Skip to content

Commit 999bf5f

Browse files
author
Michael Cuomo
authored
chore: Add ObjectID to ComputerStatus (#251)
* chore: Add ObjectID to ComputerStatus * chore: Add ObjectId to CSVComputerStatus
1 parent 6d95d6a commit 999bf5f

12 files changed

Lines changed: 77 additions & 39 deletions

src/CommonLib/CSVComputerStatus.cs

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,15 @@ public class CSVComputerStatus
99
public string ComputerName { get; set; }
1010
public string Task { get; set; }
1111
public string Status { get; set; }
12+
public string ObjectId { get; set; }
1213

1314
/// <summary>
1415
/// Converts to CSV format for output
1516
/// </summary>
1617
/// <returns></returns>
1718
public string ToCsv()
1819
{
19-
return $"{StringToCsvCell(ComputerName)}, {StringToCsvCell(Task)}, {StringToCsvCell(Status)}";
20+
return $"{StringToCsvCell(ComputerName)}, {StringToCsvCell(Task)}, {StringToCsvCell(Status)}, {StringToCsvCell(ObjectId)}";
2021
}
2122

2223
/// <summary>

src/CommonLib/Processors/CertAbuseProcessor.cs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -362,7 +362,8 @@ await SendComputerStatus(new CSVComputerStatus
362362
{
363363
Task = "SamConnect",
364364
ComputerName = computerName,
365-
Status = openServerResult.SError
365+
Status = openServerResult.SError,
366+
ObjectId = computerObjectId,
366367
});
367368
return null;
368369
}
@@ -376,7 +377,8 @@ await SendComputerStatus(new CSVComputerStatus
376377
{
377378
Status = getMachineSidResult.SError,
378379
ComputerName = computerName,
379-
Task = "GetMachineSid"
380+
Task = "GetMachineSid",
381+
ObjectId = computerObjectId,
380382
});
381383
//If we can't get a machine sid, we wont be able to make local principals with unique object ids, or differentiate local/domain objects
382384
_log.LogWarning("Unable to get machineSid for {Computer}: {Status}", computerName, getMachineSidResult.SError);

src/CommonLib/Processors/ComputerAvailability.cs

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ public Task<ComputerStatus> IsComputerAvailable(ResolvedSearchResult result, IDi
4747
var pwdlastset = entry.GetProperty(LDAPProperties.PasswordLastSet);
4848
var lastLogon = entry.GetProperty(LDAPProperties.LastLogonTimestamp);
4949

50-
return IsComputerAvailable(name, os, pwdlastset, lastLogon);
50+
return IsComputerAvailable(name, os, pwdlastset, lastLogon, result.ObjectId);
5151
}
5252

5353
/// <summary>
@@ -60,16 +60,18 @@ public Task<ComputerStatus> IsComputerAvailable(ResolvedSearchResult result, IDi
6060
/// <param name="operatingSystem">The LDAP operatingsystem attribute value</param>
6161
/// <param name="pwdLastSet">The LDAP pwdlastset attribute value</param>
6262
/// <param name="lastLogon">The LDAP lastlogontimestamp attribute value</param>
63+
/// <param name="objectId">The objectId that pertains to the computer.</param>
6364
/// <returns>A <cref>ComputerStatus</cref> object that represents the availability of the computer</returns>
6465
public async Task<ComputerStatus> IsComputerAvailable(string computerName, string operatingSystem,
65-
string pwdLastSet, string lastLogon) {
66+
string pwdLastSet, string lastLogon, string objectId = null) {
6667
if (operatingSystem != null && !operatingSystem.StartsWith("Windows", StringComparison.OrdinalIgnoreCase)) {
6768
_log.LogTrace("{ComputerName} is not available because operating system {OperatingSystem} is not valid",
6869
computerName, operatingSystem);
6970
await SendComputerStatus(new CSVComputerStatus {
7071
Status = ComputerStatus.NonWindowsOS,
7172
Task = "ComputerAvailability",
72-
ComputerName = computerName
73+
ComputerName = computerName,
74+
ObjectId = objectId,
7375
});
7476
return new ComputerStatus {
7577
Connectable = false,
@@ -84,7 +86,8 @@ await SendComputerStatus(new CSVComputerStatus {
8486
await SendComputerStatus(new CSVComputerStatus {
8587
Status = ComputerStatus.NotActive,
8688
Task = "ComputerAvailability",
87-
ComputerName = computerName
89+
ComputerName = computerName,
90+
ObjectId = objectId,
8891
});
8992
return new ComputerStatus {
9093
Connectable = false,
@@ -103,7 +106,8 @@ await SendComputerStatus(new CSVComputerStatus {
103106
await SendComputerStatus(new CSVComputerStatus {
104107
Status = ComputerStatus.PortNotOpen,
105108
Task = "ComputerAvailability",
106-
ComputerName = computerName
109+
ComputerName = computerName,
110+
ObjectId = objectId,
107111
});
108112
return new ComputerStatus {
109113
Connectable = false,
@@ -116,7 +120,8 @@ await SendComputerStatus(new CSVComputerStatus {
116120
await SendComputerStatus(new CSVComputerStatus {
117121
Status = CSVComputerStatus.StatusSuccess,
118122
Task = "ComputerAvailability",
119-
ComputerName = computerName
123+
ComputerName = computerName,
124+
ObjectId = objectId,
120125
});
121126

122127
return new ComputerStatus {

src/CommonLib/Processors/ComputerSessionProcessor.cs

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,8 @@ public async Task<SessionAPIResult> ReadUserSessions(string computerName, string
8787
await SendComputerStatus(new CSVComputerStatus {
8888
Status = result.GetErrorStatus(),
8989
Task = "NetSessionEnum",
90-
ComputerName = computerName
90+
ComputerName = computerName,
91+
ObjectId = computerSid,
9192
});
9293
_log.LogTrace("NetSessionEnum failed on {ComputerName}: {Status}", computerName, result.Status);
9394
ret.Collected = false;
@@ -99,7 +100,8 @@ await SendComputerStatus(new CSVComputerStatus {
99100
await SendComputerStatus(new CSVComputerStatus {
100101
Status = CSVComputerStatus.StatusSuccess,
101102
Task = "NetSessionEnum",
102-
ComputerName = computerName
103+
ComputerName = computerName,
104+
ObjectId = computerSid,
103105
});
104106

105107
ret.Collected = true;
@@ -144,6 +146,7 @@ await SendComputerStatus(new CSVComputerStatus {
144146
Status = CSVComputerStatus.StatusSuccess,
145147
Task = "NetSessionEnum",
146148
ComputerName = computerSessionName,
149+
ObjectId = resolvedComputerSID,
147150
});
148151
}
149152

@@ -166,6 +169,7 @@ await SendComputerStatus(new CSVComputerStatus {
166169
Status = CSVComputerStatus.StatusSuccess,
167170
Task = "NetSessionEnum",
168171
ComputerName = computerSessionName,
172+
ObjectId = resolvedComputerSID,
169173
});
170174
results.Add(new Session {
171175
ComputerSID = resolvedComputerSID,
@@ -225,7 +229,8 @@ public async Task<SessionAPIResult> ReadUserSessionsPrivileged(string computerNa
225229
await SendComputerStatus(new CSVComputerStatus {
226230
Status = result.GetErrorStatus(),
227231
Task = "NetWkstaUserEnum",
228-
ComputerName = computerName
232+
ComputerName = computerName,
233+
ObjectId = computerSid,
229234
});
230235
_log.LogTrace("NetWkstaUserEnum failed on {ComputerName}: {Status}", computerName, result.Status);
231236
ret.Collected = false;
@@ -237,7 +242,8 @@ await SendComputerStatus(new CSVComputerStatus {
237242
await SendComputerStatus(new CSVComputerStatus {
238243
Status = result.Status.ToString(),
239244
Task = "NetWkstaUserEnum",
240-
ComputerName = computerName
245+
ComputerName = computerName,
246+
ObjectId = computerSid,
241247
});
242248

243249
ret.Collected = true;
@@ -292,7 +298,8 @@ public async Task<SessionAPIResult> ReadUserSessionsRegistry(string computerName
292298
await SendComputerStatus(new CSVComputerStatus {
293299
Status = CSVComputerStatus.StatusSuccess,
294300
Task = "RegistrySessionEnum",
295-
ComputerName = computerName
301+
ComputerName = computerName,
302+
ObjectId = computerSid,
296303
});
297304
_log.LogTrace("Registry session enum succeeded on {ComputerName}", computerName);
298305
var results = new List<Session>();
@@ -319,7 +326,8 @@ await SendComputerStatus(new CSVComputerStatus {
319326
await SendComputerStatus(new CSVComputerStatus {
320327
Status = e.Message,
321328
Task = "RegistrySessionEnum",
322-
ComputerName = computerName
329+
ComputerName = computerName,
330+
ObjectId = computerSid,
323331
});
324332
ret.Collected = false;
325333
ret.FailureReason = e.Message;

src/CommonLib/Processors/DCLdapProcessor.cs

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ public DCLdapProcessor(int connectionTimeoutMs, string dcHostname, ILogger log =
4545

4646
public event ComputerStatusDelegate ComputerStatusEvent;
4747

48-
public async Task<LdapService> Scan(string computerName) {
48+
public async Task<LdapService> Scan(string computerName, string computerObjectId) {
4949
var hasLdap = await TestLdapPort();
5050
var hasLdaps = await TestLdapsPort();
5151
SharpHoundRPC.Result<bool> isSigningRequired = new(),
@@ -63,29 +63,33 @@ public async Task<LdapService> Scan(string computerName) {
6363
await SendComputerStatus(new CSVComputerStatus {
6464
Status = isSigningRequired.Error,
6565
Task = "DCLdapIsSigningRequired",
66-
ComputerName = computerName
66+
ComputerName = computerName,
67+
ObjectId = computerObjectId
6768
});
6869
_log.LogTrace("DCLdapScan failed on IsSigningRequired for {ComputerName}: {Status}", computerName, isSigningRequired.Status);
6970
} else {
7071
await SendComputerStatus(new CSVComputerStatus {
7172
Status = CSVComputerStatus.StatusSuccess,
7273
Task = "DCLdapIsSigningRequired",
73-
ComputerName = computerName
74+
ComputerName = computerName,
75+
ObjectId = computerObjectId
7476
});
7577
}
7678

7779
if (isChannelBindingDisabled.IsFailed) {
7880
await SendComputerStatus(new CSVComputerStatus {
7981
Status = isChannelBindingDisabled.Error,
8082
Task = "DCLdapIsChannelBindingDisabled",
81-
ComputerName = computerName
83+
ComputerName = computerName,
84+
ObjectId = computerObjectId,
8285
});
8386
_log.LogTrace("DCLdapScan failed on IsChannelBindingDisabled for {ComputerName}: {Status}", computerName, isSigningRequired.Status);
8487
} else {
8588
await SendComputerStatus(new CSVComputerStatus {
8689
Status = CSVComputerStatus.StatusSuccess,
8790
Task = "DCLdapIsChannelBindingDisabled",
88-
ComputerName = computerName
91+
ComputerName = computerName,
92+
ObjectId = computerObjectId,
8993
});
9094
}
9195

src/CommonLib/Processors/LdapPropertyProcessor.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -269,6 +269,7 @@ await SendComputerStatus(new CSVComputerStatus {
269269
Status = CSVComputerStatus.StatusSuccess,
270270
Task = nameof(ReadUserProperties),
271271
ComputerName = Helpers.StripServicePrincipalName(d).ToUpper().TrimEnd('$'),
272+
ObjectId = resolvedHost.SecurityIdentifier,
272273
});
273274
comps.Add(new TypedPrincipal {
274275
ObjectIdentifier = resolvedHost.SecurityIdentifier,
@@ -384,6 +385,7 @@ await SendComputerStatus(new CSVComputerStatus {
384385
Status = CSVComputerStatus.StatusSuccess,
385386
Task = nameof(ReadComputerProperties),
386387
ComputerName = d,
388+
ObjectId = resolvedHost.SecurityIdentifier,
387389
});
388390
comps.Add(new TypedPrincipal {
389391
ObjectIdentifier = resolvedHost.SecurityIdentifier,

src/CommonLib/Processors/LocalGroupProcessor.cs

Lines changed: 16 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,8 @@ await SendComputerStatus(new CSVComputerStatus
7777
{
7878
Task = "SamConnect",
7979
ComputerName = computerName,
80-
Status = openServerResult.SError
80+
Status = openServerResult.SError,
81+
ObjectId = computerObjectId,
8182
});
8283
yield break;
8384
}
@@ -96,7 +97,8 @@ await SendComputerStatus(new CSVComputerStatus
9697
{
9798
Status = getMachineSidResult.SError,
9899
ComputerName = computerName,
99-
Task = "GetMachineSid"
100+
Task = "GetMachineSid",
101+
ObjectId = computerObjectId,
100102
});
101103
//If we can't get a machine sid, we wont be able to make local principals with unique object ids, or differentiate local/domain objects
102104
_log.LogWarning("Unable to get machineSid for {Computer}: {Status}. Abandoning local group processing", computerName, getMachineSidResult.SError);
@@ -120,7 +122,8 @@ await SendComputerStatus(new CSVComputerStatus
120122
{
121123
Task = "GetDomains",
122124
ComputerName = computerName,
123-
Status = getDomainsResult.SError
125+
Status = getDomainsResult.SError,
126+
ObjectId = computerObjectId,
124127
});
125128
yield break;
126129
}
@@ -141,7 +144,8 @@ await SendComputerStatus(new CSVComputerStatus
141144
{
142145
Task = $"OpenDomain - {domainResult.Name}",
143146
ComputerName = computerName,
144-
Status = openDomainResult.SError
147+
Status = openDomainResult.SError,
148+
ObjectId = computerObjectId,
145149
});
146150
if (openDomainResult.IsTimeout) {
147151
yield break;
@@ -161,7 +165,8 @@ await SendComputerStatus(new CSVComputerStatus
161165
{
162166
Task = $"GetAliases - {domainResult.Name}",
163167
ComputerName = computerName,
164-
Status = getAliasesResult.SError
168+
Status = getAliasesResult.SError,
169+
ObjectId = computerObjectId,
165170
});
166171

167172
if (getAliasesResult.IsTimeout) {
@@ -193,7 +198,8 @@ await SendComputerStatus(new CSVComputerStatus
193198
{
194199
Task = $"OpenAlias - {alias.Name}",
195200
ComputerName = computerName,
196-
Status = openAliasResult.SError
201+
Status = openAliasResult.SError,
202+
ObjectId = computerObjectId,
197203
});
198204
ret.Collected = false;
199205
ret.FailureReason = $"SamOpenAliasInDomain failed with status {openAliasResult.SError}";
@@ -214,7 +220,8 @@ await SendComputerStatus(new CSVComputerStatus
214220
{
215221
Task = $"GetMembersInAlias - {alias.Name}",
216222
ComputerName = computerName,
217-
Status = getMembersResult.SError
223+
Status = getMembersResult.SError,
224+
ObjectId = computerObjectId,
218225
});
219226
ret.Collected = false;
220227
ret.FailureReason = $"SamGetMembersInAlias failed with status {getMembersResult.SError}";
@@ -229,7 +236,8 @@ await SendComputerStatus(new CSVComputerStatus
229236
{
230237
Task = $"GetMembersInAlias - {alias.Name}",
231238
ComputerName = computerName,
232-
Status = CSVComputerStatus.StatusSuccess
239+
Status = CSVComputerStatus.StatusSuccess,
240+
ObjectId = computerObjectId,
233241
});
234242

235243
var results = new List<TypedPrincipal>();

src/CommonLib/Processors/SPNProcessors.cs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ await SendComputerStatus(new CSVComputerStatus {
5959
Status = CSVComputerStatus.StatusSuccess,
6060
Task = nameof(ReadSPNTargets),
6161
ComputerName = Helpers.StripServicePrincipalName(spn).ToUpper().TrimEnd('$'),
62+
ObjectId = host
6263
});
6364
yield return new SPNPrivilege {
6465
ComputerSID = host,

src/CommonLib/Processors/SmbProcessor.cs

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -25,14 +25,15 @@ public SmbProcessor(int timeoutMs, ISmbScanner smbScanner = null, ILogger log =
2525
}
2626

2727
public event ComputerStatusDelegate ComputerStatusEvent;
28-
public virtual async Task<APIResult<SmbInfo>> Scan(string host) {
28+
public virtual async Task<APIResult<SmbInfo>> Scan(string host, string securityIdentifier) {
2929
var result = await _scanHostAdaptiveTimeout.ExecuteRPCWithTimeout((timeoutToken) => _smbScanner.ScanHost(host, 445, timeoutToken));
3030

3131
if (result.IsFailed) {
3232
await SendComputerStatus(new CSVComputerStatus {
3333
Status = result.Error,
3434
Task = "SmbScan",
35-
ComputerName = host
35+
ComputerName = host,
36+
ObjectId = securityIdentifier,
3637
});
3738
_log.LogTrace("SmbScan failed on {ComputerName}: {Status}", host, result.Error);
3839
return APIResult<SmbInfo>.Failure(result.Error);
@@ -43,7 +44,8 @@ await SendComputerStatus(new CSVComputerStatus {
4344
await SendComputerStatus(new CSVComputerStatus {
4445
Status = result.Error ?? "Unknown error",
4546
Task = "SmbScan",
46-
ComputerName = host
47+
ComputerName = host,
48+
ObjectId = securityIdentifier,
4749
});
4850
_log.LogTrace("SmbScan failed on {ComputerName} - null result: {Status}", host, result.Status);
4951
return APIResult<SmbInfo>.Failure(result.Error ?? "Unknown error");
@@ -53,7 +55,8 @@ await SendComputerStatus(new CSVComputerStatus {
5355
await SendComputerStatus(new CSVComputerStatus {
5456
Status = CSVComputerStatus.StatusSuccess,
5557
Task = "SmbScan",
56-
ComputerName = host
58+
ComputerName = host,
59+
ObjectId = securityIdentifier,
5760
});
5861

5962
var info = new SmbInfo() {

0 commit comments

Comments
 (0)