Ejemplo n.º 1
0
    def computer_is_sensitive(self, name, domain, admin_count) -> bool:
        # DC
        if name.upper() in main_config.get_dc_name_list(get_netbios_domain(domain)):
            return True

        if len(admin_count) > 0 and admin_count[0] == 1:
            return True

        # 敏感组
        for computer in main_config.sensitive_computers:
            if computer["domain"] == get_netbios_domain(domain) and computer["name"] == name:
                return True
        return False
Ejemplo n.º 2
0
 def computer_entry_data(self, name):
     result = {}
     fields = [
         "operatingSystem", "operatingSystemServicePack",
         "operatingSystemVersion", "sAMAccountName", "whenCreated", "cn",
         "objectSid", "lastLogonTimestamp", "distinguishedName",
         "adminCount"
     ]
     if not name.endswith("$"):
         name = name + "$"
     entry = self.ldap.search_by_name(name, attributes=fields)
     if entry:
         entry_attributes = entry.entry_attributes_as_dict
         result["is_sensitive"] = self.computer_is_sensitive(
             name=entry_attributes["cn"][0],
             domain=self.domain,
             admin_count=entry_attributes["adminCount"])
         result[
             "is_dc"] = True if name[:-1] in main_config.get_dc_name_list(
                 get_netbios_domain(self.domain)) else False
         for key, value in entry.entry_attributes_as_dict.items():
             if key == "whenCreated" or key == "lastLogonTimestamp":
                 result[key] = datetime_to_utc(value[0])
             elif len(value) == 1:
                 result[key] = value[0]
             elif len(value) > 1:
                 result[key] = "、".join(value)
             else:
                 result[key] = ""
     return result
Ejemplo n.º 3
0
 def __init__(self, domain):
     self.domain = get_netbios_domain(domain)
     self.con = Connection(
         self._get_server(),
         user=main_config.ldap_account[self.domain]["user"],
         password=main_config.ldap_account[self.domain]["password"],
         auto_bind=True)
     self.domain_dn = main_config.ldap_account[self.domain]["dn"]
Ejemplo n.º 4
0
    def group_is_sensitive(self, name, domain, admin_count) -> bool:
        if len(admin_count) > 0 and admin_count[0] == 1:
            return True

        # 敏感组
        for g_entry in main_config.sensitive_groups:
            if g_entry["domain"] == get_netbios_domain(domain) and g_entry["name"] == name:
                return True
        return False
Ejemplo n.º 5
0
    def fuzz_search(self, name, page_size=5, **kwargs) -> list:
        result = []
        condition = "(&(cn=*{name}*)(|(objectClass=computer)(objectClass=user)(objectClass=group)))".format(
            name=name)
        entries = self.ldap.search_by_custom(condition,
                                             attributes=[
                                                 "cn", "distinguishedName",
                                                 "userAccountControl",
                                                 "objectSid", "adminCount",
                                                 "memberOf", "objectClass",
                                                 "description"
                                             ],
                                             paged_size=page_size)
        if not entries:
            return result
        for entry in entries:
            temp = {}
            entry_attributes = entry.entry_attributes_as_dict

            if "computer" in entry_attributes["objectClass"]:
                temp["entry_type"] = "computer"
            elif "group" in entry_attributes["objectClass"]:
                temp["entry_type"] = "group"
            elif "user" in entry_attributes["objectClass"]:
                temp["entry_type"] = "user"
            else:
                continue

            for key, value in entry_attributes.items():
                if key == "distinguishedName":
                    temp["domain"] = get_netbios_domain(
                        get_domain_from_dn(value[0]))
                elif temp[
                        "entry_type"] != "group" and key == "userAccountControl":
                    temp["is_disabled"] = self.uac_parser.has_one_flag(
                        value[0], "ACCOUNT_DISABLE")
                elif key == "objectSid":
                    # TODO 改为敏感组的判断方式
                    temp["is_sensitive"] = self.user_is_sensitive(
                        value[0],
                        admin_count=entry_attributes["adminCount"],
                        member_of=entry_attributes["memberOf"])
                elif key == "cn":
                    temp["cn"] = value[0]
                elif key == "description" and len(value) > 0:
                    temp["description"] = value[0]

            temp["alert_count"] = Activity().related_count(
                temp["entry_type"], temp["domain"], temp["cn"])
            result.append(temp)
        return result
Ejemplo n.º 6
0
 def __init__(self, domain):
     self.domain = get_netbios_domain(domain)
     self.ldap = LDAPSearch(domain)
     self.es = ElasticHelper()
     self.uac_parser = UACFlagsParser()
     self.group_type_parser = GroupTypeParser()