def query_path_ownedda(graphid, exclude=None, format='vis'):
exclude_edgetypes = __exclude_parse(exclude)
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
da_sids = {}
for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids:
for res in current_app.db.session.query(Group).filter_by(
ad_id=domain_id).filter(Group.objectSid.like('%-512')).all():
da_sids[res.objectSid] = 0
for res in current_app.db.session.query(EdgeLookup.oid)\
.filter_by(ad_id = domain_id)\
.filter(EdgeLookup.oid == ADObjProps.oid)\
.filter(ADObjProps.graph_id == graphid)\
.filter(ADObjProps.prop == 'OWNED')\
.all():
target_sids[res[0]] = 0
res = GraphData()
for dst_sid in da_sids:
for src_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src_sid,
dst_sid,
exclude=exclude_edgetypes)
return res.to_dict(format=format)
def query_path_asreproast(graphid, exclude=None, format='vis'):
exclude_edgetypes = __exclude_parse(exclude)
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
da_sids = {}
for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids:
for res in current_app.db.session.query(Group).filter_by(
ad_id=domain_id).filter(Group.objectSid.like('%-512')).all():
da_sids[res.objectSid] = 0
for res in current_app.db.session.query(ADUser.objectSid)\
.filter_by(ad_id = domain_id)\
.filter(ADUser.UAC_DONT_REQUIRE_PREAUTH == True).all():
target_sids[res[0]] = 0
res = GraphData()
for dst_sid in da_sids:
for src_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src_sid,
dst_sid,
exclude=exclude_edgetypes)
return res.to_dict(format=format)
def query_path_tohighvalue(graphid, exclude=None, format='vis'):
exclude_edgetypes = __exclude_parse(exclude)
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids:
for res in current_app.db.session.query(EdgeLookup.oid)\
.filter_by(ad_id = domain_id)\
.filter(EdgeLookup.oid == ADObjProps.oid)\
.filter(ADObjProps.graph_id == graphid)\
.filter(ADObjProps.prop == 'HVT')\
.all():
target_sids[res[0]] = 0
res = GraphData()
for dst_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(dst_sid=dst_sid,
ignore_notfound=True,
exclude=exclude_edgetypes)
return res.to_dict(format=format)
def query_path_dcsync(graphid, exclude=None, format='vis'):
exclude_edgetypes = __exclude_parse(exclude)
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
da_sids = {
} #{current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_sid : 0}
for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids:
for res in current_app.db.session.query(Group).filter_by(
ad_id=domain_id).filter(Group.objectSid.like('%-512')).all():
da_sids[res.objectSid] = 0
for res in current_app.db.session.query(EdgeLookup.oid)\
.filter_by(ad_id = domain_id)\
.filter(EdgeLookup.id == Edge.src)\
.filter(EdgeLookup.oid != None)\
.filter(or_(Edge.label == 'GetChanges', Edge.label == 'GetChangesAll'))\
.all():
target_sids[res[0]] = 0
res = GraphData()
for dst_sid in da_sids:
for src_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src_sid,
dst_sid,
exclude=exclude_edgetypes)
#for src_sid in target_sids:
# res += current_app.config['JACKDAW_GRAPH_DICT'][graphid].shortest_paths(None, src_sid, exclude = exclude_edgetypes)
return res.to_dict(format=format)
def query_path_kerberoastany(graphid, exclude=None, format='vis'):
exclude_edgetypes = __exclude_parse(exclude)
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
domain_sids = {}
path_to_da = []
for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids:
res = current_app.db.session.query(ADInfo).get(domain_id)
domain_sids[res.objectSid] = 1
for res in current_app.db.session.query(ADUser.objectSid)\
.filter_by(ad_id = domain_id)\
.filter(ADUser.servicePrincipalName != None).all():
target_sids[res[0]] = 0
res = GraphData()
for src_sid in target_sids:
for domain_sid in domain_sids:
if current_app.config['JACKDAW_GRAPH_DICT'][graphid].has_path(
src_sid, domain_sid) is False:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src_sid=src_sid,
dst_sid=None,
exclude=exclude_edgetypes)
else:
path_to_da.append(src_sid)
#TODO: send the path_to_da as well!
return res.to_dict(format=format)
def query_path_da(graphid, exclude=None, format='vis'):
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
pathonly = False
if format.lower() == 'path':
pathonly = True
exclude_edgetypes = __exclude_parse(exclude)
da_sids = {}
for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids:
for res in current_app.db.session.query(Group).filter_by(
ad_id=domain_id).filter(Group.objectSid.like('%-512')).all():
da_sids[res.objectSid] = 0
if len(da_sids) == 0:
return 'No domain administrator group found', 404
res = GraphData()
if pathonly is True:
res = []
for sid in da_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(None,
sid,
exclude=exclude_edgetypes,
pathonly=pathonly)
#print(res)
return res.to_dict(format=format)
def query_path_kerberoastda(graphid, format='vis'):
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
da_sids = {}
for res in current_app.db.session.query(Group).filter_by(
ad_id=current_app.config['JACKDAW_GRAPH_DICT']
[graphid].domain_id).filter(Group.objectSid.like('%-512')).all():
da_sids[res.objectSid] = 0
for res in current_app.db.session.query(ADUser.objectSid)\
.filter_by(ad_id = current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\
.filter(ADUser.servicePrincipalName != None).all():
target_sids[res[0]] = 0
res = GraphData()
for dst_sid in da_sids:
for src_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src_sid, dst_sid)
return res.to_dict(format=format)
def query_path_da(graphid, format='vis'):
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
da_sids = {}
#searching for domain admin SID
#for node in current_app.config['JACKDAW_GRAPH_DICT'][graphid].get_node():
# print(node)
# if node.id == current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_sid + '-512':
# da_sids[node.id] = 1
print(current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)
for res in current_app.db.session.query(Group).filter_by(
ad_id=current_app.config['JACKDAW_GRAPH_DICT']
[graphid].domain_id).filter(Group.objectSid.like('%-512')).all():
da_sids[res.objectSid] = 0
if len(da_sids) == 0:
return 'No domain administrator group found', 404
res = GraphData()
for sid in da_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(None, sid)
#print(res)
return res.to_dict(format=format)
def get_members(graphid, sid, maxhops=1, format='vis'):
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
res = GraphData()
res += current_app.config['JACKDAW_GRAPH_DICT'][graphid].get_members(
sid, maxhops)
return res.to_dict(format='vis')
def query_path_dcsync(graphid, exclude=None, format='vis'):
exclude_edgetypes = __exclude_parse(exclude)
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
res = GraphData()
res += current_app.config['JACKDAW_GRAPH_DICT'][graphid].get_dcsync()
return res.to_dict(format=format)
def query_path_da(graphid, format='vis'):
if graphid not in graphs:
return 'Graph Not Found', 404
da_sids = {}
#searching for domain admin SID
for node in graphs[graphid].get_node():
if node.id == graphs[graphid].domain_sid + '-512':
da_sids[node.id] = 1
if len(da_sids) == 0:
return 'No domain administrator group found', 404
res = GraphData()
for sid in da_sids:
res += graphs[graphid].all_shortest_paths(None, sid)
#print(res)
return res.to_dict(format=format)
def query_path_fromowned(graphid, format='vis'):
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
for res in current_app.db.session.query(EdgeLookup.oid)\
.filter_by(ad_id = current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\
.filter(EdgeLookup.oid == ADObjProps.oid)\
.filter(ADObjProps.ad_id == current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\
.filter(ADObjProps.prop == 'OWNED')\
.all():
target_sids[res[0]] = 0
res = GraphData()
for src_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src=src_sid)
return res.to_dict(format=format)
def query_path_dcsync(graphid, format='vis'):
if graphid not in current_app.config['JACKDAW_GRAPH_DICT']:
load(graphid)
target_sids = {}
da_sids = {current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_sid: 0}
for res in current_app.db.session.query(EdgeLookup.oid)\
.filter_by(ad_id = current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\
.filter(EdgeLookup.id == Edge.src)\
.filter(EdgeLookup.oid != None)\
.filter(or_(Edge.label == 'GetChanges', Edge.label == 'GetChangesAll'))\
.all():
target_sids[res[0]] = 0
res = GraphData()
for dst_sid in da_sids:
for src_sid in target_sids:
res += current_app.config['JACKDAW_GRAPH_DICT'][
graphid].shortest_paths(src_sid, dst_sid)
return res.to_dict(format=format)
