def import_machines(self): print('Importing machines!') for machine in self.get_file('computers')['computers']: #pprint.pprint(machine) #input() m = Machine() m.ad_id = self.ads[machine['Properties']['objectsid'].rsplit( '-', 1)[0]] m.sAMAccountName = machine['Name'].split('.', 1)[0] + '$' m.objectSid = machine['Properties']['objectsid'] m.description = machine['Properties']['description'] m.operatingSystemVersion = machine['Properties']['operatingsystem'] self.db_session.add(m) self.db_session.commit()
def import_machines(self): logger.debug('[BHIMPORT] Importing machines') meta = self.get_file('computers')['meta'] total = meta['count'] for machine in tqdm(self.get_file('computers')['computers'], desc='Machines', total=total, disable=self.disable_print_progress): if self.debug is True: pretty(machine) input() try: if self.bloodhound_version == '2': m = Machine() m.ad_id = self.adn[machine['Properties']['domain']] #m.dn = machine['Properties']['distinguishedname'] m.canLogon = machine['Properties'].get('enabled') m.lastLogonTimestamp = convert_to_dt( machine['Properties'].get('lastlogontimestamp')) m.pwdLastSet = convert_to_dt( machine['Properties'].get('pwdlastset')) m.operatingSystem = machine['Properties'].get( 'operatingsystem') m.dNSHostName = machine['Name'] m.cn = machine['Name'].split('.', 1)[0] m.name = m.cn m.sAMAccountName = machine['Name'].split('.', 1)[0] + '$' m.objectSid = machine['Properties']['objectsid'] m.canLogon = machine['Properties'].get('enabled') m.UAC_TRUSTED_FOR_DELEGATION = machine['Properties'].get( 'unconstraineddelegation') m.description = machine['Properties'].get('description') if machine['Properties'].get('highvalue') is True: hvt = ADObjProps(self.graphid, m.objectSid, 'HVT') self.db_session.add(hvt) #m.operatingSystemVersion = machine['Properties']['operatingsystem'] #not importing [Properties][haslaps] [Properties][serviceprincipalnames] # [AllowedToDelegate] [AllowedToAct] else: m = Machine() m.ad_id = self.adn[machine['Properties']['domain']] m.dn = machine['Properties']['distinguishedname'] m.canLogon = machine['Properties']['enabled'] m.lastLogonTimestamp = convert_to_dt( machine['Properties']['lastlogontimestamp']) m.pwdLastSet = convert_to_dt( machine['Properties']['pwdlastset']) m.operatingSystem = machine['Properties'][ 'operatingsystem'] m.dNSHostName = machine['Properties']['name'] m.cn = machine['Properties']['name'].split('.', 1)[0] m.sAMAccountName = machine['Properties']['name'].split( '.', 1)[0] + '$' m.objectSid = machine['Properties']['objectid'] m.description = machine['Properties']['description'] m.UAC_TRUSTED_FOR_DELEGATION = machine['Properties'].get( 'unconstraineddelegation') #m.operatingSystemVersion = machine['Properties']['operatingsystem'] if machine['Properties'].get('highvalue') is True: hvt = ADObjProps(self.graphid, m.objectSid, 'HVT') self.db_session.add(hvt) if 'serviceprincipalnames' in machine['Properties']: if len(machine['Properties'] ['serviceprincipalnames']) > 0: m.servicePrincipalName = '|'.join( machine['Properties']['serviceprincipalnames']) for spn in machine['Properties'][ 'serviceprincipalnames']: s = BHImport.process_spn(spn, m.objectSid) self.db_session.add(s) if 'Sessions' in machine: for session in machine['Sessions']: self.add_edge(session['UserId'], 'user', session['ComputerId'], 'machine', 'hasSession', m.ad_id) self.add_edge(session['ComputerId'], 'machine', session['UserId'], 'user', 'hasSession', m.ad_id) self.db_session.add(s) #not importing [Properties][haslaps] [AllowedToDelegate] [AllowedToAct] if 'LocalAdmins' in machine and machine[ 'LocalAdmins'] is not None: for localadmin in machine['LocalAdmins']: if self.bloodhound_version == '2': s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = self.sid_name_lookup_v2( localadmin['Name'], localadmin['Type'], m.ad_id) s.groupname = 'Administrators' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype(localadmin['Type']), s.machine_sid, 'machine', 'adminTo', m.ad_id) else: s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = localadmin['MemberId'] s.groupname = 'Administrators' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype( localadmin['MemberType']), s.machine_sid, 'machine', 'adminTo', m.ad_id) if 'DcomUsers' in machine and machine['DcomUsers'] is not None: for localadmin in machine['DcomUsers']: if self.bloodhound_version == '2': s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = self.sid_name_lookup_v2( localadmin['Name'], localadmin['Type'], m.ad_id) s.groupname = 'Distributed COM Users' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype(localadmin['Type']), s.machine_sid, 'machine', 'executeDCOM', m.ad_id) else: s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = localadmin['MemberId'] s.groupname = 'Distributed COM Users' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype( localadmin['MemberType']), s.machine_sid, 'machine', 'executeDCOM', m.ad_id) if 'RemoteDesktopUsers' in machine and machine[ 'RemoteDesktopUsers'] is not None: for localadmin in machine['RemoteDesktopUsers']: if self.bloodhound_version == '2': s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = self.sid_name_lookup_v2( localadmin['Name'], localadmin['Type'], m.ad_id) s.groupname = 'Remote Desktop Users' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype(localadmin['Type']), s.machine_sid, 'machine', 'canRDP', m.ad_id) else: s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = localadmin['MemberId'] s.groupname = 'Remote Desktop Users' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype( localadmin['MemberType']), s.machine_sid, 'machine', 'canRDP', m.ad_id) if 'PSRemoteUsers' in machine: for localadmin in machine['PSRemoteUsers']: if self.bloodhound_version == '2': s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = self.sid_name_lookup_v2( localadmin['Name'], localadmin['Type'], m.ad_id) s.groupname = 'Remote Management Users' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype(localadmin['Type']), s.machine_sid, 'machine', 'psremote', m.ad_id) else: s = LocalGroup() s.ad_id = m.ad_id s.machine_sid = m.objectSid s.sid = localadmin['MemberId'] s.groupname = 'Remote Management Users' self.db_session.add(s) self.add_edge( s.sid, BHImport.convert_otype( localadmin['MemberType']), s.machine_sid, 'machine', 'psremote', m.ad_id) self.db_session.add(m) edgeinfo = EdgeLookup(m.ad_id, m.objectSid, 'machine') self.db_session.add(edgeinfo) #self.db_session.commit() if machine['Aces'] is not None: self.insert_acl(m.objectSid, 'machine', machine['Aces'], m.ad_id) except Exception as e: logger.debug( '[BHIMPORT] Failed importing machine %s Reason: %s' % (machine, e)) continue self.db_session.commit()