, domain.AdminPassword);//DC01$: NetBIOS name ap.DefaultServiceName = "host/" + ap.FQDN.ToLower(); ap.ServiceSalt = domain.Name.ToUpper() + "host" + ap.FQDN.ToLower(); ap.smb2Service.SMB2ServiceName = "cifs/" + ap.FQDN.ToLower(); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } try { if (detectionInfo.HasSmbServer) { //get smb dialect Smb2Client clientForInitialOpen = new Smb2Client(new TimeSpan(0, 0, 15)); byte[] gssToken; Packet_Header header; try { clientForInitialOpen.ConnectOverTCP(ip); NEGOTIATE_Response negotiateResp; DialectRevision connection_Dialect = DialectRevision.Smb2Unknown; DialectRevision[] requestDialect = new DialectRevision[] { DialectRevision.Smb2002, DialectRevision.Smb21, DialectRevision.Smb30, DialectRevision.Smb302 }; ulong messageId = 0; uint status = clientForInitialOpen.Negotiate( 1, 1, Packet_Header_Flags_Values.NONE, messageId++, requestDialect, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU, Guid.NewGuid(), out connection_Dialect, out gssToken, out header, out negotiateResp); if (header.Status != Smb2Status.STATUS_SUCCESS) { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } else { ap.smb2Service.SMB2Dialect = connection_Dialect.ToString(); } } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } //detect smb share string[] shareList = ServerHelper.EnumShares(ap.IPv4, domain.Admin, domain.Name, domain.AdminPassword); if (shareList.Length > 0) { //only get the first one as default value //can ptftool support add more choices? for (int i = 0; i < shareList.Length; i++) { if (shareList[i].Substring(shareList[i].Length - 1, 1) != "$") { ap.smb2Service.DACShare = shareList[i]; ap.smb2Service.CBACShare = shareList[i]; break; } } } else { ap.smb2Service.DACShare = string.Empty; ap.smb2Service.CBACShare = string.Empty; } } if (detectionInfo.HasHttpServer) { //detect http server ap.httpService.HttpServiceName = "http/" + ap.FQDN.ToLower(); try { HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://" + ap.FQDN); request.Credentials = new NetworkCredential(domain.Admin + "@" + domain.Name, domain.AdminPassword); WebResponse response = request.GetResponse(); ap.httpService.Uri = response.ResponseUri.OriginalString; } catch { ap.httpService.Uri = string.Empty; } } } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } logWriter.AddLog("Success", LogLevel.Normal, false, LogStyle.StepPassed); logWriter.AddLineToLog(LogLevel.Advanced); return true; }