wip: initial cleanup commit

SpecterOps · Dec 11, 2024 · 52de010 · 52de010
1 parent 9a5eb07
commit 52de010
Show file tree

Hide file tree

Showing 34 changed files with 970 additions and 1,600 deletions.
diff --git a/src/CommonLib/Enums/CollectionMethod.cs b/src/CommonLib/Enums/CollectionMethod.cs
@@ -1,10 +1,8 @@
 using System;
 
-namespace SharpHoundCommonLib.Enums
-{
+namespace SharpHoundCommonLib.Enums {
     [Flags]
-    public enum CollectionMethod
-    {
+    public enum CollectionMethod {
         None = 0,
         Group = 1,
         LocalAdmin = 1 << 1,
@@ -30,9 +28,13 @@ public enum CollectionMethod
         SmbInfo = 1 << 22,
         EventLogs = 1 << 23,
         LocalGroups = DCOM | RDP | LocalAdmin | PSRemote,
-        ComputerOnly = LocalGroups | Session | UserRights | CARegistry | DCRegistry | WebClientService | SmbInfo | EventLogs,
+        ComputerOnly = LocalGroups | Session | UserRights | CARegistry | DCRegistry | WebClientService | SmbInfo,
         DCOnly = ACL | Container | Group | ObjectProps | Trusts | GPOLocalGroup | CertServices | LdapServices | SmbInfo,
-        Default = Group | Session | Trusts | ACL | ObjectProps | LocalGroups | SPNTargets | Container | CertServices | LdapServices | SmbInfo,
-        All = Default | LoggedOn | GPOLocalGroup | UserRights | CARegistry | DCRegistry | WebClientService | LdapServices | EventLogs
+
+        Default = Group | Session | Trusts | ACL | ObjectProps | LocalGroups | SPNTargets | Container | CertServices |
+                  LdapServices | SmbInfo,
+
+        All = Default | LoggedOn | GPOLocalGroup | UserRights | CARegistry | DCRegistry | WebClientService |
+              LdapServices
     }
 }
diff --git a/src/CommonLib/Enums/EventIds.cs b/src/CommonLib/Enums/EventIds.cs
@@ -0,0 +1,6 @@
+namespace SharpHoundCommonLib.Enums;
+
+public class EventIds {
+    public static int LogonEvent = 4624;
+    public static int ValidateCredentialsEvent = 4776;
+}
diff --git a/src/CommonLib/Enums/LdapErrorCodes.cs b/src/CommonLib/Enums/LdapErrorCodes.cs
@@ -1,7 +1,5 @@
-namespace SharpHoundCommonLib.Enums
-{
-    public enum LdapErrorCodes : int
-    {
+namespace SharpHoundCommonLib.Enums {
+    public enum LdapErrorCodes : int {
         Success = 0,
         StrongAuthRequired = 8,
         SaslBindInProgress = 14,

diff --git a/src/CommonLib/Enums/LdapOption.cs b/src/CommonLib/Enums/LdapOption.cs
@@ -1,7 +1,5 @@
-namespace SharpHoundCommonLib.Enums
-{
-    public enum LdapOption : int
-    {
+namespace SharpHoundCommonLib.Enums {
+    public enum LdapOption : int {
         Ssl = 0x0A,
         ProtocolVersion = 0x11,
         ResultCode = 0x31,
@@ -11,4 +9,4 @@ public enum LdapOption : int
         Encrypt = 0x96,
         Timeout = 0x5002,
     }
-}
+}
diff --git a/src/CommonLib/Enums/LdapOptionValue.cs b/src/CommonLib/Enums/LdapOptionValue.cs
@@ -4,12 +4,10 @@
 using System.Text;
 using System.Threading.Tasks;
 
-namespace SharpHoundCommonLib.Enums
-{
-    public enum LdapOptionValue : int
-    {
+namespace SharpHoundCommonLib.Enums {
+    public enum LdapOptionValue : int {
         Off = 0,
         On = 1,
         Version3 = 3,
     };
-}
+}
diff --git a/...nLib/Enums/LdapSupportedSaslMechansims.cs → ...nLib/Enums/LdapSupportedSaslMechanisms.cs b/...nLib/Enums/LdapSupportedSaslMechansims.cs → ...nLib/Enums/LdapSupportedSaslMechanisms.cs
@@ -4,13 +4,11 @@
 using System.Text;
 using System.Threading.Tasks;
 
-namespace SharpHoundCommonLib.Enums
-{
-    public static class LdapSupportedSaslMechansims
-    {
+namespace SharpHoundCommonLib.Enums {
+    public static class LdapSupportedSaslMechanisms {
         public const string GSSAPI = "GSSAPI";
         public const string GSS_SPNEGO = "GSS-SPNEGO";
         public const string EXTERNAL = "EXTERNAL";
         public const string DIGEST_MD5 = "DIGEST_MD5";
     }
-}
+}
diff --git a/src/CommonLib/Extensions.cs b/src/CommonLib/Extensions.cs
@@ -186,7 +186,7 @@ public static string LdapValue(this Guid s)
         /// <param name="methods"></param>
         /// <returns></returns>
         public static bool IsComputerCollectionSet(this CollectionMethod methods) {
-            const CollectionMethod test = CollectionMethod.ComputerOnly | CollectionMethod.LoggedOn;
+            const CollectionMethod test = CollectionMethod.ComputerOnly | CollectionMethod.LoggedOn | CollectionMethod.SmbInfo | CollectionMethod.SmbInfo;
             return (methods & test) != 0;
         }
 

diff --git a/src/CommonLib/Impersonate.cs b/src/CommonLib/Impersonate.cs
@@ -90,7 +90,7 @@ public class Impersonator : IDisposable {
         ///<param name = "domainName" > Name of the domain.</param>
         ///<param name = "password" > The password. <see cref = "System.String" /></ param >
         ///< param name="logonType">Type of the logon.</param>
-        ///<param name = "logonProvider" > The logon provider. <see cref = "Mit.Sharepoint.WebParts.EventLogQuery.Network.LogonProvider" /></ param >
+        ///<param name = "logonProvider" > The logon provider. <see cref = "Mit.Sharepoint.WebParts.EventLogQuery.Network.LogonProvider" /></param >
         public Impersonator(string userName, string domainName, string password, LogonType logonType,
             LogonProvider logonProvider) {
             Impersonate(userName, domainName, password, logonType, logonProvider);
@@ -125,10 +125,11 @@ public void Dispose() {
         /// </summary>
         ///<param name = "userName" > Name of the user.</param>
         ///<param name = "domainName" > Name of the domain.</param>
-        ///<param name = "password" > The password. <see cref = "System.String" /></ param >
-        ///< param name="logonType">Type of the logon.</param>
+        ///<param name = "password" > The password. <see cref = "System.String" /></param >
+        ///<param name="logonType">Type of the logon.</param>
         ///<param name = "logonProvider" > The logon provider. <see cref = "Mit.Sharepoint.WebParts.EventLogQuery.Network.LogonProvider" /></ param >
-        public void Impersonate(string userName, string domainName, string password, LogonType logonType = LogonType.LOGON32_LOGON_INTERACTIVE,
+        public void Impersonate(string userName, string domainName, string password,
+            LogonType logonType = LogonType.LOGON32_LOGON_INTERACTIVE,
             LogonProvider logonProvider = LogonProvider.LOGON32_PROVIDER_DEFAULT) {
             UndoImpersonation();
 
@@ -149,14 +150,11 @@ public void Impersonate(string userName, string domainName, string password, Log
                             ref logonTokenDuplicate) != 0) {
                         var wi = new WindowsIdentity(logonTokenDuplicate);
                         wi.Impersonate(); // discard the returned identity context (which is the context of the application pool)
-                    }
-                    else
+                    } else
                         throw new Win32Exception(Marshal.GetLastWin32Error());
-                }
-                else
+                } else
                     throw new Win32Exception(Marshal.GetLastWin32Error());
-            }
-            finally {
+            } finally {
                 if (logonToken != IntPtr.Zero)
                     Win32NativeMethods.CloseHandle(logonToken);