def add_edge(self, src_sid, dst_sid, label): self.total_edges += 1 src_id = self.session.query(EdgeLookup.id).filter_by( oid=src_sid).filter(EdgeLookup.ad_id == self.ad_id).first() if src_id is None: #this should not happen t = EdgeLookup(self.ad_id, src_sid, 'unknown') self.session.add(t) self.session.commit() self.session.refresh(t) src_id = t.id else: src_id = src_id[0] dst_id = self.session.query(EdgeLookup.id).filter_by( oid=dst_sid).filter(EdgeLookup.ad_id == self.ad_id).first() if dst_id is None: #this should not happen t = EdgeLookup(self.ad_id, dst_sid, 'unknown') self.session.add(t) self.session.commit() self.session.refresh(t) dst_id = t.id else: dst_id = dst_id[0] edge = Edge(self.ad_id, src_id, dst_id, label) self.session.add(edge)
async def store_ous(self, ou): ou.ad_id = self.ad_id self.session.add(ou) #self.session.commit() #self.session.refresh(ou) t = EdgeLookup(self.ad_id, ou.objectGUID, 'ou') self.session.add(t) if ou.gPLink is not None and ou.gPLink != 'None': for x in ou.gPLink.split(']'): if x is None or x == 'None': continue x = x.strip() if x == '': continue gp, order = x[1:].split(';') gp = re.search(r'{(.*?)}', gp).group(1) gp = '{' + gp + '}' link = Gplink() link.ad_id = self.ad_id link.ou_guid = ou.objectGUID link.gpo_dn = gp link.order = order self.session.add(link) #self.session.flush() data = { 'dn': ou.dn, 'sid': None, 'guid': ou.objectGUID, 'object_type': 'ou' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n')
async def store_machine(self, machine_and_del): machine = machine_and_del['machine'] delegations = machine_and_del['delegations'] machine.ad_id = self.ad_id t = EdgeLookup(self.ad_id, machine.objectSid, 'machine') self.session.add(t) self.session.add(machine) #self.session.commit() #self.session.refresh(machine) for d in delegations: d.machine_sid = machine.objectSid d.ad_id = self.ad_id self.session.add(d) #self.session.commit() #self.session.flush() if self.stream_data is True and self.progress_queue is not None: msg = GathererProgress() msg.type = GathererProgressType.MACHINE msg.msg_type = MSGTYPE.FINISHED msg.adid = self.ad_id msg.domain_name = self.domain_name msg.data = machine await self.progress_queue.put(msg) data = { 'dn': machine.dn, 'sid': machine.objectSid, 'guid': machine.objectGUID, 'object_type': 'machine' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n') if self.members_file_handle is not None: self.members_file_handle.write(json.dumps(data).encode() + b'\r\n')
async def store_user(self, user_and_spn): user = user_and_spn['user'] spns = user_and_spn['spns'] user.ad_id = self.ad_id self.session.add(user) t = EdgeLookup(self.ad_id, user.objectSid, 'user') self.session.add(t) for spn in spns: spn.ad_id = self.ad_id self.session.add(spn) if self.stream_data is True and self.progress_queue is not None: msg = GathererProgress() msg.type = GathererProgressType.USER msg.msg_type = MSGTYPE.FINISHED msg.adid = self.ad_id msg.domain_name = self.domain_name msg.data = user await self.progress_queue.put(msg) #self.session.flush() data = { 'dn': user.dn, 'sid': user.objectSid, 'guid': user.objectGUID, 'object_type': 'user' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n') if self.members_file_handle is not None: self.members_file_handle.write(json.dumps(data).encode() + b'\r\n')
async def store_domain(self, info): info.ldap_enumeration_state = 'STARTED' self.domain_name = str(info.distinguishedName).replace(',', '.').replace( 'DC=', '') self.session.add(info) self.session.commit() self.session.refresh(info) self.ad_id = info.id graph = GraphInfo() graph.ad_id = self.ad_id self.session.add(graph) self.session.commit() self.session.refresh(graph) self.graph_id = graph.id t = EdgeLookup(self.ad_id, info.objectSid, 'domain') self.session.add(t) data = { 'dn': info.distinguishedName, 'sid': info.objectSid, 'guid': info.objectGUID, 'object_type': 'domain' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n')
async def store_group(self, group): group.ad_id = self.ad_id t = EdgeLookup(self.ad_id, group.objectSid, 'group') self.session.add(t) self.session.add(group) #self.session.flush() data = { 'dn': group.dn, 'sid': group.objectSid, 'guid': group.objectGUID, 'object_type': 'group' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n') if self.members_file_handle is not None: self.members_file_handle.write(json.dumps(data).encode() + b'\r\n') if self.stream_data is True and self.progress_queue is not None: msg = GathererProgress() msg.type = GathererProgressType.GROUP msg.msg_type = MSGTYPE.FINISHED msg.adid = self.ad_id msg.domain_name = self.domain_name msg.data = group await self.progress_queue.put(msg)
async def store_gpo(self, gpo): gpo.ad_id = self.ad_id self.session.add(gpo) #self.session.flush() t = EdgeLookup(self.ad_id, gpo.objectGUID, 'gpo') self.session.add(t) data = { 'dn': gpo.dn, 'sid': None, 'guid': gpo.objectGUID, 'object_type': 'gpo' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n')
def get_id_for_sid(self, sid, otype = 'unknown', with_boost = False): if sid in self.boost_dict: return self.boost_dict[sid] orig = sid sid = self.session.query(EdgeLookup.id).filter_by(oid = sid).filter(EdgeLookup.ad_id == self.ad_id).first() if sid is None: #this should not happen t = EdgeLookup(self.ad_id, sid, 'unknown') self.session.add(t) self.session.commit() self.session.refresh(t) sid = t.id else: sid = sid[0] self.boost_dict[orig] = sid return sid
def sid_to_id_lookup(self, sid, ad_id, object_type): if sid in self.lookup: return self.lookup[sid] src_id = self.session.query(EdgeLookup.id).filter_by(oid = sid).filter(EdgeLookup.ad_id == ad_id).first() if src_id is None: t = EdgeLookup(ad_id, sid, object_type) self.session.add(t) self.session.commit() self.session.refresh(t) src_id = t.id self.lookup[sid] = src_id else: src_id = src_id[0] self.lookup[sid] = src_id return src_id
async def store_group(self, group): group.ad_id = self.ad_id t = EdgeLookup(self.ad_id, group.objectSid, 'group') self.session.add(t) self.session.add(group) #self.session.flush() data = { 'dn': group.dn, 'sid': group.objectSid, 'guid': group.objectGUID, 'object_type': 'group' } if self.sd_file_handle is not None: self.sd_file_handle.write(json.dumps(data).encode() + b'\r\n') if self.members_file_handle is not None: self.members_file_handle.write(json.dumps(data).encode() + b'\r\n')
async def store_trust(self, trust): trust.ad_id = self.ad_id self.session.add(trust) t = EdgeLookup(self.ad_id, trust.securityIdentifier, 'trust') self.session.add(t)