def query_path_ownedda(graphid, exclude=None, format='vis'): exclude_edgetypes = __exclude_parse(exclude) if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} da_sids = {} for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids: for res in current_app.db.session.query(Group).filter_by( ad_id=domain_id).filter(Group.objectSid.like('%-512')).all(): da_sids[res.objectSid] = 0 for res in current_app.db.session.query(EdgeLookup.oid)\ .filter_by(ad_id = domain_id)\ .filter(EdgeLookup.oid == ADObjProps.oid)\ .filter(ADObjProps.graph_id == graphid)\ .filter(ADObjProps.prop == 'OWNED')\ .all(): target_sids[res[0]] = 0 res = GraphData() for dst_sid in da_sids: for src_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src_sid, dst_sid, exclude=exclude_edgetypes) return res.to_dict(format=format)
def query_path_asreproast(graphid, exclude=None, format='vis'): exclude_edgetypes = __exclude_parse(exclude) if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} da_sids = {} for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids: for res in current_app.db.session.query(Group).filter_by( ad_id=domain_id).filter(Group.objectSid.like('%-512')).all(): da_sids[res.objectSid] = 0 for res in current_app.db.session.query(ADUser.objectSid)\ .filter_by(ad_id = domain_id)\ .filter(ADUser.UAC_DONT_REQUIRE_PREAUTH == True).all(): target_sids[res[0]] = 0 res = GraphData() for dst_sid in da_sids: for src_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src_sid, dst_sid, exclude=exclude_edgetypes) return res.to_dict(format=format)
def query_path_tohighvalue(graphid, exclude=None, format='vis'): exclude_edgetypes = __exclude_parse(exclude) if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids: for res in current_app.db.session.query(EdgeLookup.oid)\ .filter_by(ad_id = domain_id)\ .filter(EdgeLookup.oid == ADObjProps.oid)\ .filter(ADObjProps.graph_id == graphid)\ .filter(ADObjProps.prop == 'HVT')\ .all(): target_sids[res[0]] = 0 res = GraphData() for dst_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(dst_sid=dst_sid, ignore_notfound=True, exclude=exclude_edgetypes) return res.to_dict(format=format)
def query_path_dcsync(graphid, exclude=None, format='vis'): exclude_edgetypes = __exclude_parse(exclude) if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} da_sids = { } #{current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_sid : 0} for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids: for res in current_app.db.session.query(Group).filter_by( ad_id=domain_id).filter(Group.objectSid.like('%-512')).all(): da_sids[res.objectSid] = 0 for res in current_app.db.session.query(EdgeLookup.oid)\ .filter_by(ad_id = domain_id)\ .filter(EdgeLookup.id == Edge.src)\ .filter(EdgeLookup.oid != None)\ .filter(or_(Edge.label == 'GetChanges', Edge.label == 'GetChangesAll'))\ .all(): target_sids[res[0]] = 0 res = GraphData() for dst_sid in da_sids: for src_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src_sid, dst_sid, exclude=exclude_edgetypes) #for src_sid in target_sids: # res += current_app.config['JACKDAW_GRAPH_DICT'][graphid].shortest_paths(None, src_sid, exclude = exclude_edgetypes) return res.to_dict(format=format)
def query_path_kerberoastany(graphid, exclude=None, format='vis'): exclude_edgetypes = __exclude_parse(exclude) if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} domain_sids = {} path_to_da = [] for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids: res = current_app.db.session.query(ADInfo).get(domain_id) domain_sids[res.objectSid] = 1 for res in current_app.db.session.query(ADUser.objectSid)\ .filter_by(ad_id = domain_id)\ .filter(ADUser.servicePrincipalName != None).all(): target_sids[res[0]] = 0 res = GraphData() for src_sid in target_sids: for domain_sid in domain_sids: if current_app.config['JACKDAW_GRAPH_DICT'][graphid].has_path( src_sid, domain_sid) is False: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src_sid=src_sid, dst_sid=None, exclude=exclude_edgetypes) else: path_to_da.append(src_sid) #TODO: send the path_to_da as well! return res.to_dict(format=format)
def query_path_da(graphid, exclude=None, format='vis'): if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) pathonly = False if format.lower() == 'path': pathonly = True exclude_edgetypes = __exclude_parse(exclude) da_sids = {} for domain_id in current_app.config['JACKDAW_GRAPH_DICT'][graphid].adids: for res in current_app.db.session.query(Group).filter_by( ad_id=domain_id).filter(Group.objectSid.like('%-512')).all(): da_sids[res.objectSid] = 0 if len(da_sids) == 0: return 'No domain administrator group found', 404 res = GraphData() if pathonly is True: res = [] for sid in da_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(None, sid, exclude=exclude_edgetypes, pathonly=pathonly) #print(res) return res.to_dict(format=format)
def query_path_kerberoastda(graphid, format='vis'): if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} da_sids = {} for res in current_app.db.session.query(Group).filter_by( ad_id=current_app.config['JACKDAW_GRAPH_DICT'] [graphid].domain_id).filter(Group.objectSid.like('%-512')).all(): da_sids[res.objectSid] = 0 for res in current_app.db.session.query(ADUser.objectSid)\ .filter_by(ad_id = current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\ .filter(ADUser.servicePrincipalName != None).all(): target_sids[res[0]] = 0 res = GraphData() for dst_sid in da_sids: for src_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src_sid, dst_sid) return res.to_dict(format=format)
def query_path_da(graphid, format='vis'): if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) da_sids = {} #searching for domain admin SID #for node in current_app.config['JACKDAW_GRAPH_DICT'][graphid].get_node(): # print(node) # if node.id == current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_sid + '-512': # da_sids[node.id] = 1 print(current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id) for res in current_app.db.session.query(Group).filter_by( ad_id=current_app.config['JACKDAW_GRAPH_DICT'] [graphid].domain_id).filter(Group.objectSid.like('%-512')).all(): da_sids[res.objectSid] = 0 if len(da_sids) == 0: return 'No domain administrator group found', 404 res = GraphData() for sid in da_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(None, sid) #print(res) return res.to_dict(format=format)
def get_members(graphid, sid, maxhops=1, format='vis'): if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) res = GraphData() res += current_app.config['JACKDAW_GRAPH_DICT'][graphid].get_members( sid, maxhops) return res.to_dict(format='vis')
def query_path_dcsync(graphid, exclude=None, format='vis'): exclude_edgetypes = __exclude_parse(exclude) if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) res = GraphData() res += current_app.config['JACKDAW_GRAPH_DICT'][graphid].get_dcsync() return res.to_dict(format=format)
def query_path_da(graphid, format='vis'): if graphid not in graphs: return 'Graph Not Found', 404 da_sids = {} #searching for domain admin SID for node in graphs[graphid].get_node(): if node.id == graphs[graphid].domain_sid + '-512': da_sids[node.id] = 1 if len(da_sids) == 0: return 'No domain administrator group found', 404 res = GraphData() for sid in da_sids: res += graphs[graphid].all_shortest_paths(None, sid) #print(res) return res.to_dict(format=format)
def query_path_fromowned(graphid, format='vis'): if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} for res in current_app.db.session.query(EdgeLookup.oid)\ .filter_by(ad_id = current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\ .filter(EdgeLookup.oid == ADObjProps.oid)\ .filter(ADObjProps.ad_id == current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\ .filter(ADObjProps.prop == 'OWNED')\ .all(): target_sids[res[0]] = 0 res = GraphData() for src_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src=src_sid) return res.to_dict(format=format)
def query_path_dcsync(graphid, format='vis'): if graphid not in current_app.config['JACKDAW_GRAPH_DICT']: load(graphid) target_sids = {} da_sids = {current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_sid: 0} for res in current_app.db.session.query(EdgeLookup.oid)\ .filter_by(ad_id = current_app.config['JACKDAW_GRAPH_DICT'][graphid].domain_id)\ .filter(EdgeLookup.id == Edge.src)\ .filter(EdgeLookup.oid != None)\ .filter(or_(Edge.label == 'GetChanges', Edge.label == 'GetChangesAll'))\ .all(): target_sids[res[0]] = 0 res = GraphData() for dst_sid in da_sids: for src_sid in target_sids: res += current_app.config['JACKDAW_GRAPH_DICT'][ graphid].shortest_paths(src_sid, dst_sid) return res.to_dict(format=format)