Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Commonlib v4 #107

Merged
merged 6 commits into from
Jul 26, 2024
Merged

Commonlib v4 #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3f4dccf
chore: update for commonlib v4
rvazarkar Jul 25, 2024
02313ad
feat: add collector version to meta tag
rvazarkar Jul 25, 2024
25f3e46
fix: crash during startup
rvazarkar Jul 26, 2024
385f3dc
Merge remote-tracking branch 'origin/2.X' into commonlib_v4
rvazarkar Jul 26, 2024
9f4e48f
chore: bump version
rvazarkar Jul 26, 2024
2e8b1ea
chore: fix paths
rvazarkar Jul 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions Sharphound.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
<LangVersion>latest</LangVersion>
<DebugType>full</DebugType>
<ApplicationIcon>favicon.ico</ApplicationIcon>
<Version>2.4.1</Version>
<FileVersion>2.4.1</FileVersion>
<Version>2.5.1</Version>
<FileVersion>2.5.1</FileVersion>
<Company>SpecterOps</Company>
<Product>SharpHound</Product>
<AssemblyName>SharpHound</AssemblyName>
Expand All @@ -21,19 +21,19 @@
<PackageReference Include="Fody" Version="6.6.0">
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="5.0.0" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="5.0.0" />
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="SharpHoundCommon" Version="3.1.8" />
<PackageReference Include="SharpHoundRPC" Version="3.1.8" />
<PackageReference Include="SharpHoundCommon" Version="4.0.1" />
<PackageReference Include="SharpHoundRPC" Version="4.0.1" />
<PackageReference Include="SharpZipLib" Version="1.3.3" />
<PackageReference Include="System.Runtime.CompilerServices.Unsafe" Version="6.0.0" />
<PackageReference Include="System.Threading.Channels" Version="6.0.0" />
<PackageReference Include="System.Threading.Channels" Version="8.0.0" />
<PackageReference Include="System.ValueTuple" Version="4.5.0" />
</ItemGroup>

<ItemGroup>
<!-- <Reference Include="SharpHoundCommonLib, Version=3.1.5.0, Culture=neutral, PublicKeyToken=null">-->
<!-- <Reference Include="SharpHoundCommonLib">-->
<!-- <HintPath>..\SharpHoundCommon\src\CommonLib\bin\Debug\net462\SharpHoundCommonLib.dll</HintPath>-->
<!-- </Reference>-->
<Reference Include="System.DirectoryServices" />
Expand Down
18 changes: 9 additions & 9 deletions src/BaseContext.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,18 @@ public sealed class BaseContext : IDisposable, IContext

private bool disposedValue;

public BaseContext(ILogger logger, LDAPConfig ldapConfig, Flags flags)
public BaseContext(ILogger logger, LdapConfig ldapConfig, Flags flags)
{
Logger = logger;
Flags = flags;
LDAPUtils = new LDAPUtils();
LDAPUtils.SetLDAPConfig(ldapConfig);
LDAPUtils = new LdapUtils();
LDAPUtils.SetLdapConfig(ldapConfig);
CancellationTokenSource = new CancellationTokenSource();
}

public bool IsFaulted { get; set; }

public ResolvedCollectionMethod ResolvedCollectionMethods { get; set; }
public CollectionMethod ResolvedCollectionMethods { get; set; }
public string LdapFilter { get; set; }
public string SearchBase { get; set; }
public string DomainName { get; set; }
Expand All @@ -56,7 +56,7 @@ public BaseContext(ILogger logger, LDAPConfig ldapConfig, Flags flags)
public int Jitter { get; set; }
public int PortScanTimeout { get; set; } = 500;
public CancellationTokenSource CancellationTokenSource { get; set; }
public ILDAPUtils LDAPUtils { get; set; }
public ILdapUtils LDAPUtils { get; set; }
public Task CollectionTask { get; set; }
public Flags Flags { get; set; }

Expand Down Expand Up @@ -90,12 +90,12 @@ public string GetCachePath()
return path;
}

public ResolvedCollectionMethod SetupMethodsForLoop()
public CollectionMethod SetupMethodsForLoop()
{
var original = ResolvedCollectionMethods;
const ResolvedCollectionMethod computerCollectionMethods =
ResolvedCollectionMethod.LocalGroups | ResolvedCollectionMethod.LoggedOn |
ResolvedCollectionMethod.Session;
const CollectionMethod computerCollectionMethods =
CollectionMethod.LocalGroups | CollectionMethod.LoggedOn |
CollectionMethod.Session;
return original & computerCollectionMethods;
}

Expand Down
6 changes: 3 additions & 3 deletions src/Client/Context.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public interface IContext
CancellationTokenSource CancellationTokenSource { get; set; }

ILogger Logger { get; set; }
ILDAPUtils LDAPUtils { get; set; }
ILdapUtils LDAPUtils { get; set; }

string OutputPrefix { get; set; }
string OutputDirectory { get; set; }
Expand All @@ -62,7 +62,7 @@ public interface IContext

public string LocalAdminPassword { get; set; }

ResolvedCollectionMethod ResolvedCollectionMethods { get; set; }
CollectionMethod ResolvedCollectionMethods { get; set; }

/// <summary>
/// Does throttle and jitter for computer requests
Expand All @@ -71,7 +71,7 @@ public interface IContext
Task DoDelay();

string GetCachePath();
ResolvedCollectionMethod SetupMethodsForLoop();
CollectionMethod SetupMethodsForLoop();
string ResolveFileName(string filename, string extension, bool addTimestamp);
EnumerationDomain[] Domains { get; set; }
void UpdateLoopTime();
Expand Down
1 change: 1 addition & 0 deletions src/Client/Flags.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,6 @@ public class Flags
public bool SearchForest { get; set; }
public bool RecurseDomains { get; set; }
public bool DoLocalAdminSessionEnum { get; set; }
public bool ParititonLdapQueries { get; set; }
}
}
6 changes: 3 additions & 3 deletions src/Client/Links.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@ namespace Sharphound.Client
/// <typeparam name="T">A context to be populated.</typeparam>
public interface Links<T>
{
IContext Initialize(IContext context, LDAPConfig options);
IContext Initialize(IContext context, LdapConfig options);

IContext
Task<IContext>
TestConnection(
T context); //Initial LDAP connection test. Search for the well known administrator SID to make sure we can connect successfully.

IContext SetSessionUserName(string overrideUserName, T context);
IContext InitCommonLib(T context);
IContext GetDomainsForEnumeration(T context);
Task<IContext> GetDomainsForEnumeration(T context);
IContext StartBaseCollectionTask(T context);
Task<IContext> AwaitBaseRunCompletion(T context);
IContext StartLoopTimer(T context);
Expand Down
3 changes: 3 additions & 0 deletions src/EnumerationDomain.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
using System.DirectoryServices.ActiveDirectory;

namespace Sharphound
{
public class EnumerationDomain
{
public string Name { get; set; }
public string DomainSid { get; set; }
public string TrustType { get; set; }
}
}

8 changes: 4 additions & 4 deletions src/Extensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ internal static void Merge<TKey, TValue>(this Dictionary<TKey, TValue> s, Dictio
}
}

public static string GetDNSName(this ISearchResultEntry entry, string overrideDNSName)
public static string GetDNSName(this IDirectoryObject entry, string overrideDNSName)
{
var shortName = entry.GetProperty("samaccountname")?.TrimEnd('$');
var dns = entry.GetProperty("dnshostname");
Expand Down Expand Up @@ -111,10 +111,10 @@ internal static async IAsyncEnumerable<T> ReadAllAsync<T>(this ChannelReader<T>
/// Removes non-computer collection methods from specified ones for looping
/// </summary>
/// <returns></returns>
internal static ResolvedCollectionMethod GetLoopCollectionMethods(this ResolvedCollectionMethod methods)
internal static CollectionMethod GetLoopCollectionMethods(this CollectionMethod methods)
{
const ResolvedCollectionMethod computerCollectionMethods = ResolvedCollectionMethod.LocalGroups | ResolvedCollectionMethod.LoggedOn |
ResolvedCollectionMethod.Session;
const CollectionMethod computerCollectionMethods = CollectionMethod.LocalGroups | CollectionMethod.LoggedOn |
CollectionMethod.Session;
return methods & computerCollectionMethods;
}
}
Expand Down
90 changes: 48 additions & 42 deletions src/Options.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,9 +92,12 @@ public class Options

[Option(HelpText = "Override port for LDAP", Default = 0)]
public int LDAPPort { get; set; }

[Option(HelpText = "Override port for LDAPS", Default = 0)]
public int LDAPSSLPort { get; set; }

[Option(HelpText = "Connect to LDAP SSL instead of regular LDAP", Default = false)]
public bool SecureLDAP { get; set; }
[Option(HelpText = "Only connect to LDAP SSL, disallowing fallback", Default = false)]
public bool ForceSecureLDAP { get; set; }

[Option(HelpText = "Disables certificate verification when using LDAPS", Default = false)]
public bool DisableCertVerification { get; set; }
Expand Down Expand Up @@ -136,6 +139,9 @@ public class Options

[Option(HelpText = "Collect all LDAP properties from objects")]
public bool CollectAllProperties { get; set; }

[Option(HelpText = "Split the main ldap query into smaller chunks to attempt to reduce server load")]
public bool PartitionLdapQueries { get; set; }

//Loop Options
[Option('l', "Loop", HelpText = "Loop computer collection")]
Expand All @@ -153,13 +159,13 @@ public class Options
[Option('v', HelpText = "Enable verbose output", Default = (int)LogLevel.Information)]
public int Verbosity { get; set; }

internal bool ResolveCollectionMethods(ILogger logger, out ResolvedCollectionMethod resolved, out bool dconly)
internal bool ResolveCollectionMethods(ILogger logger, out CollectionMethod resolved, out bool dconly)
{
var arr = CollectionMethods.Count() == 1
? CollectionMethods.First().Split(',')
: CollectionMethods.ToArray();

resolved = ResolvedCollectionMethod.None;
resolved = CollectionMethod.None;
dconly = false;

foreach (var baseMethod in arr)
Expand All @@ -177,29 +183,29 @@ internal bool ResolveCollectionMethods(ILogger logger, out ResolvedCollectionMet

resolved |= option switch
{
CollectionMethodOptions.Group => ResolvedCollectionMethod.Group,
CollectionMethodOptions.Session => ResolvedCollectionMethod.Session,
CollectionMethodOptions.LoggedOn => ResolvedCollectionMethod.LoggedOn,
CollectionMethodOptions.Trusts => ResolvedCollectionMethod.Trusts,
CollectionMethodOptions.ACL => ResolvedCollectionMethod.ACL,
CollectionMethodOptions.ObjectProps => ResolvedCollectionMethod.ObjectProps,
CollectionMethodOptions.RDP => ResolvedCollectionMethod.RDP,
CollectionMethodOptions.DCOM => ResolvedCollectionMethod.DCOM,
CollectionMethodOptions.LocalAdmin => ResolvedCollectionMethod.LocalAdmin,
CollectionMethodOptions.PSRemote => ResolvedCollectionMethod.PSRemote,
CollectionMethodOptions.SPNTargets => ResolvedCollectionMethod.SPNTargets,
CollectionMethodOptions.Container => ResolvedCollectionMethod.Container,
CollectionMethodOptions.GPOLocalGroup => ResolvedCollectionMethod.GPOLocalGroup,
CollectionMethodOptions.LocalGroup => ResolvedCollectionMethod.LocalGroups,
CollectionMethodOptions.UserRights => ResolvedCollectionMethod.UserRights,
CollectionMethodOptions.Default => ResolvedCollectionMethod.Default,
CollectionMethodOptions.DCOnly => ResolvedCollectionMethod.DCOnly,
CollectionMethodOptions.ComputerOnly => ResolvedCollectionMethod.ComputerOnly,
CollectionMethodOptions.CARegistry => ResolvedCollectionMethod.CARegistry,
CollectionMethodOptions.DCRegistry => ResolvedCollectionMethod.DCRegistry,
CollectionMethodOptions.CertServices => ResolvedCollectionMethod.CertServices,
CollectionMethodOptions.All => ResolvedCollectionMethod.All,
CollectionMethodOptions.None => ResolvedCollectionMethod.None,
CollectionMethodOptions.Group => CollectionMethod.Group,
CollectionMethodOptions.Session => CollectionMethod.Session,
CollectionMethodOptions.LoggedOn => CollectionMethod.LoggedOn,
CollectionMethodOptions.Trusts => CollectionMethod.Trusts,
CollectionMethodOptions.ACL => CollectionMethod.ACL,
CollectionMethodOptions.ObjectProps => CollectionMethod.ObjectProps,
CollectionMethodOptions.RDP => CollectionMethod.RDP,
CollectionMethodOptions.DCOM => CollectionMethod.DCOM,
CollectionMethodOptions.LocalAdmin => CollectionMethod.LocalAdmin,
CollectionMethodOptions.PSRemote => CollectionMethod.PSRemote,
CollectionMethodOptions.SPNTargets => CollectionMethod.SPNTargets,
CollectionMethodOptions.Container => CollectionMethod.Container,
CollectionMethodOptions.GPOLocalGroup => CollectionMethod.GPOLocalGroup,
CollectionMethodOptions.LocalGroup => CollectionMethod.LocalGroups,
CollectionMethodOptions.UserRights => CollectionMethod.UserRights,
CollectionMethodOptions.Default => CollectionMethod.Default,
CollectionMethodOptions.DCOnly => CollectionMethod.DCOnly,
CollectionMethodOptions.ComputerOnly => CollectionMethod.ComputerOnly,
CollectionMethodOptions.CARegistry => CollectionMethod.CARegistry,
CollectionMethodOptions.DCRegistry => CollectionMethod.DCRegistry,
CollectionMethodOptions.CertServices => CollectionMethod.CertServices,
CollectionMethodOptions.All => CollectionMethod.All,
CollectionMethodOptions.None => CollectionMethod.None,
_ => throw new ArgumentOutOfRangeException()
};

Expand All @@ -209,56 +215,56 @@ internal bool ResolveCollectionMethods(ILogger logger, out ResolvedCollectionMet
if (Stealth)
{
var updates = new List<string>();
if ((resolved & ResolvedCollectionMethod.LoggedOn) != 0)
if ((resolved & CollectionMethod.LoggedOn) != 0)
{
resolved ^= ResolvedCollectionMethod.LoggedOn;
resolved ^= CollectionMethod.LoggedOn;
updates.Add("[-] Removed LoggedOn");
}

var localGroupRemoved = false;
if ((resolved & ResolvedCollectionMethod.RDP) != 0)
if ((resolved & CollectionMethod.RDP) != 0)
{
localGroupRemoved = true;
resolved ^= ResolvedCollectionMethod.RDP;
resolved ^= CollectionMethod.RDP;
updates.Add("[-] Removed RDP Collection");
}

if ((resolved & ResolvedCollectionMethod.DCOM) != 0)
if ((resolved & CollectionMethod.DCOM) != 0)
{
localGroupRemoved = true;
resolved ^= ResolvedCollectionMethod.DCOM;
resolved ^= CollectionMethod.DCOM;
updates.Add("[-] Removed DCOM Collection");
}

if ((resolved & ResolvedCollectionMethod.PSRemote) != 0)
if ((resolved & CollectionMethod.PSRemote) != 0)
{
localGroupRemoved = true;
resolved ^= ResolvedCollectionMethod.PSRemote;
resolved ^= CollectionMethod.PSRemote;
updates.Add("[-] Removed PSRemote Collection");
}

if ((resolved & ResolvedCollectionMethod.LocalAdmin) != 0)
if ((resolved & CollectionMethod.LocalAdmin) != 0)
{
localGroupRemoved = true;
resolved ^= ResolvedCollectionMethod.LocalAdmin;
resolved ^= CollectionMethod.LocalAdmin;
updates.Add("[-] Removed LocalAdmin Collection");
}

if ((resolved & ResolvedCollectionMethod.CARegistry) != 0)
if ((resolved & CollectionMethod.CARegistry) != 0)
{
resolved ^= ResolvedCollectionMethod.CARegistry;
resolved ^= CollectionMethod.CARegistry;
updates.Add("[-] Removed CARegistry Collection");
}

if ((resolved & ResolvedCollectionMethod.DCRegistry) != 0)
if ((resolved & CollectionMethod.DCRegistry) != 0)
{
resolved ^= ResolvedCollectionMethod.DCRegistry;
resolved ^= CollectionMethod.DCRegistry;
updates.Add("[-] Removed DCRegistry Collection");
}

if (localGroupRemoved)
{
resolved |= ResolvedCollectionMethod.GPOLocalGroup;
resolved |= CollectionMethod.GPOLocalGroup;
updates.Add("[+] Added GPOLocalGroup");
}

Expand Down
Loading
Loading