Skip to content

Commit

Permalink
feat: issuancepolicy nodes (SpecterOps#93)
Browse files Browse the repository at this point in the history
  • Loading branch information
rvazarkar authored Apr 1, 2024
1 parent 5afb638 commit 75a792a
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 15 deletions.
8 changes: 4 additions & 4 deletions Sharphound.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -24,23 +24,23 @@
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="5.0.0" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="5.0.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="SharpHoundCommon" Version="3.1.4" />
<PackageReference Include="SharpHoundRPC" Version="3.1.4" />
<PackageReference Include="SharpHoundCommon" Version="3.1.6" />
<PackageReference Include="SharpHoundRPC" Version="3.1.6" />
<PackageReference Include="SharpZipLib" Version="1.3.3" />
<PackageReference Include="System.Runtime.CompilerServices.Unsafe" Version="6.0.0" />
<PackageReference Include="System.Threading.Channels" Version="6.0.0" />
<PackageReference Include="System.ValueTuple" Version="4.5.0" />
</ItemGroup>

<ItemGroup>
<!-- <Reference Include="SharpHoundCommonLib, Version=3.1.0.0, Culture=neutral, PublicKeyToken=null">-->
<!-- <Reference Include="SharpHoundCommonLib, Version=3.1.5.0, Culture=neutral, PublicKeyToken=null">-->
<!-- <HintPath>..\SharpHoundCommon\src\CommonLib\bin\Debug\net462\SharpHoundCommonLib.dll</HintPath>-->
<!-- </Reference>-->
<Reference Include="System.DirectoryServices" />
<Reference Include="System.DirectoryServices.Protocols" />
<Reference Include="System.IO.Compression" />
</ItemGroup>
<Target Name="PS1" AfterTargets="Build">
<Target Name="PS1" AfterTargets="Build" Condition="$([MSBuild]::IsOSPlatform('Windows'))">
<Message Text="Test" />
<Exec Command="powershell -ep bypass -c &quot;. '$(ProjectDir)src\Powershell\Out-CompressedDLL.ps1';Out-CompressedDll -FilePath '$(TargetPath)' -TemplatePath '$(ProjectDir)src\\Powershell\Template.ps1' | Out-File -Encoding ASCII '$(TargetDir)$(TargetName).ps1'&quot;" />
</Target>
Expand Down
2 changes: 1 addition & 1 deletion src/Producers/BaseProducer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ protected LDAPData CreateConfigNCData()
props.AddRange(CommonProperties.TypeResolutionProps);

var methods = Context.ResolvedCollectionMethods;
var allObjectTypesQuery = new LDAPFilter().AddContainers().AddConfiguration().AddCertificateTemplates().AddCertificateAuthorities().AddEnterpriseCertificationAuthorities();
var allObjectTypesQuery = new LDAPFilter().AddContainers().AddConfiguration().AddCertificateTemplates().AddCertificateAuthorities().AddEnterpriseCertificationAuthorities().AddIssuancePolicies();

if ((methods & ResolvedCollectionMethod.ObjectProps) != 0)
{
Expand Down
2 changes: 2 additions & 0 deletions src/Producers/ComputerFileProducer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,9 @@ public override async Task Produce()
}
}

#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
public override async Task ProduceConfigNC()
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
{
// Does not make sense for Computer file
}
Expand Down
53 changes: 45 additions & 8 deletions src/Runtime/ObjectProcessors.cs
Original file line number Diff line number Diff line change
Expand Up @@ -80,15 +80,17 @@ internal async Task<OutputBase> ProcessObject(ISearchResultEntry entry,
case Label.Configuration:
return ProcessContainerObject(entry, resolvedSearchResult);
case Label.RootCA:
return await ProcessRootCA(entry, resolvedSearchResult);
return ProcessRootCA(entry, resolvedSearchResult);
case Label.AIACA:
return await ProcessAIACA(entry, resolvedSearchResult);
return ProcessAIACA(entry, resolvedSearchResult);
case Label.EnterpriseCA:
return await ProcessEnterpriseCA(entry, resolvedSearchResult);
case Label.NTAuthStore:
return await ProcessNTAuthStore(entry, resolvedSearchResult);
return ProcessNTAuthStore(entry, resolvedSearchResult);
case Label.CertTemplate:
return await ProcessCertTemplate(entry, resolvedSearchResult);
return ProcessCertTemplate(entry, resolvedSearchResult);
case Label.IssuancePolicy:
return ProcessIssuancePolicy(entry, resolvedSearchResult);
case Label.Base:
return null;
default:
Expand Down Expand Up @@ -525,7 +527,7 @@ private Container ProcessContainerObject(ISearchResultEntry entry,
return ret;
}

private async Task<RootCA> ProcessRootCA(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
private RootCA ProcessRootCA(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
{
var ret = new RootCA
{
Expand Down Expand Up @@ -560,7 +562,7 @@ private async Task<RootCA> ProcessRootCA(ISearchResultEntry entry, ResolvedSearc
return ret;
}

private async Task<AIACA> ProcessAIACA(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
private AIACA ProcessAIACA(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
{
var ret = new AIACA
{
Expand Down Expand Up @@ -669,7 +671,7 @@ private async Task<EnterpriseCA> ProcessEnterpriseCA(ISearchResultEntry entry, R
return ret;
}

private async Task<NTAuthStore> ProcessNTAuthStore(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
private NTAuthStore ProcessNTAuthStore(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
{
var ret = new NTAuthStore
{
Expand Down Expand Up @@ -710,7 +712,7 @@ private async Task<NTAuthStore> ProcessNTAuthStore(ISearchResultEntry entry, Res
return ret;
}

private async Task<CertTemplate> ProcessCertTemplate(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
private CertTemplate ProcessCertTemplate(ISearchResultEntry entry, ResolvedSearchResult resolvedSearchResult)
{
var ret = new CertTemplate
{
Expand Down Expand Up @@ -742,5 +744,40 @@ private async Task<CertTemplate> ProcessCertTemplate(ISearchResultEntry entry, R

return ret;
}

private IssuancePolicy ProcessIssuancePolicy(ISearchResultEntry entry,
ResolvedSearchResult resolvedSearchResult)
{
var ret = new IssuancePolicy
{
ObjectIdentifier = resolvedSearchResult.ObjectId
};

ret.Properties.Add("domain", resolvedSearchResult.Domain);
ret.Properties.Add("name", resolvedSearchResult.DisplayName);
ret.Properties.Add("distinguishedname", entry.DistinguishedName.ToUpper());
ret.Properties.Add("domainsid", resolvedSearchResult.DomainSid);

if ((_methods & ResolvedCollectionMethod.ACL) != 0 || (_methods & ResolvedCollectionMethod.CertServices) != 0)
{
ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
ret.Properties.Add("isaclprotected", ret.IsACLProtected);
}

if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0 || (_methods & ResolvedCollectionMethod.CertServices) != 0)
{
var issuancePolicyProps = _ldapPropertyProcessor.ReadIssuancePolicyProperties(entry);
ret.Properties.Merge(issuancePolicyProps.Props);
ret.GroupLink = issuancePolicyProps.GroupLink;
}

if ((_methods & ResolvedCollectionMethod.Container) != 0 || (_methods & ResolvedCollectionMethod.CertServices) != 0)
{
ret.ContainedBy = _containerProcessor.GetContainingObject(entry.DistinguishedName);
}

return ret;
}
}
}
8 changes: 7 additions & 1 deletion src/Runtime/OutputWriter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ public class OutputWriter
private readonly JsonDataWriter<EnterpriseCA> _enterpriseCAOutput;
private readonly JsonDataWriter<NTAuthStore> _nTAuthStoreOutput;
private readonly JsonDataWriter<CertTemplate> _certTemplateOutput;
private readonly JsonDataWriter<IssuancePolicy> _issuancePolicyOutput;


private int _completedCount;
Expand All @@ -55,6 +56,7 @@ public OutputWriter(IContext context, Channel<OutputBase> outputChannel)
_enterpriseCAOutput = new JsonDataWriter<EnterpriseCA>(_context, DataType.EnterpriseCAs);
_nTAuthStoreOutput = new JsonDataWriter<NTAuthStore>(_context, DataType.NTAuthStores);
_certTemplateOutput = new JsonDataWriter<CertTemplate>(_context, DataType.CertTemplates);
_issuancePolicyOutput = new JsonDataWriter<IssuancePolicy>(_context, DataType.IssuancePolicies);

_runTimer = new Stopwatch();
_statusTimer = new Timer(_context.StatusInterval);
Expand Down Expand Up @@ -140,6 +142,9 @@ internal async Task<string> StartWriter()
case CertTemplate certTemplate:
await _certTemplateOutput.AcceptObject(certTemplate);
break;
case IssuancePolicy issuancePolicy:
await _issuancePolicyOutput.AcceptObject(issuancePolicy);
break;
default:
throw new ArgumentOutOfRangeException(nameof(item));
}
Expand All @@ -163,6 +168,7 @@ private async Task<string> FlushWriters()
await _enterpriseCAOutput.FlushWriter();
await _nTAuthStoreOutput.FlushWriter();
await _certTemplateOutput.FlushWriter();
await _issuancePolicyOutput.FlushWriter();
CloseOutput();
var fileName = ZipFiles();
return fileName;
Expand Down Expand Up @@ -192,7 +198,7 @@ private string ZipFiles()
_containerOutput.GetFilename(), _domainOutput.GetFilename(), _gpoOutput.GetFilename(),
_ouOutput.GetFilename(), _rootCAOutput.GetFilename(), _aIACAOutput.GetFilename(),
_enterpriseCAOutput.GetFilename(), _nTAuthStoreOutput.GetFilename(),
_certTemplateOutput.GetFilename()
_certTemplateOutput.GetFilename(),_issuancePolicyOutput.GetFilename()
});

foreach (var entry in fileList.Where(x => !string.IsNullOrEmpty(x)))
Expand Down
2 changes: 1 addition & 1 deletion src/Sharphound.cs
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ public IContext Initialize(IContext context, LDAPConfig options)
}
catch (Exception e)
{
context.Logger.LogCritical("unable to write to target directory");
context.Logger.LogCritical(e, "unable to write to target directory");
context.Flags.IsFaulted = true;
}
}
Expand Down

0 comments on commit 75a792a

Please sign in to comment.