merge with v3 branch

.github/workflows/build.yml

@@ -6,12 +6,14 @@ jobs:
   build:
     runs-on: windows-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Setup .NET
-      uses: actions/setup-dotnet@v1
+      uses: actions/setup-dotnet@v3
       with:
-        dotnet-version: 5.0.x
+        dotnet-version: |
+          7.0.x
+          5.0.x
 
     - name: Restore dependencies
       run: dotnet restore

.github/workflows/publish.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: windows-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Parse Version
         uses: web3j/[email protected]
@@ -21,9 +21,11 @@ jobs:
           start: 1
 
       - name: Setup .NET
-        uses: actions/setup-dotnet@v1
+        uses: actions/setup-dotnet@v3
         with:
-          dotnet-version: 5.0.x
+          dotnet-version: |
+              7.0.x
+              5.0.x
 
       - name: Restore Dependencies
         run: dotnet restore
@@ -38,11 +40,27 @@ jobs:
           path: docfx/coverage/report/
 
       - name: Pack
-        run: dotnet pack --include-symbols --no-restore -c Release -p:PackageVersion=${{ steps.version.outputs.result }} -o .
-
-      - name: Publish NuGet
-        run: dotnet nuget push *.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_TOKEN }}
+        run: | 
+          mkdir pkgs
+          dotnet pack --no-restore -c Release -p:PackageVersion=${{ steps.version.outputs.result }} -o ./pkgs
+        
+#      - name: Prep Packages
+#        run: dotnet nuget add source --username ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/BloodHoundAD/index.json"
 
+#      - name: Publish to GitHub Packages
+#        run: dotnet nuget push *.nupkg --api-key ${{ secrets.GITHUB_TOKEN }} --source "github"
+#
+#      - name: Publish NuGet
+#        run: dotnet nuget push *.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_TOKEN }} --skip-duplicate
+
+      - name: Publish to SpecterOps Packages
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY }}
+        run: |
+          dotnet tool install -g sleet
+          sleet push ./pkgs --skip-existing
+        
   ghpages:
     name: ghpages
     needs: nuget

.gitignore

@@ -131,11 +131,7 @@ tags
 # Visual Studio Code
 ################
 
-.vscode/*
-!.vscode/settings.json
-!.vscode/tasks.json
-!.vscode/launch.json
-!.vscode/extensions.json
+.vscode
 *.code-workspace
 
 # Local History for Visual Studio Code

Directory.Build.props

@@ -1,7 +1,7 @@
 <Project>
-  <ItemGroup>
-      <AssemblyAttribute Include="System.Runtime.CompilerServices.InternalsVisibleTo">
-        <_Parameter1>CommonLibTest</_Parameter1>
-      </AssemblyAttribute>
-  </ItemGroup>
+    <ItemGroup>
+        <AssemblyAttribute Include="System.Runtime.CompilerServices.InternalsVisibleTo">
+            <_Parameter1>CommonLibTest</_Parameter1>
+        </AssemblyAttribute>
+    </ItemGroup>
 </Project>

SharpHoundCommon.sln

@@ -1,12 +1,14 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# 
+#
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpHoundCommonLib", "src\CommonLib\SharpHoundCommonLib.csproj", "{88EB8B09-EB8A-4E59-BBF7-CA5374DFA9EB}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CommonLibTest", "test\unit\CommonLibTest.csproj", "{F1E060CB-58D0-42A7-9BBC-E08C6FD5DD43}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Docfx", "docfx\Docfx.csproj", "{BD8C7EB8-F357-4499-8C08-76B42F600076}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpHoundRPC", "src\SharpHoundRPC\SharpHoundRPC.csproj", "{4F06116D-88A7-4601-AB28-B48F2857D458}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -25,5 +27,9 @@ Global
 		{BD8C7EB8-F357-4499-8C08-76B42F600076}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{BD8C7EB8-F357-4499-8C08-76B42F600076}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{BD8C7EB8-F357-4499-8C08-76B42F600076}.Release|Any CPU.Build.0 = Release|Any CPU
+		{4F06116D-88A7-4601-AB28-B48F2857D458}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{4F06116D-88A7-4601-AB28-B48F2857D458}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{4F06116D-88A7-4601-AB28-B48F2857D458}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{4F06116D-88A7-4601-AB28-B48F2857D458}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 EndGlobal

sleet.json

@@ -0,0 +1,11 @@
+{
+  "sources": [
+    {
+      "name": "feed",
+      "type": "s3",
+      "path": "https://s3.amazonaws.com/bloodhound-ad",
+      "region": "us-east-1",
+      "bucketName": "bloodhound-ad"
+    }
+  ]
+}

src/CommonLib/CSVComputerStatus.cs

@@ -5,6 +5,7 @@ namespace SharpHoundCommonLib
 {
     public class CSVComputerStatus
     {
+        public const string StatusSuccess = "Success";
         public string ComputerName { get; set; }
         public string Task { get; set; }
         public string Status { get; set; }

src/CommonLib/Cache.cs

@@ -1,4 +1,6 @@
-using System.Collections.Concurrent;
+using System;
+using System.Collections.Concurrent;
+using System.ComponentModel;
 using System.Runtime.Serialization;
 using SharpHoundCommonLib.Enums;
 
@@ -7,6 +9,19 @@ namespace SharpHoundCommonLib
     [DataContract]
     public class Cache
     {
+        //Leave these here until we switch back to Newtonsoft which doesn't suck
+        // [DataMember]private ConcurrentDictionary<string, string[]> _globalCatalogCache;
+        //
+        // [DataMember]private ConcurrentDictionary<string, Label> _idToTypeCache;
+        //
+        // [DataMember]private ConcurrentDictionary<string, string> _machineSidCache;
+        //
+        // [DataMember]private ConcurrentDictionary<string, string> _sidToDomainCache;
+        //
+        // [DataMember]private ConcurrentDictionary<string, string> _valueToIDCache;
+
+        private static Version defaultVersion = new(1, 0, 0);
+
         private Cache()
         {
             ValueToIdCache = new ConcurrentDictionary<string, string>();
@@ -25,6 +40,8 @@ private Cache()
         [DataMember] public ConcurrentDictionary<string, string> SIDToDomainCache { get; private set; }
 
         [DataMember] public ConcurrentDictionary<string, string> ValueToIdCache { get; private set; }
+        [DataMember] public DateTime CacheCreationDate { get; set; }
+        [DataMember] public Version CacheCreationVersion { get; set; }
 
         [IgnoreDataMember] private static Cache CacheInstance { get; set; }
 
@@ -126,9 +143,17 @@ private static string GetPrefixKey(string key, string domain)
         ///     Creates a new empty cache instance
         /// </summary>
         /// <returns></returns>
-        public static Cache CreateNewCache()
+        public static Cache CreateNewCache(Version version = null)
         {
-            return new Cache();
+            if (version == null)
+            {
+                version = defaultVersion;
+            }
+            return new Cache
+            {
+                CacheCreationVersion = version,
+                CacheCreationDate = DateTime.Now.Date
+            };
         }
 
         /// <summary>

src/CommonLib/CommonLib.cs

@@ -7,8 +7,8 @@ public class CommonLib
         private static bool _initialized;
 
         /// <summary>
-        /// Initializes the common library with a log and cache instance.
-        /// If log/cache aren't provided, will use defaults
+        ///     Initializes the common library with a log and cache instance.
+        ///     If log/cache aren't provided, will use defaults
         /// </summary>
         /// <param name="log"></param>
         /// <param name="cache"></param>
@@ -36,7 +36,7 @@ public static void InitializeCommonLib(ILogger log = null, Cache cache = null)
         }
 
         /// <summary>
-        /// Replaces the current logging instance with a new one
+        ///     Replaces the current logging instance with a new one
         /// </summary>
         /// <param name="log"></param>
         public static void ReconfigureLogging(ILogger log)

src/CommonLib/Enums/CollectionMethods.cs

@@ -21,10 +21,11 @@ public enum ResolvedCollectionMethod
         DCOM = 1 << 12,
         SPNTargets = 1 << 13,
         PSRemote = 1 << 14,
+        UserRights = 1 << 15,
         LocalGroups = DCOM | RDP | LocalAdmin | PSRemote,
-        ComputerOnly = LocalGroups | Session,
+        ComputerOnly = LocalGroups | Session | UserRights,
         DCOnly = ACL | Container | Group | ObjectProps | Trusts | GPOLocalGroup,
         Default = Group | Session | Trusts | ACL | ObjectProps | LocalGroups | SPNTargets | Container,
-        All = Default | LoggedOn | GPOLocalGroup
+        All = Default | LoggedOn | GPOLocalGroup | UserRights
     }
 }

src/CommonLib/Enums/LSAPrivileges.cs

@@ -0,0 +1,52 @@
+namespace SharpHoundCommonLib.Enums
+{
+    public class LSAPrivileges
+    {
+        public const string AssignPrimaryToken = "SeAssignPrimaryTokenPrivilege";
+        public const string Audit = "SeAuditPrivilege";
+        public const string Backup = "SeBackupPrivilege";
+        public const string BatchLogon = "SeBatchLogonRight";
+        public const string ChangeNotify = "SeChangeNotifyPrivilege";
+        public const string CreateGlobal = "SeCreateGlobalPrivilege";
+        public const string CreatePagefile = "SeCreatePagefilePrivilege";
+        public const string CreatePermanent = "SeCreatePermanentPrivilege";
+        public const string CreateSymbolicLink = "SeCreateSymbolicLinkPrivilege";
+        public const string CreateToken = "SeCreateTokenPrivilege";
+        public const string Debug = "SeDebugPrivilege";
+        public const string DenyBatchLogon = "SeDenyBatchLogonRight";
+        public const string DenyInteractiveLogon = "SeDenyInteractiveLogonRight";
+        public const string DenyNetworkLogon = "SeDenyNetworkLogonRight";
+        public const string DenyRemoteInteractiveLogon = "SeDenyRemoteInteractiveLogonRight";
+        public const string DenyServiceLogon = "SeDenyServiceLogonRight";
+        public const string EnableDelegation = "SeEnableDelegationPrivilege";
+        public const string Impersonate = "SeImpersonatePrivilege";
+        public const string IncreaseBasePriority = "SeIncreaseBasePriorityPrivilege";
+        public const string IncreaseQuota = "SeIncreaseQuotaPrivilege";
+        public const string IncreaseWorkingSet = "SeIncreaseWorkingSetPrivilege";
+        public const string InteractiveLogon = "SeInteractiveLogonRight";
+        public const string LoadDriver = "SeLoadDriverPrivilege";
+        public const string LockMemory = "SeLockMemoryPrivilege";
+        public const string MachineAccount = "SeMachineAccountPrivilege";
+        public const string ManageVolume = "SeManageVolumePrivilege";
+        public const string NetworkLogon = "SeNetworkLogonRight";
+        public const string ProfileSingleProcess = "SeProfileSingleProcessPrivilege";
+        public const string Relabel = "SeRelabelPrivilege";
+        public const string RemoteInteractiveLogon = "SeRemoteInteractiveLogonRight";
+        public const string RemoteShutdown = "SeRemoteShutdownPrivilege";
+        public const string Restore = "SeRestorePrivilege";
+        public const string Security = "SeSecurityPrivilege";
+        public const string ServiceLogon = "SeServiceLogonRight";
+        public const string Shutdown = "SeShutdownPrivilege";
+        public const string SyncAgent = "SeSyncAgentPrivilege";
+        public const string SystemEnvironment = "SeSystemEnvironmentPrivilege";
+        public const string SystemProfile = "SeSystemProfilePrivilege";
+        public const string SystemTime = "SeSystemtimePrivilege";
+        public const string TakeOwnership = "SeTakeOwnershipPrivilege";
+        public const string Tcb = "SeTcbPrivilege";
+        public const string TimeZone = "SeTimeZonePrivilege";
+        public const string TrustedCredManAccess = "SeTrustedCredManAccessPrivilege";
+        public const string Undock = "SeUndockPrivilege";
+
+        public static readonly string[] DesiredPrivileges = {RemoteInteractiveLogon};
+    }
+}

src/CommonLib/Enums/Labels.cs

@@ -2,13 +2,15 @@
 {
     public enum Label
     {
+        Base = 0,
         User,
         Computer,
         Group,
+        LocalGroup,
+        LocalUser,
         GPO,
         Domain,
         OU,
-        Container,
-        Base
+        Container
     }
 }

src/CommonLib/Enums/LdapErrorCodes.cs

@@ -0,0 +1,9 @@
+namespace SharpHoundCommonLib.Enums
+{
+    public enum LdapErrorCodes : int
+    {
+        Success = 0,
+        Busy = 51,
+        ServerDown = 81
+    }
+}

src/CommonLib/Exceptions/LDAPQueryException.cs

@@ -0,0 +1,19 @@
+using System;
+
+namespace SharpHoundCommonLib.Exceptions
+{
+    public class LDAPQueryException : Exception
+    {
+        public LDAPQueryException()
+        {
+        }
+
+        public LDAPQueryException(string message) : base(message)
+        {
+        }
+
+        public LDAPQueryException(string message, Exception inner) : base(message, inner)
+        {
+        }
+    }
+}