diff --git a/SourceCode/src/.vs/zBang/v14/.suo b/SourceCode/src/.vs/zBang/v14/.suo new file mode 100644 index 00000000..c4d46bf3 Binary files /dev/null and b/SourceCode/src/.vs/zBang/v14/.suo differ diff --git a/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarLexer.cs b/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarLexer.cs index caf77893..3ba887ad 100644 --- a/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarLexer.cs +++ b/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarLexer.cs @@ -8,7 +8,7 @@ // //------------------------------------------------------------------------------ -// $ANTLR 3.3.1.7705 ./Dot/AntlrParser/DotGrammar.g 2018-11-07 10:45:19 +// $ANTLR 3.3.1.7705 ./Dot/AntlrParser/DotGrammar.g 2021-11-11 10:49:16 // The variable 'variable' is assigned but its value is never used. #pragma warning disable 219 diff --git a/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarParser.cs b/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarParser.cs index 94004b8b..cd0722e9 100644 --- a/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarParser.cs +++ b/SourceCode/src/Graphviz4Net.Core/Dot/AntlrParser/Generated/DotGrammarParser.cs @@ -8,7 +8,7 @@ // //------------------------------------------------------------------------------ -// $ANTLR 3.3.1.7705 ./Dot/AntlrParser/DotGrammar.g 2018-11-07 10:45:19 +// $ANTLR 3.3.1.7705 ./Dot/AntlrParser/DotGrammar.g 2021-11-11 10:49:16 // The variable 'variable' is assigned but its value is never used. #pragma warning disable 219 diff --git a/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.dll b/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.dll index d486ed34..5b3bd78d 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.dll and b/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.dll differ diff --git a/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.pdb b/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.pdb index 582f32c0..dc200568 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.pdb and b/SourceCode/src/Graphviz4Net.Core/bin/Debug/Graphviz4Net.pdb differ diff --git a/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.dll b/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.dll index 1895e2eb..ef545a67 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.dll and b/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.dll differ diff --git a/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.pdb b/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.pdb index 8284a06e..896bb761 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.pdb and b/SourceCode/src/Graphviz4Net.Core/bin/Release/Graphviz4Net.pdb differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.Core/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache index 7c159f62..8d6b9c97 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.Core/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.Core.csproj.FileListAbsolute.txt b/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.Core.csproj.FileListAbsolute.txt index eefba89e..4c99170c 100644 --- a/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.Core.csproj.FileListAbsolute.txt +++ b/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.Core.csproj.FileListAbsolute.txt @@ -3,3 +3,8 @@ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.Core\bin\Debug\Antlr3.Runtime.dll C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.Core\obj\Debug\Graphviz4Net.dll C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.Core\obj\Debug\Graphviz4Net.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\bin\Debug\Graphviz4Net.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\bin\Debug\Graphviz4Net.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\bin\Debug\Antlr3.Runtime.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\obj\Debug\Graphviz4Net.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\obj\Debug\Graphviz4Net.pdb diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.dll b/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.dll index d486ed34..5b3bd78d 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.dll and b/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.dll differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.pdb b/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.pdb index 582f32c0..dc200568 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.pdb and b/SourceCode/src/Graphviz4Net.Core/obj/Debug/Graphviz4Net.pdb differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferences.cache b/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferences.cache index 98ca12c1..220aa346 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferences.cache and b/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferences.cache differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache index db6f83f7..e7c0a2df 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.Core/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csproj.FileListAbsolute.txt b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csproj.FileListAbsolute.txt index 7ed46a5d..11b943f5 100644 --- a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csproj.FileListAbsolute.txt +++ b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csproj.FileListAbsolute.txt @@ -4,3 +4,9 @@ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.Core\obj\Release\Graphviz4Net.dll C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.Core\obj\Release\Graphviz4Net.pdb C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.Core\obj\Release\Graphviz4Net.Core.csprojResolveAssemblyReference.cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\bin\Release\Graphviz4Net.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\bin\Release\Graphviz4Net.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\bin\Release\Antlr3.Runtime.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\obj\Release\Graphviz4Net.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\obj\Release\Graphviz4Net.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.Core\obj\Release\Graphviz4Net.Core.csprojResolveAssemblyReference.cache diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csprojResolveAssemblyReference.cache b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csprojResolveAssemblyReference.cache index 97418122..79fc0516 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csprojResolveAssemblyReference.cache and b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.Core.csprojResolveAssemblyReference.cache differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.dll b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.dll index 1895e2eb..ef545a67 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.dll and b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.dll differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.pdb b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.pdb index 8284a06e..896bb761 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.pdb and b/SourceCode/src/Graphviz4Net.Core/obj/Release/Graphviz4Net.pdb differ diff --git a/SourceCode/src/Graphviz4Net.Core/obj/Release/TempPE/Dot.AntlrParser.Generated.DotGrammarLexer.cs.dll b/SourceCode/src/Graphviz4Net.Core/obj/Release/TempPE/Dot.AntlrParser.Generated.DotGrammarLexer.cs.dll index a36a7061..35f0def0 100644 Binary files a/SourceCode/src/Graphviz4Net.Core/obj/Release/TempPE/Dot.AntlrParser.Generated.DotGrammarLexer.cs.dll and b/SourceCode/src/Graphviz4Net.Core/obj/Release/TempPE/Dot.AntlrParser.Generated.DotGrammarLexer.cs.dll differ diff --git a/SourceCode/src/Graphviz4Net.Tests/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.Tests/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache index bd088b01..a28aef51 100644 Binary files a/SourceCode/src/Graphviz4Net.Tests/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.Tests/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.Tests/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.Tests/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache index 97dd0320..cb2c19e4 100644 Binary files a/SourceCode/src/Graphviz4Net.Tests/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.Tests/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.Tests/obj/Release/build.force b/SourceCode/src/Graphviz4Net.Tests/obj/Release/build.force new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/Avatars/Web Portal.png b/SourceCode/src/Graphviz4Net.WPF.Example/Avatars/Web Portal.png new file mode 100644 index 00000000..7a2df7c8 Binary files /dev/null and b/SourceCode/src/Graphviz4Net.WPF.Example/Avatars/Web Portal.png differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/Images/logoSeparator.png b/SourceCode/src/Graphviz4Net.WPF.Example/Images/logoSeparator.png new file mode 100644 index 00000000..38352c96 Binary files /dev/null and b/SourceCode/src/Graphviz4Net.WPF.Example/Images/logoSeparator.png differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/Images/logoSeparator_b.png b/SourceCode/src/Graphviz4Net.WPF.Example/Images/logoSeparator_b.png new file mode 100644 index 00000000..5335c6ea Binary files /dev/null and b/SourceCode/src/Graphviz4Net.WPF.Example/Images/logoSeparator_b.png differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/MainWindow.xaml.cs b/SourceCode/src/Graphviz4Net.WPF.Example/MainWindow.xaml.cs index 2a45cb30..17b5bc1f 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/MainWindow.xaml.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/MainWindow.xaml.cs @@ -1,5 +1,4 @@ - -namespace Graphviz4Net.WPF.Example +namespace Graphviz4Net.WPF.Example { using System; using System.Windows; @@ -56,7 +55,7 @@ private static BitmapImage GetImage(string imageUri) { var bitmapImage = new BitmapImage(); bitmapImage.BeginInit(); - bitmapImage.UriSource = new Uri( "pack://siteoforigin:,,,/" + imageUri, UriKind.RelativeOrAbsolute ); + bitmapImage.UriSource = new Uri("pack://siteoforigin:,,,/" + imageUri, UriKind.RelativeOrAbsolute); bitmapImage.EndInit(); return bitmapImage; } @@ -77,52 +76,52 @@ public MainWindow() //MessageBox.Show("testing456"); - using( PowerShell PowerShellInstance = PowerShell.Create() ) + using (PowerShell PowerShellInstance = PowerShell.Create()) { // use "AddScript" to add the contents of a script file to the end of the execution pipeline. // use "AddCommand" to add individual commands/cmdlets to the end of the execution pipeline. - PowerShellInstance.AddScript( "$PSVersionTable" ); + PowerShellInstance.AddScript("$PSVersionTable"); Collection PSOutput = PowerShellInstance.Invoke(); string outputlog = "-------------------------------------------\n"; - foreach( PSObject outputItem in PSOutput ) + foreach (PSObject outputItem in PSOutput) { // we should be getting a hashtable... dump it to the log file - if( outputItem != null ) + if (outputItem != null) { //TODO: do something with the output item System.Collections.Hashtable hash = outputItem.BaseObject as System.Collections.Hashtable; - if( ((System.Version)hash["PSVersion"]).Major < 3) + if (((System.Version)hash["PSVersion"]).Major < 3) MessageBox.Show("The zBang Tool needs PowerShell version >= 3.0\nPlease download an updated version from\nhttps://www.microsoft.com/en-us/download/details.aspx?id=34595"); - foreach( string key in hash.Keys ) + foreach (string key in hash.Keys) { - if( hash[key].GetType() == typeof( System.Version[] ) ) + if (hash[key].GetType() == typeof(System.Version[])) { System.Version[] vers = (System.Version[])hash[key]; string verstr = ""; - foreach( System.Version ver in vers ) + foreach (System.Version ver in vers) { verstr += ver.ToString() + ","; } string format = "{0,-25}\t{1,-10}"; - string result = string.Format( format, key, verstr ); + string result = string.Format(format, key, verstr); outputlog += /*key + "\t\t\t" + verstr +*/result + "\n"; } else { string format = "{0,-25}\t{1,-10}"; - string result = string.Format( format, key, hash[key] ); + string result = string.Format(format, key, hash[key]); outputlog += result + "\n"; } } } } outputlog += "-------------------------------------------\n"; - File.AppendAllText( /*"..\\..\\ZBANG\\log.txt"*/logFileName, "\n\nzBang Launched at " + DateTime.Now.ToString() + "\n" + outputlog + "\n" ); + File.AppendAllText( /*"..\\..\\ZBANG\\log.txt"*/logFileName, "\n\nzBang Launched at " + DateTime.Now.ToString() + "\n" + outputlog + "\n"); } // endusing powershell - if( !GetDotNetVersion.Get45PlusFromRegistry( logFileName ) ) + if (!GetDotNetVersion.Get45PlusFromRegistry(logFileName)) { - MessageBox.Show(".NET Version is below 4.5\nPlease download .NET 4.5 from microsoft.com...\nPlease download from https://www.microsoft.com/en-us/download/details.aspx?id=30653 \nAborting...", "Info", MessageBoxButton.OK, MessageBoxImage.Hand ); + MessageBox.Show(".NET Version is below 4.5\nPlease download .NET 4.5 from microsoft.com...\nPlease download from https://www.microsoft.com/en-us/download/details.aspx?id=30653 \nAborting...", "Info", MessageBoxButton.OK, MessageBoxImage.Hand); System.Windows.Application.Current.Shutdown(); return; } @@ -131,15 +130,15 @@ public MainWindow() try { List domainNames; - int count = viewModel.enumerateDomainInForest( out domainNames ); + int count = viewModel.enumerateDomainInForest(out domainNames); string _outputlog = "\n" + count.ToString() + " domain(s) in forest:\n"; int c = 0; - foreach( string dom in domainNames ) + foreach (string dom in domainNames) { c++; _outputlog += "(" + c.ToString() + ") " + dom + "\n"; } - File.AppendAllText( logFileName, _outputlog ); + File.AppendAllText(logFileName, _outputlog); } catch { @@ -149,24 +148,24 @@ public MainWindow() /** LOAD IMAGES **/ //string ImagesPath = "pack://application:,,/Graphviz4Net.WPF.Example;component/Images/aetosdios_trans.png"; string ImagesPath = "./Images/flashlight.png"; - Uri uri = new Uri( ImagesPath, UriKind.RelativeOrAbsolute ); - BitmapImage bitmap = new BitmapImage( uri ); + Uri uri = new Uri(ImagesPath, UriKind.RelativeOrAbsolute); + BitmapImage bitmap = new BitmapImage(uri); imgACLight.Source = bitmap; - imgSkeleton.Source = new BitmapImage( new Uri( @"Images/aetosdios_trans.png", UriKind.Relative ) ); - imgRisky.Source = new BitmapImage( new Uri( @"./Images/aetosdios_trans.png", UriKind.Relative ) ); - imgSID.Source = new BitmapImage( new Uri( @"./Images/aetosdios_trans.png", UriKind.Relative ) ); - imgMistique.Source = new BitmapImage( new Uri( @"./Images/aetosdios_trans.png", UriKind.Relative ) ); - bulletACL.Source = new BitmapImage( new Uri( @"./Images/flashlight.png", UriKind.Relative ) ); - bulletSkeleton.Source = new BitmapImage( new Uri( @"./Images/key.png", UriKind.Relative ) ); - bulletSID.Source = new BitmapImage( new Uri( @"./Images/theater.png", UriKind.Relative ) ); - bulletSPN.Source = new BitmapImage( new Uri( @"./Images/clerk.png", UriKind.Relative ) );//Source="pack://application:,,,/Images/bullet_grey.png" - bulletMystique.Source = new BitmapImage( new Uri( @"./Images/role-playing-game.png", UriKind.Relative ) ); - imgArrowLeft.Source = new BitmapImage( new Uri( @"./Images/arrow_left.png", UriKind.Relative ) ); + imgSkeleton.Source = new BitmapImage(new Uri(@"Images/aetosdios_trans.png", UriKind.Relative)); + imgRisky.Source = new BitmapImage(new Uri(@"./Images/aetosdios_trans.png", UriKind.Relative)); + imgSID.Source = new BitmapImage(new Uri(@"./Images/aetosdios_trans.png", UriKind.Relative)); + imgMistique.Source = new BitmapImage(new Uri(@"./Images/aetosdios_trans.png", UriKind.Relative)); + bulletACL.Source = new BitmapImage(new Uri(@"./Images/flashlight.png", UriKind.Relative)); + bulletSkeleton.Source = new BitmapImage(new Uri(@"./Images/key.png", UriKind.Relative)); + bulletSID.Source = new BitmapImage(new Uri(@"./Images/theater.png", UriKind.Relative)); + bulletSPN.Source = new BitmapImage(new Uri(@"./Images/clerk.png", UriKind.Relative));//Source="pack://application:,,,/Images/bullet_grey.png" + bulletMystique.Source = new BitmapImage(new Uri(@"./Images/role-playing-game.png", UriKind.Relative)); + imgArrowLeft.Source = new BitmapImage(new Uri(@"./Images/arrow_left.png", UriKind.Relative)); /* NS GITHUB imageLogo.Source = new BitmapImage(new Uri(@"./Images/LogoSeparator_b.png", UriKind.Relative)); */ - ToolTipService.ShowDurationProperty.OverrideMetadata( typeof( DependencyObject ), new FrameworkPropertyMetadata( Int32.MaxValue ) ); + ToolTipService.ShowDurationProperty.OverrideMetadata(typeof(DependencyObject), new FrameworkPropertyMetadata(Int32.MaxValue)); tabControl.Visibility = Visibility.Hidden; GraphLayout.Visibility = Visibility.Hidden; @@ -188,7 +187,7 @@ public MainWindow() this.WindowState = WindowState.Maximized; System.Reflection.Assembly assembly = System.Reflection.Assembly.GetExecutingAssembly(); - FileVersionInfo fvi = FileVersionInfo.GetVersionInfo( assembly.Location ); + FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(assembly.Location); string version = fvi.FileVersion; //this.Title = "Zbang Tool Suite, ver." + version + " CyberArk 2018"; @@ -206,11 +205,11 @@ public MainWindow() zoomControl.Background.Opacity = 0.09; */ } - catch ( Exception e ) + catch (Exception e) { - System.Windows.MessageBox.Show( e.Message ); + System.Windows.MessageBox.Show(e.Message); } - } // end MainWindow + } // end MainWindow #if zero @@ -263,7 +262,7 @@ void runLaunchWindow() selectTogglesForms atoggle = new selectTogglesForms(); bool dresult = (bool)atoggle.ShowDialog(); - if( !dresult ) + if (!dresult) { //System.Windows.Application.Current.Shutdown(); return; @@ -275,35 +274,35 @@ void runLaunchWindow() toggleMystique.IsChecked = false; int aq = atoggle.whoIsSelected & (1 << (int)MainWindow.TABITEMS.ACLLIGHT); - if( aq != 0 ) + if (aq != 0) toggleACLight.IsChecked = true; aq = atoggle.whoIsSelected & (1 << (int)MainWindow.TABITEMS.SKELETONKEY); - if( aq != 0 ) + if (aq != 0) toggleSkeleton.IsChecked = true; aq = atoggle.whoIsSelected & (1 << (int)MainWindow.TABITEMS.SIDHISTORY); - if( aq != 0 ) + if (aq != 0) toggleSIDHistory.IsChecked = true; aq = atoggle.whoIsSelected & (1 << (int)MainWindow.TABITEMS.RISKYSPNS); - if( aq != 0 ) + if (aq != 0) toggleRisky.IsChecked = true; aq = atoggle.whoIsSelected & (1 << (int)MainWindow.TABITEMS.MYSTIQUE); - if( aq != 0 ) + if (aq != 0) toggleMystique.IsChecked = true; - if( atoggle.isLaunched == 1 ) + if (atoggle.isLaunched == 1) { - this.LaunchZbang.RaiseEvent( new RoutedEventArgs( ButtonBase.ClickEvent ) ); + this.LaunchZbang.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent)); } - else if( atoggle.isLaunched == 0 ) - this.Launch.RaiseEvent( new RoutedEventArgs( ButtonBase.ClickEvent ) ); - else if( atoggle.isLaunched == 2) + else if (atoggle.isLaunched == 0) + this.Launch.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent)); + else if (atoggle.isLaunched == 2) { - this.ImportButton.RaiseEvent( new RoutedEventArgs( ButtonBase.ClickEvent ) ); + this.ImportButton.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent)); } } // endfunc launch window - void UpdatePersonClick(object sender, RoutedEventArgs e) + void UpdatePersonClick(object sender, RoutedEventArgs e) { /* this.viewModel.UpdatePersonName = (string) this.UpdatePersonName.SelectedItem; @@ -342,7 +341,7 @@ private void ToggleButton_UnChecked(object sender, RoutedEventArgs e) { rtbACL.Visibility = Visibility.Hidden; // hide the rich text ACL view pressed--; - if( pressed <= 0 ) + if (pressed <= 0) { Launch.IsEnabled = false; LaunchZbang.IsEnabled = false; @@ -365,26 +364,26 @@ private void launchButton_clicked(object sender, RoutedEventArgs e) GraphLayout.Visibility = Visibility.Visible; //---> disable all the tabitems not in the launch game - if( !(bool)toggleACLight.IsChecked ) + if (!(bool)toggleACLight.IsChecked) ACLLight.IsEnabled = false; else ACLLight.IsEnabled = true; - if( !(bool)toggleSkeleton.IsChecked ) + if (!(bool)toggleSkeleton.IsChecked) SkeletonItem.IsEnabled = false; else SkeletonItem.IsEnabled = true; - if( !(bool)toggleSIDHistory.IsChecked ) + if (!(bool)toggleSIDHistory.IsChecked) SIDHistoryItem.IsEnabled = false; else SIDHistoryItem.IsEnabled = true; - if( !(bool)toggleRisky.IsChecked ) + if (!(bool)toggleRisky.IsChecked) SPNItem.IsEnabled = false; else SPNItem.IsEnabled = true; - if( !(bool)toggleMystique.IsChecked ) + if (!(bool)toggleMystique.IsChecked) MystiqueItem.IsEnabled = false; else MystiqueItem.IsEnabled = true; @@ -395,27 +394,27 @@ private void launchButton_clicked(object sender, RoutedEventArgs e) EasyPeasy.IsEnabled = true; */ // if acl light button pressed? - if( (bool)toggleACLight.IsChecked ) + if ((bool)toggleACLight.IsChecked) { - if( !ACLLight.IsSelected) + if (!ACLLight.IsSelected) firstTimeShowACL = true; ACLLight.IsSelected = true; - if( viewModel.scanACLoutputForDomains( null, "ACLight Discovered Domains" ) == 1 ) - this.viewModel.reformatCardsGraph( null, true ); + if (viewModel.scanACLoutputForDomains(null, "ACLight Discovered Domains") == 1) + this.viewModel.reformatCardsGraph(null, true); else viewModel.onScreen = MainWindowViewModel.ON_SCREEN.DOMAIN_CARDS; } - else if( (bool)toggleSkeleton.IsChecked ) + else if ((bool)toggleSkeleton.IsChecked) { SkeletonItem.IsSelected = true; //this.viewModel.showSkeletonKeyResults(true); } - else if( (bool)toggleSIDHistory.IsChecked ) + else if ((bool)toggleSIDHistory.IsChecked) { SIDHistoryItem.IsSelected = true; } - else if( (bool)toggleRisky.IsChecked ) + else if ((bool)toggleRisky.IsChecked) { SPNItem.IsSelected = true; } @@ -431,7 +430,7 @@ private void launchButton_clicked(object sender, RoutedEventArgs e) private void menuShowMachines(object sender, RoutedEventArgs e) { - if( sender == showmach || sender == showmach2 ) + if (sender == showmach || sender == showmach2) { showmach.IsChecked = !showmach.IsChecked; showmach2.IsChecked = !showmach2.IsChecked; @@ -472,7 +471,7 @@ private void TabControl_SelectionChanged(object sender, System.Windows.Controls. int sel = tabControl.SelectedIndex; - if( sel == (int)TABITEMS.ACLLIGHT && Launch.IsEnabled && !firstTimeShowACL) + if (sel == (int)TABITEMS.ACLLIGHT && Launch.IsEnabled && !firstTimeShowACL) { if (viewModel.scanACLoutputForDomains(null, "ACLight Discovered Domains") == 1) { @@ -481,22 +480,22 @@ private void TabControl_SelectionChanged(object sender, System.Windows.Controls. else viewModel.onScreen = MainWindowViewModel.ON_SCREEN.DOMAIN_CARDS; } - else if( sel == (int)TABITEMS.SKELETONKEY && Launch.IsEnabled ) + else if (sel == (int)TABITEMS.SKELETONKEY && Launch.IsEnabled) { - this.viewModel.showSkeletonKeyResults( true ); + this.viewModel.showSkeletonKeyResults(true); } - else if( sel == (int)TABITEMS.MYSTIQUE && Launch.IsEnabled ) + else if (sel == (int)TABITEMS.MYSTIQUE && Launch.IsEnabled) { viewModel.onScreen = MainWindowViewModel.ON_SCREEN.RISKYSPN_ON_SCREEN; - Mystique.Run( null, this.viewModel.mysticInputFile ); + Mystique.Run(null, this.viewModel.mysticInputFile); } - else if( sel == (int)TABITEMS.SIDHISTORY && Launch.IsEnabled ) + else if (sel == (int)TABITEMS.SIDHISTORY && Launch.IsEnabled) { viewModel.onScreen = MainWindowViewModel.ON_SCREEN.SIDHISTORY_ON_SCREEN; SIDHistory.Run(null, this.viewModel.sidHistoryInputFile); } - else if( sel == (int)TABITEMS.RISKYSPNS && Launch.IsEnabled ) + else if (sel == (int)TABITEMS.RISKYSPNS && Launch.IsEnabled) { int ret; if ((ret = viewModel.scanACLoutputForDomains(this.viewModel.RISKYSPNInputFile, "RiskySPNs Discovered Domains")) <= 1) @@ -512,21 +511,21 @@ private void TabControl_SelectionChanged(object sender, System.Windows.Controls. private void labelMouseDown(object sender, MouseButtonEventArgs e) { - if( rtbACL.Visibility == Visibility.Visible) + if (rtbACL.Visibility == Visibility.Visible) { rtbACL.Visibility = Visibility.Hidden; return; } - if( sender.GetType() == typeof( TextBlock ) ) + if (sender.GetType() == typeof(TextBlock)) { TextBlock block = (TextBlock)sender; string selectedText = block.Text; - if( this.ViewModel.onScreen != MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN ) + if (this.ViewModel.onScreen != MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN) return; string curDir = Directory.GetCurrentDirectory(); - StreamReader sr = File.OpenText( String.Format( "{0}/../../ZBANG/ACLight Attack Path Update.html", curDir ) ); + StreamReader sr = File.OpenText(String.Format("{0}/../../ZBANG/ACLight Attack Path Update.html", curDir)); TextBox.Text = sr.ReadToEnd(); sr.Close(); /* @@ -551,28 +550,28 @@ private void labelMouseDown(object sender, MouseButtonEventArgs e) public int allowMouseLeave; private void Border_MouseEnter(object sender, System.Windows.Input.MouseEventArgs e) { - if( sender.GetType() == typeof(System.Windows.Shapes.Path)) + if (sender.GetType() == typeof(System.Windows.Shapes.Path)) { System.Windows.Shapes.Path pth = (System.Windows.Shapes.Path)sender; pth.Stroke = System.Windows.Media.Brushes.Gold; return; } - if( sender.GetType() == typeof( System.Windows.Controls.TextBlock) ) + if (sender.GetType() == typeof(System.Windows.Controls.TextBlock)) { System.Windows.Controls.TextBlock pth = (System.Windows.Controls.TextBlock)sender; - pth.Background= System.Windows.Media.Brushes.Gold; + pth.Background = System.Windows.Media.Brushes.Gold; return; } Person ppp = (Person)(((System.Windows.Controls.Border)sender).DataContext); - if( ppp != highlightedPerson && this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN ) + if (ppp != highlightedPerson && this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN) { - this.viewModel.highlightEdges( ppp ); + this.viewModel.highlightEdges(ppp); highlightedPerson = ppp; showtime = DateTime.Now; allowMouseLeave = 0; } - else if( ppp == highlightedPerson && allowMouseLeave == 0 ) + else if (ppp == highlightedPerson && allowMouseLeave == 0) allowMouseLeave = 1; } @@ -592,28 +591,28 @@ private void LabelClicked(object sender, System.Windows.Input.MouseEventArgs e) - private void Border_MouseLeave(object sender, System.Windows.Input.MouseEventArgs e) + private void Border_MouseLeave(object sender, System.Windows.Input.MouseEventArgs e) { - if( sender.GetType() == typeof( System.Windows.Shapes.Path ) ) + if (sender.GetType() == typeof(System.Windows.Shapes.Path)) { System.Windows.Shapes.Path pth = (System.Windows.Shapes.Path)sender; pth.Stroke = System.Windows.Media.Brushes.Black; return; } - if( sender.GetType() == typeof( System.Windows.Controls.TextBlock ) ) + if (sender.GetType() == typeof(System.Windows.Controls.TextBlock)) { System.Windows.Controls.TextBlock pth = (System.Windows.Controls.TextBlock)sender; pth.Background = System.Windows.Media.Brushes.Transparent; return; } - if( allowMouseLeave != 1 ) + if (allowMouseLeave != 1) return; Person ppp = (Person)(((System.Windows.Controls.Border)sender).DataContext); - if(/*ppp == highlightedPerson &&*/ this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN ) + if (/*ppp == highlightedPerson &&*/ this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN) { - this.viewModel.dehighlightEdges( ppp ); + this.viewModel.dehighlightEdges(ppp); highlightedPerson = null; } } @@ -623,20 +622,20 @@ private void GoBackButton(object sender, RoutedEventArgs e) rtbACL.Visibility = Visibility.Hidden; // hide the rich text ACL view highlightedPerson = null; allowMouseLeave = 0; - showtime = new DateTime( 0 ); - if( this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN ) - this.viewModel.reformatCardsGraph( null, true ); - else if( this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.CARDS_ON_SCREEN_WITH_DOMAIN_SELECTION ) + showtime = new DateTime(0); + if (this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.ACLLIGHT_ON_SCREEN) + this.viewModel.reformatCardsGraph(null, true); + else if (this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.CARDS_ON_SCREEN_WITH_DOMAIN_SELECTION) { - this.viewModel.scanACLoutputForDomains( null, "ACLight Discovered Domains" ); + this.viewModel.scanACLoutputForDomains(null, "ACLight Discovered Domains"); viewModel.onScreen = MainWindowViewModel.ON_SCREEN.DOMAIN_CARDS; } - else if( this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.RISKYSPN_WITH_DOMAIN_SELECTION ) + else if (this.viewModel.onScreen == MainWindowViewModel.ON_SCREEN.RISKYSPN_WITH_DOMAIN_SELECTION) { - if( viewModel.scanACLoutputForDomains( this.viewModel.RISKYSPNInputFile, "RiskySPN Discovered Domains" ) == 1 ) + if (viewModel.scanACLoutputForDomains(this.viewModel.RISKYSPNInputFile, "RiskySPN Discovered Domains") == 1) { viewModel.onScreen = MainWindowViewModel.ON_SCREEN.RISKYSPN_ON_SCREEN; - riskySPNs.Run( null, this.viewModel.RISKYSPNInputFile ); + riskySPNs.Run(null, this.viewModel.RISKYSPNInputFile); backButton.Visibility = Visibility.Hidden; } else @@ -651,7 +650,7 @@ private void CheckBox_Checked(object sender, RoutedEventArgs e) { CheckBox a = (CheckBox)sender; object der = (object)a.Parent; - if( typeof( Person ) == der.GetType() ) + if (typeof(Person) == der.GetType()) { Person person = (Person)der; person.BackColor = "LightGreen"; @@ -682,31 +681,31 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) Report-PotentiallyCrackableAccounts -Type CSV -Path $PSScriptRoot\Results\RiskySPNs -DoNotOpen -Name RiskySPNs -test */ - if( whatToRun == 0 ) + if (whatToRun == 0) { prg = new ProgressWindow(); prg.Show(); prg.textBlockPowershell.Text += "\n"; - if ( (bool)toggleSIDHistory.IsChecked ) + if ((bool)toggleSIDHistory.IsChecked) whatToRun |= (1 << 2); - if( (bool)toggleSkeleton.IsChecked ) + if ((bool)toggleSkeleton.IsChecked) whatToRun |= (1 << 1); - if( (bool)toggleRisky.IsChecked ) + if ((bool)toggleRisky.IsChecked) whatToRun |= (1 << 3); - if( (bool)toggleMystique.IsChecked ) + if ((bool)toggleMystique.IsChecked) whatToRun |= (1 << 4); - if( (bool)this.toggleACLight.IsChecked ) + if ((bool)this.toggleACLight.IsChecked) whatToRun |= (1 << 0); } // END OF ROUND - else if( whatToRun == -1 ) + else if (whatToRun == -1) { prg.label1.Content = "*** FINISHED ***"; prg.progressBar1.Visibility = Visibility.Hidden; // press the click on the launch button - Launch.RaiseEvent( new RoutedEventArgs( ButtonBase.ClickEvent ) ); + Launch.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent)); whatToRun = 0; //MessageBox.Show( logString, "Log Output for Launch at " + DateTime.Now.ToString(), MessageBoxButton.OK ); @@ -729,38 +728,41 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) ramCounter = new PerformanceCounter("Memory", "Available MBytes", true); - File.AppendAllText( logFileName/*"..\\..\\ZBANG\\log.txt"*/, "Log Output for Launch at " + DateTime.Now.ToString() + ", version " + version + "\n" + - "Free RAM: " + ramCounter.NextValue().ToString()+"MB\n" + - "CPU Usage: " + cpuCounter.NextValue().ToString() + "%\n" + - "Computer Name: " + machineName + ", user Name: " + username + "\n" + - logString + "\n\n\n\n"); - ExportButton.RaiseEvent( new RoutedEventArgs( ButtonBase.ClickEvent ) ); + File.AppendAllText(logFileName/*"..\\..\\ZBANG\\log.txt"*/, "Log Output for Launch at " + DateTime.Now.ToString() + ", version " + version + "\n" + + "Free RAM: " + ramCounter.NextValue().ToString() + "MB\n" + + "CPU Usage: " + cpuCounter.NextValue().ToString() + "%\n" + + "Computer Name: " + machineName + ", user Name: " + username + "\n" + + logString + "\n\n\n\n"); + ExportButton.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent)); totalString = ""; prg.Close(); return; } - if( (whatToRun & 1) != 0 ) // aclight + if ((whatToRun & 1) != 0) // aclight { //string args = "/K \"powershell.exe -ExecutionPolicy Bypass -noprofile -command \"Import-Module './ACLight.psm1' -force ; Start-ACLsAnalysis\"\""; string args = "-ExecutionPolicy Bypass -noprofile -command \"Import-Module './ACLight.ps1' -force ; Start-ACLsAnalysis\""; - // testing ////////// ???? windowRunPowerShell("Import-Module './../../ZBANG/ACLight-master/ACLight.psm1 ; Start-ACLsAnalysis'"); - List domainNames; - int count = viewModel.enumerateDomainInForest( out domainNames); - if( count > 1 ) - { - domainSelection ds = new domainSelection( domainNames); - bool dialogresult = (bool)ds.ShowDialog(); - // - if( ds.selection != -1) - { - args = args.Substring( 0, args.Length - 1) + " -domain '" + domainNames[ds.selection] + "'\""; - // NO NEED !!! MessageBox.Show( args, "error" ); - } - } + //List domainNames; + //int count = viewModel.enumerateDomainInForest(out domainNames); + //if (count > 1) + //{ + // domainSelection ds = new domainSelection(domainNames, "ACLight"); + // bool dialogresult = (bool)ds.ShowDialog(); + // // + // if (ds.selection != -1) + // { + // args = args.Substring(0, args.Length - 1) + " -domain '" + domainNames[ds.selection] + "'\""; + // // NO NEED !!! MessageBox.Show( args, "error" ); + // } + //} + + + modifyArgsByDomainSelections(ref args, "ACLight"); + #if zero // start by scanning all comain in forest and if more than one domain is present pop up the question int count = viewModel.enumerateDomainInForest(); @@ -799,7 +801,7 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) } catch { } - + var processStartInfo = new ProcessStartInfo @@ -812,13 +814,13 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) UseShellExecute = false, CreateNoWindow = true }; - var process = Process.Start( processStartInfo ); + var process = Process.Start(processStartInfo); process.OutputDataReceived += CaptureOutput; process.ErrorDataReceived += CaptureOutput; - Thread runThread = new Thread( this.runThread ); - runThread.Start( process ); + Thread runThread = new Thread(this.runThread); + runThread.Start(process); } // endof aclight - else if( (whatToRun & (1 << 1)) != 0 ) // skeleton + else if ((whatToRun & (1 << 1)) != 0) // skeleton { //prg.Show(); prg.progressBar1.Value = 50; @@ -843,13 +845,13 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) UseShellExecute = false, CreateNoWindow = true }; - var process = Process.Start( processStartInfo ); + var process = Process.Start(processStartInfo); process.OutputDataReceived += CaptureOutput; process.ErrorDataReceived += CaptureOutput; - Thread runThread = new Thread( this.runThread ); - runThread.Start( process ); + Thread runThread = new Thread(this.runThread); + runThread.Start(process); } - else if( (whatToRun & (1 << 2)) != 0 ) // SID History + else if ((whatToRun & (1 << 2)) != 0) // SID History { //prg.Show(); prg.progressBar1.Value = 50; @@ -859,24 +861,31 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) logString = "\n--------------------------------------------\nPowershell - SID History:\n--------------------------------------------\n\n"; File.AppendAllText( /*"..\\..\\ZBANG\\log.txt"*/logFileName, logString); + string args = "-ExecutionPolicy Bypass -noprofile -command \"Import-Module '.\\SIDHistory_Scanner.ps1' -force ; Report-UsersWithSIDHistory\""; + //string args = "-ExecutionPolicy Bypass -noprofile -Command \"& { ./SIDHistory_Scanner.ps1 }\""; + modifyArgsByDomainSelections(ref args, "SID History"); + var processStartInfo = new ProcessStartInfo { FileName = @"Powershell.exe", //Arguments = "-ExecutionPolicy Bypass -noprofile -Command \"& . ./SIDHistory_Scanner.ps1; Report-UsersWithSIDHistory '-Type \"CSV\"' '-Path \"Results\"' '-DoNotOpen'\"", //Arguments = "-ExecutionPolicy Bypass -noprofile -Command \"& { ./SIDHistory_Scanner.ps1; Report-UsersWithSIDHistory -Type CSV -Path Results -DoNotOpen }\"", - Arguments = "-ExecutionPolicy Bypass -noprofile -Command \"& { ./SIDHistory_Scanner.ps1 }\"", + + //Arguments = "-ExecutionPolicy Bypass -noprofile -Command \"& { ./SIDHistory_Scanner.ps1 }\"", + Arguments = args, + WorkingDirectory = "../../ZBANG/SIDHistory", RedirectStandardOutput = true, UseShellExecute = false, CreateNoWindow = true }; - var process = Process.Start( processStartInfo ); + var process = Process.Start(processStartInfo); process.OutputDataReceived += CaptureOutput; process.ErrorDataReceived += CaptureOutput; - Thread runThread = new Thread( this.runThread ); - runThread.Start( process ); + Thread runThread = new Thread(this.runThread); + runThread.Start(process); } - else if( (whatToRun & (1 << 3)) != 0 ) // RiskySPN + else if ((whatToRun & (1 << 3)) != 0) // RiskySPN { //prg.Show(); prg.progressBar1.Value = 50; @@ -893,15 +902,22 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) prg.label1.Content = "Now running RiskySPN test..."; totalString += "\n\n\n" + DateTime.Now.ToString() + "> Now Running RiskySPN\n"; + + //string args = "-ExecutionPolicy Bypass -noprofile -command \"& { ./Find-PotentiallyCrackableAccounts.ps1 }\""; + string args = "-ExecutionPolicy Bypass -noprofile -command \"Import-Module '.\\Find-PotentiallyCrackableAccounts.ps1' -force ; Export-PotentiallyCrackableAccounts\""; + modifyArgsByDomainSelections(ref args, "RiskySPN"); + var processStartInfo = new ProcessStartInfo { FileName = @"Powershell.exe", //Arguments = "-ExecutionPolicy Bypass -noprofile -command \"./Get-PotentiallyCrackableAccounts.ps1; Report-PotentiallyCrackableAccounts -Type 'CSV' -DoNotOpen -Path 'Results/' -Name 'RiskySPNs-test'\"", //Arguments = "-ExecutionPolicy Bypass -noprofile -Command \"& { .\\Get-PotentiallyCrackableAccounts.ps1; Report-PotentiallyCrackableAccounts -Type CSV -DoNotOpen -Path Results/ -Name RiskySPNs-test}\"", //Arguments = "-ExecutionPolicy Bypass -noprofile -Command \"& { ./Get-PotentiallyCrackableAccounts.ps1 }", - + //##### 26/12/2017 Arguments = "-ExecutionPolicy Bypass -noprofile -command \"Import-Module './RiskySPNs.psm1' -force\"", - Arguments = "-ExecutionPolicy Bypass -noprofile -command \"& { ./Find-PotentiallyCrackableAccounts.ps1 }\"", + Arguments = args, + //Arguments = args, + //string args = ; /*-Type 'CSV' -Path '..\\..\\ZBANG\\RiskySPN-master\\Results\\' -DoNotOpen -Name 'RiskySPNs-test'",*/ @@ -910,13 +926,13 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) UseShellExecute = false, CreateNoWindow = true }; - var process = Process.Start( processStartInfo ); + var process = Process.Start(processStartInfo); process.OutputDataReceived += CaptureOutput; process.ErrorDataReceived += CaptureOutput; - Thread runThread = new Thread( this.runThread ); - runThread.Start( process ); + Thread runThread = new Thread(this.runThread); + runThread.Start(process); } - else if( (whatToRun & (1 << 4)) != 0 ) + else if ((whatToRun & (1 << 4)) != 0) { //prg.Show(); prg.label1.Content = "Now running Mystique test..."; @@ -940,11 +956,11 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) UseShellExecute = false, CreateNoWindow = true }; - var process = Process.Start( processStartInfo ); + var process = Process.Start(processStartInfo); process.OutputDataReceived += CaptureOutput; process.ErrorDataReceived += CaptureOutput; - Thread runThread = new Thread( this.runThread ); - runThread.Start( process ); + Thread runThread = new Thread(this.runThread); + runThread.Start(process); } } // endfunc @@ -954,7 +970,7 @@ private void launchPowershellButton_clicked(object sender, RoutedEventArgs e) * * @param string args - arguments to run * - **/ + **/ void windowRunPowerShell(string args) { using (PowerShell PowerShellInstance = PowerShell.Create()) @@ -962,9 +978,9 @@ void windowRunPowerShell(string args) Directory.SetCurrentDirectory("../../ZBANG/ACLight-master"); // use "AddScript" to add the contents of a script file to the end of the execution pipeline. // use "AddCommand" to add individual commands/cmdlets to the end of the execution pipeline. - PowerShellInstance.AddScript( "Set-ExecutionPolicy Bypass"); - string script = File.ReadAllText( "ACLight.ps1"); - PowerShellInstance.AddScript( script); + PowerShellInstance.AddScript("Set-ExecutionPolicy Bypass"); + string script = File.ReadAllText("ACLight.ps1"); + PowerShellInstance.AddScript(script); //PowerShellInstance.AddCommand("Import-Module").AddArgument("ACLight.psm1"); Collection PSOutput = PowerShellInstance.Invoke(); @@ -1004,7 +1020,7 @@ void CaptureOutput(object sender, DataReceivedEventArgs e) File.AppendAllText( /*"..\\..\\ZBANG\\log.txt"*/logFileName, e.Data + "\n"); - prg.textBlockPowershell.Select (prg.textBlockPowershell.Text.Length, 0); + prg.textBlockPowershell.Select(prg.textBlockPowershell.Text.Length, 0); prg.myScroll.LineDown(); prg.myScroll.LineDown(); @@ -1028,22 +1044,22 @@ public void runThread(object process) prc.BeginOutputReadLine(); //prc.BeginErrorReadLine(); - while( !prc.HasExited ) + while (!prc.HasExited) { - if( quitApplication ) + if (quitApplication) { prc.Close(); - Dispatcher.BeginInvoke( new Action( delegate + Dispatcher.BeginInvoke(new Action(delegate { //prg.Close(); - } ) ); + })); return; } } //prc.WaitForExit(); - Dispatcher.BeginInvoke( new Action( delegate + Dispatcher.BeginInvoke(new Action(delegate { //prg.Hide(); string output = ""; @@ -1057,34 +1073,34 @@ public void runThread(object process) } */ - if( (whatToRun & (1 << 0)) != 0 ) + if ((whatToRun & (1 << 0)) != 0) { whatToRun = whatToRun & (~1); } - else if( (whatToRun & (1 << 1)) != 0 ) + else if ((whatToRun & (1 << 1)) != 0) { whatToRun = whatToRun & (~2); //logString += "Powershell - Skeleton Key:\n" + output + "\n\n\n"; } - else if( (whatToRun & (1 << 2)) != 0 ) + else if ((whatToRun & (1 << 2)) != 0) { whatToRun = whatToRun & (~4); //logString += "Powershell - SID History:\n" + output + "\n\n\n"; } - else if( (whatToRun & (1 << 3)) != 0 ) + else if ((whatToRun & (1 << 3)) != 0) { whatToRun = whatToRun & (~(1 << 3)); //logString += "Powershell - RiskySPN:\n" + output + "\n\n\n"; } - else if( (whatToRun & (1 << 4)) != 0 ) + else if ((whatToRun & (1 << 4)) != 0) { whatToRun = whatToRun & (~(1 << 4)); //logString += "Powershell - Mystique:\n" + output + "\n\n\n"; } - if( whatToRun == 0 ) whatToRun--; - LaunchZbang.RaiseEvent( new RoutedEventArgs( ButtonBase.ClickEvent ) ); - } ) ); + if (whatToRun == 0) whatToRun--; + LaunchZbang.RaiseEvent(new RoutedEventArgs(ButtonBase.ClickEvent)); + })); return; #if zero @@ -1167,7 +1183,7 @@ public void runThread(object process) private void DataWindow_Closing(object sender, System.ComponentModel.CancelEventArgs e) { quitApplication = true; - System.Environment.Exit( 0 ); + System.Environment.Exit(0); } private void Export_clicked(object sender, RoutedEventArgs e) @@ -1180,12 +1196,12 @@ private void Export_clicked(object sender, RoutedEventArgs e) else return; */ string zipname = "../../../../ZBANG" + (DateTime.Now.Year - 2000).ToString("D02") + DateTime.Now.Month.ToString("D02") + DateTime.Now.Day.ToString("D02") + "-" + DateTime.Now.Hour.ToString("D02") + DateTime.Now.Minute.ToString("D02") + ".zip"; - if( File.Exists( zipname ) ) + if (File.Exists(zipname)) { - MessageBoxResult mbr = MessageBox.Show( "Export file exists in directory.\nThis will overwrite it. Are you sure?", "Warning", MessageBoxButton.YesNo, MessageBoxImage.Question ); - if( mbr == MessageBoxResult.No ) + MessageBoxResult mbr = MessageBox.Show("Export file exists in directory.\nThis will overwrite it. Are you sure?", "Warning", MessageBoxButton.YesNo, MessageBoxImage.Question); + if (mbr == MessageBoxResult.No) return; - File.Delete( zipname ); + File.Delete(zipname); } { //extract the contents of the file we created @@ -1198,7 +1214,8 @@ private void Export_clicked(object sender, RoutedEventArgs e) File.Copy("../../ZBANG/SkeletonKey_Scanner/scanner.zip", "../../scanner.zip"); File.Delete("../../ZBANG/SkeletonKey_Scanner/scanner.zip"); } - catch { + catch + { MessageBox.Show("v0.27 cannot move scanner.zip file..."); } ZipFile.CreateFromDirectory("../../Zbang", zipname); @@ -1208,17 +1225,18 @@ private void Export_clicked(object sender, RoutedEventArgs e) File.Copy("../../scanner.zip", "../../ZBANG/SkeletonKey_Scanner/scanner.zip"); File.Delete("../../scanner.zip"); } - catch { + catch + { MessageBox.Show("v0.27 cannot move scanner.zip file BACK..."); } - MessageBox.Show( "Zbang File have been exported successfuly", "Info", MessageBoxButton.OK, MessageBoxImage.Information ); + MessageBox.Show("Zbang File have been exported successfuly", "Info", MessageBoxButton.OK, MessageBoxImage.Information); } } private void Import_clicked(object sender, RoutedEventArgs e) { - MessageBoxResult mbr = MessageBox.Show( "This will overwrite current zBang Data. Are you sure?", "Warning", MessageBoxButton.YesNo, MessageBoxImage.Question ); + MessageBoxResult mbr = MessageBox.Show("This will overwrite current zBang Data. Are you sure?", "Warning", MessageBoxButton.YesNo, MessageBoxImage.Question); if (mbr == MessageBoxResult.No) { runLaunchWindow(); @@ -1229,7 +1247,7 @@ private void Import_clicked(object sender, RoutedEventArgs e) OpenFileDialog openFileDialog = new OpenFileDialog(); openFileDialog.Title = "Select Import File"; openFileDialog.Filter = "zBang Files|*.zip"; - if( openFileDialog.ShowDialog() == true ) + if (openFileDialog.ShowDialog() == true) getfile = openFileDialog.FileName; else return; @@ -1292,23 +1310,23 @@ private void Window_Loaded(object sender, RoutedEventArgs e) //MessageBox.Show("testing123"); -/* This has been removed at 01_01 22/11/2018 - LicenseWindow eula = new LicenseWindow(); - bool rsult = (bool)eula.ShowDialog(); - if( !rsult) - { - System.Windows.Application.Current.Shutdown(); - return; - } -*/ + /* This has been removed at 01_01 22/11/2018 + LicenseWindow eula = new LicenseWindow(); + bool rsult = (bool)eula.ShowDialog(); + if( !rsult) + { + System.Windows.Application.Current.Shutdown(); + return; + } + */ runLaunchWindow(); } private void Window_SizeChanged(object sender, SizeChangedEventArgs e) { - if( e.WidthChanged ) + if (e.WidthChanged) zoomControl.ZoomXLoc = e.NewSize.Width - 100; - if( e.HeightChanged ) + if (e.HeightChanged) zoomControl.ZoomYLoc = e.NewSize.Height - 420; } @@ -1335,6 +1353,38 @@ private void relaunch_clicked(object sender, RoutedEventArgs e) { runLaunchWindow(); } + + private void modifyArgsByDomainSelections(ref string args, string scriptName) + { + List domainNames; + int count = viewModel.enumerateDomainInForest(out domainNames); + if (count > 1) + { + domainSelection ds = new domainSelection(domainNames, scriptName); + bool dialogresult = (bool)ds.ShowDialog(); + // + if (ds.selection != -1) + { + //"-ExecutionPolicy Bypass -noprofile -command \"Import-Module './ACLight.ps1' -force ; Start-ACLsAnalysis\"" + //string test = args.Substring(args.Length - 3); + + args = args.Substring(0, args.Length - 1) + " -Domain '" + domainNames[ds.selection] + "'\""; + // NO NEED !!! MessageBox.Show( args, "error" ); + + //if (scriptName == "ACLight") + //{ + // args = args.Substring(0, args.Length - 1) + " -Domain '" + domainNames[ds.selection] + "'\""; + // // NO NEED !!! MessageBox.Show( args, "error" ); + //} + //else + //{ + // //"-ExecutionPolicy Bypass -noprofile -Command \"& { ./SIDHistory_Scanner.ps1 }\"" + // args = args.Substring(0, args.Length - 2) + " -Domain '" + domainNames[ds.selection] + "'}\""; + //} + } + } + } + } // endclass //***************************************************************************************************************** @@ -1343,66 +1393,66 @@ private void relaunch_clicked(object sender, RoutedEventArgs e) public class HtmlRichTextBoxBehavior : DependencyObject { public static readonly DependencyProperty TextProperty = - DependencyProperty.RegisterAttached( "Text", typeof( string ), - typeof( HtmlRichTextBoxBehavior ), new UIPropertyMetadata( null, OnValueChanged ) ); + DependencyProperty.RegisterAttached("Text", typeof(string), + typeof(HtmlRichTextBoxBehavior), new UIPropertyMetadata(null, OnValueChanged)); - public static string GetText(RichTextBox o) { return (string)o.GetValue( TextProperty ); } + public static string GetText(RichTextBox o) { return (string)o.GetValue(TextProperty); } - public static void SetText(RichTextBox o, string value) { o.SetValue( TextProperty, value ); } + public static void SetText(RichTextBox o, string value) { o.SetValue(TextProperty, value); } private static void OnValueChanged(DependencyObject dependencyObject, DependencyPropertyChangedEventArgs e) { var richTextBox = (RichTextBox)dependencyObject; var text = (e.NewValue ?? string.Empty).ToString(); - var xaml = HtmlToXamlConverter.ConvertHtmlToXaml( text, true ); - var flowDocument = XamlReader.Parse( xaml ) as FlowDocument; - HyperlinksSubscriptions( flowDocument ); + var xaml = HtmlToXamlConverter.ConvertHtmlToXaml(text, true); + var flowDocument = XamlReader.Parse(xaml) as FlowDocument; + HyperlinksSubscriptions(flowDocument); richTextBox.Document = flowDocument; } private static void HyperlinksSubscriptions(FlowDocument flowDocument) { - if( flowDocument == null ) return; - GetVisualChildren( flowDocument ).OfType().ToList() - .ForEach( i => i.RequestNavigate += HyperlinkNavigate ); + if (flowDocument == null) return; + GetVisualChildren(flowDocument).OfType().ToList() + .ForEach(i => i.RequestNavigate += HyperlinkNavigate); } private static IEnumerable GetVisualChildren(DependencyObject root) { - foreach( var child in LogicalTreeHelper.GetChildren( root ).OfType() ) + foreach (var child in LogicalTreeHelper.GetChildren(root).OfType()) { yield return child; - foreach( var descendants in GetVisualChildren( child ) ) yield return descendants; + foreach (var descendants in GetVisualChildren(child)) yield return descendants; } } private static void HyperlinkNavigate(object sender, System.Windows.Navigation.RequestNavigateEventArgs e) { - Process.Start( new ProcessStartInfo( e.Uri.AbsoluteUri ) ); + Process.Start(new ProcessStartInfo(e.Uri.AbsoluteUri)); e.Handled = true; } } // endclass public static class GetDotNetVersion { - public static bool Get45PlusFromRegistry( string logFileName) + public static bool Get45PlusFromRegistry(string logFileName) { const string subkey = @"SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\"; - using( RegistryKey ndpKey = RegistryKey.OpenBaseKey( RegistryHive.LocalMachine, RegistryView.Registry32 ).OpenSubKey( subkey ) ) + using (RegistryKey ndpKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32).OpenSubKey(subkey)) { - if( ndpKey != null && ndpKey.GetValue( "Release" ) != null ) + if (ndpKey != null && ndpKey.GetValue("Release") != null) { - Console.WriteLine( ".NET Framework Version: " + CheckFor45PlusVersion( (int)ndpKey.GetValue( "Release" ) ) ); - File.AppendAllText( logFileName, ".NET Framework Version: " + CheckFor45PlusVersion( (int)ndpKey.GetValue( "Release" ) ) ); + Console.WriteLine(".NET Framework Version: " + CheckFor45PlusVersion((int)ndpKey.GetValue("Release"))); + File.AppendAllText(logFileName, ".NET Framework Version: " + CheckFor45PlusVersion((int)ndpKey.GetValue("Release"))); return true; } else { - Console.WriteLine( ".NET Framework Version 4.5 or later is not detected." ); - File.AppendAllText( logFileName, ".NET Framework Version 4.5 or later is not detected." ); + Console.WriteLine(".NET Framework Version 4.5 or later is not detected."); + File.AppendAllText(logFileName, ".NET Framework Version 4.5 or later is not detected."); return false; } } @@ -1411,27 +1461,27 @@ public static bool Get45PlusFromRegistry( string logFileName) // Checking the version using >= will enable forward compatibility. private static string CheckFor45PlusVersion(int releaseKey) { - if( releaseKey >= 460798 ) + if (releaseKey >= 460798) return "4.7 or later"; - if( releaseKey >= 394802 ) + if (releaseKey >= 394802) return "4.6.2"; - if( releaseKey >= 394254 ) + if (releaseKey >= 394254) { return "4.6.1"; } - if( releaseKey >= 393295 ) + if (releaseKey >= 393295) { return "4.6"; } - if( (releaseKey >= 379893) ) + if ((releaseKey >= 379893)) { return "4.5.2"; } - if( (releaseKey >= 378675) ) + if ((releaseKey >= 378675)) { return "4.5.1"; } - if( (releaseKey >= 378389) ) + if ((releaseKey >= 378389)) { return "4.5"; } @@ -1448,3 +1498,4 @@ private static string CheckFor45PlusVersion(int releaseKey) } // endnamespace + diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/Properties/AssemblyInfo.cs b/SourceCode/src/Graphviz4Net.WPF.Example/Properties/AssemblyInfo.cs index b940b785..6b2cbb6b 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/Properties/AssemblyInfo.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/Properties/AssemblyInfo.cs @@ -51,5 +51,5 @@ // You can specify all the values or you can default the Build and Revision Numbers // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.00")] -[assembly: AssemblyFileVersion("1.00")] +[assembly: AssemblyVersion("1.2.1.0")] +[assembly: AssemblyFileVersion("1.2.1.0")] diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 b/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 index 9cd86b5a..eb3207c4 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 +++ b/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 @@ -5,7 +5,7 @@ Optional Dependencies: None Revision: 01-01-2018 With user photos NS - Last Update: 01/01/2018 AH + Last Update: 13/06/2021 AH #> @@ -127,7 +127,8 @@ function Find-PotentiallyCrackableAccounts } $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) } - Write-Verbose "Searching the forest: $($SearchScope.name)" + Write-Host "Searching the forest: $($SearchScope.name)" + #Write-Verbose "Searching the forest: $($SearchScope.name)" } #creating ADSI searcher @@ -484,8 +485,9 @@ function Export-PotentiallyCrackableAccounts [CmdletBinding()] param ( + [String]$Domain, [ValidateSet("CSV", "XML", "HTML", "TXT")] - [String]$Type = "CSV", + [String]$Type = "CSV", #[String]$Path = "$env:USERPROFILE\Documents", [String]$Path = "Results/", [String]$Name = "RiskySPNs-test", @@ -538,7 +540,11 @@ function Export-PotentiallyCrackableAccounts } $FilePath = "$Path\$Name.$($Type.ToLower())" - $Report = Find-PotentiallyCrackableAccounts -FullData + if($Domain){ + $Report = Find-PotentiallyCrackableAccounts -FullData -Domain $Domain + }else{ + $Report = Find-PotentiallyCrackableAccounts -FullData + } if ($Summary) { $Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder } @@ -553,7 +559,7 @@ function Export-PotentiallyCrackableAccounts } # Call this NS 26/12/2017 -Export-PotentiallyCrackableAccounts +#Export-PotentiallyCrackableAccounts diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/SIDHistory/SIDHistory_Scanner.ps1 b/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/SIDHistory/SIDHistory_Scanner.ps1 index afc0ab4d..1b753955 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/SIDHistory/SIDHistory_Scanner.ps1 +++ b/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/SIDHistory/SIDHistory_Scanner.ps1 @@ -4,14 +4,14 @@ Release Notes: The SID History module queries the Active Directory and searches for accounts that have SID history attribute. -Version 1: 14.6.16 +Version 1: 14.6.18 +Last Update: 15.08.2021 Based on riskySPN script: https://github.com/CyberArkLabs/RiskySPN ----------------------------------------------------------------------------------------------------#> - function Get-UsersWithSIDHistory { <# @@ -27,8 +27,18 @@ function Get-UsersWithSIDHistory to an Entrepise/Domain admin. Requires Active Directory authentication (domain user is enough). + .PARAMETER Ou + The name of the Organizational Unit to query. + .PARAMETER Domain - The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. + The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. + + .PARAMETER SecondSearch + The scope of the second search, the search is for users who have equal sid to one of the sidhistory. + Only apply with Ou parameter or domain parameter + 0 - no scope + 1 - withn the domain scope + 2 - entire forest scope .PARAMETER AddGroups Add additional groups to consider as sensitive @@ -48,14 +58,66 @@ function Get-UsersWithSIDHistory [CmdletBinding()] param ( + [string]$Ou, [string]$Domain, + [int]$SecondSearch=2, [array]$AddGroups, [switch]$Sensitive, [switch]$Stealth, [switch]$GetSPNs, [switch]$FullData ) + + #Added 3.8.21 Log + function DisposeWrapper ($InputObject) + { + if ($null -ne $InputObject -and $InputObject -is [System.IDisposable]) + { + $InputObject.Dispose() + } + } + # $todaysdate = Get-Date -Format "MM_dd_HH_mm_" + # $logfilepath = ".\"+$todaysdate+"Log.log" + # if(Test-Path $logfilepath) + # { + # Remove-Item $logfilepath + # } + + # function WriteToLog($messege) + # { + # Add-Content $logfilepath -value $messege + # } + # Add stop transcript + # Start-Transcript -Path $logfilepath + # WriteToLog("Log Start") + function initSearcher { + $SearcherToReturn = New-Object System.DirectoryServices.DirectorySearcher + $SearcherToReturn.PageSize = 500 + $SearcherToReturn.CacheResults = $false + return $SearcherToReturn + } + + function forestDomains { + $SearchListForest = @() + try{ + $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() + }catch{ + write-host "The current forest cannot be reached. Seems like the machine is not part of any domain." -ForegroundColor Red + exit + } + foreach ($ChildDomain in $($SearchScope.Domains)) + { + if ($ChildDomain.DomainMode.value__ -lt 4) + { + Write-host "The function level of domain: $($ChildDomain.Name) is lower than 2008R2 - it may cause partial results" + } + $SearchListForest += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) + } + return $SearchListForest + } + # Added 3.8.21 till here + #recursivly get nested groups of a group object function Get-NestedGroups { @@ -107,32 +169,29 @@ function Get-UsersWithSIDHistory { Write-host "The function level of domain: $($ChildDomain.name) is lower than 2008R2 - it may cause partial results" } - $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) - Write-Host "Searching the domain: $($SearchScope.name)" + # $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + #Added 3.8.21 + $SearchListDomain += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + if ($Ou) + { + $SearchList += 'LDAP://OU='+$Ou+',DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + Write-Host "Searching the domain: $($SearchScope.name) within the OU:$($Ou)" + }else{ + $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + Write-Host "Searching the domain: $($SearchScope.name)" + } + } else { - try{ - $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() - }catch{ - write-host "The current forest cannot be reached. Seems like the machine is not part of any domain." -ForegroundColor Red - exit - } - foreach ($ChildDomain in $($SearchScope.Domains)) - { - if ($ChildDomain.DomainMode.value__ -lt 4) - { - Write-host "The function level of domain: $($ChildDomain.Name) is lower than 2008R2 - it may cause partial results" - } - $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) - } - Write-Host "Searching the forest: $($SearchScope.name)" + $SearchList = forestDomains } #creating ADSI searcher - $Searcher = New-Object System.DirectoryServices.DirectorySearcher - $Searcher.PageSize = 500 + $Searcher = initSearcher $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null + # Added 3.8.21 + #========================================================================= Gathering Sensitive Groups ========================================================================= @@ -145,6 +204,7 @@ function Get-UsersWithSIDHistory } $AllSensitiveGroups = @() Write-Verbose "Gathering sensitive groups" + $counterPath = 1 foreach ($Path in $SearchList) { $Searcher.SearchRoot = $Path @@ -154,6 +214,9 @@ function Get-UsersWithSIDHistory $Searcher.Filter = "(&(|(samAccountType=536870912)(samAccountType=268435456))(|(samAccountName=$GroupName)(name=$GroupName)))" try {$GroupObjects = $Searcher.FindAll()} catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + #Added 3.8.21 + # WriteToLog("Line 218 Searcher.FindAll() complete with filter $($GroupName) and path number: $($counterPath)") + #if we find groups if ($GroupObjects) { @@ -163,8 +226,12 @@ function Get-UsersWithSIDHistory $AllSensitiveGroups += Get-NestedGroups -DN $GroupObject.Properties.distinguishedname } } - else {Write-Warning "Could not find group: $Group"} + else {Write-Warning "Could not find group: $Group"} + # Added 3.8.21 + DisposeWrapper($GroupObjects) + } + $counterPath++ } Write-Verbose "Number of sensitive groups found: $($AllSensitiveGroups.Count)" @@ -173,6 +240,11 @@ function Get-UsersWithSIDHistory Write-Host "Gathering user accounts with SID History attribute" #list of properties to retreive from AD $Properies = "samaccountname","displayname", "SID", "SIDHistory", "userprincipalname", "memberof","pwdlastset","objectCategory","ObjectClass" + + #Added 3.8.21 + DisposeWrapper($Searcher) + $Searcher = initSearcher + $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null foreach ($Property in $Properies) { @@ -183,6 +255,7 @@ function Get-UsersWithSIDHistory $Searcher.Filter = "(&(objectCategory=User)(SIDHistory=*))" $UsersWithSIDHistory = @() + $counterPath = 1 foreach ($Path in $SearchList) { $Searcher.SearchRoot = $Path @@ -190,11 +263,15 @@ function Get-UsersWithSIDHistory #printing the user results #foreach ($objResult in $Searcher.FindAll()) # {$objItem = $objResult.Properties; $objItem.displayname} - + try {$UsersWithSIDHistory += $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + # WriteToLog ("Line 269 DirectorySearcher.findall() Complete at Path number: $($counterPath)") + $counterPath++ } - + + DisposeWrapper($Searcher) + if ($($UsersWithSIDHistory.Count -eq 0)) { Write-host "`nSID History scan completed`nThe scanned forest don't have user accounts with SID History" -ForegroundColor Yellow @@ -209,8 +286,33 @@ function Get-UsersWithSIDHistory $CurrentDate = Get-Date $AllData = @() + + #Added 3.8.21 + DisposeWrapper($Searcher) + # WriteToLog ("Line 292 There is $($UsersWithSIDHistory.Count) UsersWithSIDHistory") + + #Added 3.8.21 + if ($Ou -or $Domain){ + Switch($SecondSearch) + { + 0 { $SearchList = @()} + 1 { $SearchList = $SearchListDomain} + 2 { $SearchList = forestDomains} + } + } + + $counterUsers=1 foreach ($User in $UsersWithSIDHistory) { + #Added 3.8.21 + # WriteToLog("Line 308: start enumerate sidhistory user number $($counterUsers) ") + $Searcher = initSearcher + $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null + foreach ($Property in $Properies) + { + $Searcher.PropertiesToLoad.Add($Property) | Out-Null + } + #write-host "" Write-Verbose "Gathering info about the user: $($User.Properties.displayname)" @@ -243,11 +345,15 @@ function Get-UsersWithSIDHistory #write-host $strSID.Value #write-host "SidHistory:" - $objItemT = $User.Properties - $tsam = $objItemT.samaccountname + + # Added 3.8.21 + # $objItemT = $User.Properties + # $tsam = $objItemT.samaccountname + $objpath = $User.path $objpath1=[ADSI]"$objpath" $objectSIDHistory = [byte[]]$objpath1.sidhistory.value + $sidHistory = new-object System.Security.Principal.SecurityIdentifier $objectSIDHistory,0 #write-host $sidHistory @@ -257,6 +363,8 @@ function Get-UsersWithSIDHistory $Searcher.Filter = "(objectSID=$sidHistory)" $infoFromHistory = @() + + $counterPath = 1 foreach ($Path in $SearchList) { $Searcher.SearchRoot = $Path @@ -266,20 +374,27 @@ function Get-UsersWithSIDHistory # {$objItem = $objResult.Properties; $objItem.displayname} try {$infoFromHistory += $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + # WriteToLog ("Line 378 search for sidhistory as objectsid in path number $($counterPath)") + $counterPath++ } - + $historyNotFound = 'previousSIDnotFound' if ($infoFromHistory.Count -eq 0) { + $HistoryName = $historyNotFound $HistoryMemberOf = $historyNotFound } else { #write-host "SidHistory Name:" - $objSID = New-Object System.Security.Principal.SecurityIdentifier ($sidHistory) - $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) - $HistoryName = $objUser.Value + try{ + $objSID = New-Object System.Security.Principal.SecurityIdentifier ($sidHistory) + $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) + $HistoryName = $objUser.Value + } + catch { $HistoryName = 'CouldNotFind'} + #write-host $HistoryName #$HistoryName = $HistoryName -replace ".*\\" #write-host $userHistoryName @@ -306,16 +421,12 @@ function Get-UsersWithSIDHistory $secondaryMemberOf = [string]($HistoryMemberOf | foreach {[string]$_}) #write-host $HistoryMemberOf } - - - + #$secondaryDomainSID = Convert-SidToName $sid - - write-host "" $ofs = '<|>' $initiallyMemberOf = [string](($User.Properties.memberof -replace "CN=" -replace ",.*") | foreach {[string]$_}) - #NS 02-01-2018 + # NS 02-01-2018 $userphoto = "" $bytes = GetMemberThumbnail([string]$User.Properties.samaccountname) if ($bytes -ne $null) { @@ -352,13 +463,25 @@ function Get-UsersWithSIDHistory UserPhoto = $userphoto } $AllData += $UserData - } + + #Added 3.8.21 + DisposeWrapper($infoFromHistory) + DisposeWrapper($Searcher) + # WriteToLog("Line 473: enumerate sidhistory user number $($counterUsers) ended ") + $counterUsers++ + } + Write-Verbose "Number of users included in the list: $($AllData.UserName.Count)" + #Added 3.8.21 + DisposeWrapper($UsersWithSIDHistory) + + #For now the FullData paramter is not relevant if ($FullData) {return $AllData} else {return $AllData} + } @@ -379,6 +502,9 @@ function GetMemberThumbnail($userName) { return $result.Properties["thumbnailPhoto"] } + + #Added 3.8.21 + DisposeWrapper($searcher) } @@ -398,6 +524,19 @@ function Report-UsersWithSIDHistory With compromised SID history attribute - an attacker can impersonate to an Entrepise/Domain admin. + .PARAMETER Ou + The name of the Organizational Unit to query. + + .PARAMETER Domain + The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. + + .PARAMETER SecondSearch + The scope of the second search, the search is for users who have equal sid to one of the users sidhistory. + Only apply with Ou parameter or domain parameter + 0 - no scope + 1 - withn the domain scope + 2 - entire forest scope + .PARAMETER Type The format of the report file. The default is CSV @@ -425,13 +564,18 @@ function Report-UsersWithSIDHistory [CmdletBinding()] param ( + [String]$Ou, + [String]$Domain , + [int]$SecondSearch=1, + # [int]$ResultsPerCSV, [ValidateSet("CSV", "XML", "HTML", "TXT")] [String]$Type = "CSV", - # [String]$Path = "$env:USERPROFILE\Documents", - [String]$Path = "Results/", + # [String]$Path = "$env:USERPROFILE\Documents", + [String]$Path = "Results/", [String]$Name = "Report", [Switch]$Summary, - [Switch]$DoNotOpen + [Switch]$DoNotOpen, + [Switch]$FullData ) # Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV-6e552fc6 @@ -484,17 +628,52 @@ function Report-UsersWithSIDHistory End {} } - $FilePath = "$Path\$Name.$($Type.ToLower())" $FilePathCSV = "$Path\$Name" +".csv" + + #Added 3.8.21 + if($Domain) + { + if($Ou){ + $Report = Get-UsersWithSIDHistory -Ou $Ou -Domain $Domain -SecondSearch $SecondSearch + }else{ + $Report = Get-UsersWithSIDHistory -Domain $Domain -SecondSearch $SecondSearch + } + }else{ + $Report = Get-UsersWithSIDHistory + } - $Report = Get-UsersWithSIDHistory -FullData + #for Full Data in the future + # $ParamsUsersWithSid = "" + # if ($FullData){ + # $ParamsUsersWithSid = $ParamsUsersWithSid + '-FullData' + # } + # if ($Domain){ + # if($Ou){ + # $ParamsUsersWithSid = $ParamsUsersWithSid + " -Ou $($Ou)" + " -Domain $($Domain)" + # }else{ + # $ParamsUsersWithSid = $ParamsUsersWithSid + " -Domain $($Domain)" + # } + # } + + # $Report = powershell -command "& { . .\SIDHistory_Scanner.ps1; Get-UsersWithSIDHistory $($ParamsUsersWithSid) }" + # $Report=Get-UsersWithSIDHistory "$($ParamsUsersWithSid)" if ($Summary) { #---------------Not relevant for now-------------------------------------------------------------------------# #$Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder } + + # Added 3.8.21 + if (!(Test-Path -Path $FilePath)) { + "Results folder doesn't exist. Create Folder" + New-Item -Path ".\" -Name "Results" -ItemType "directory" + } + # $Check = Get-Location + # Write-Host $Check + # Added till here + # NS if ($Type -eq "CSV" ) {$Report | Convert-Output | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} if ($Type -eq "CSV" ) {$Report | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} elseif ($Type -eq "XML") @@ -510,6 +689,8 @@ function Report-UsersWithSIDHistory { # Invoke-Item $FilePath } + + # Stop-Transcript } @@ -1090,7 +1271,8 @@ filter Get-DomainSearcher { $Searcher.PageSize = $PageSize $Searcher.CacheResults = $False - $Searcher + #Added 3.8.21 + DisposeWrapper($Searcher) } @@ -1214,7 +1396,7 @@ function Get-ADObject { } $ObjectSearcher = Get-DomainSearcher -Domain $Domain -DomainController $DomainController -Credential $Credential -ADSpath $ADSpath -PageSize $PageSize - + if($ObjectSearcher) { if($SID) { $ObjectSearcher.filter = "(&(objectsid=$SID)$Filter)" @@ -1236,8 +1418,9 @@ function Get-ADObject { Convert-LDAPProperty -Properties $_.Properties } } - $Results.dispose() - $ObjectSearcher.dispose() + DisposeWrapper($Results) + DisposeWrapper($ObjectSearcher) + } } } @@ -1309,5 +1492,4 @@ function Convert-LDAPProperty { New-Object -TypeName PSObject -Property $ObjectProperties } - -Report-UsersWithSIDHistory +# Report-UsersWithSIDHistory diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/log.txt b/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/log.txt new file mode 100644 index 00000000..88be2e4e --- /dev/null +++ b/SourceCode/src/Graphviz4Net.WPF.Example/ZBANG/log.txt @@ -0,0 +1,34 @@ + + +zBang Launched at 08/06/2021 15:05:01 +------------------------------------------- +PSVersion 5.1.19041.906 +PSEdition Desktop +PSCompatibleVersions 1.0,2.0,3.0,4.0,5.0,5.1.19041.906, +BuildVersion 10.0.19041.906 +CLRVersion 4.0.30319.42000 +WSManStackVersion 3.0 +PSRemotingProtocolVersion 2.3 +SerializationVersion 1.1.0.1 +------------------------------------------- + +.NET Framework Version: 4.7 or later +1 domain(s) in forest: +(1) AetosDios.local + + +zBang Launched at 08/06/2021 15:05:39 +------------------------------------------- +PSVersion 5.1.19041.906 +PSEdition Desktop +PSCompatibleVersions 1.0,2.0,3.0,4.0,5.0,5.1.19041.906, +BuildVersion 10.0.19041.906 +CLRVersion 4.0.30319.42000 +WSManStackVersion 3.0 +PSRemotingProtocolVersion 2.3 +SerializationVersion 1.1.0.1 +------------------------------------------- + +.NET Framework Version: 4.7 or later +1 domain(s) in forest: +(1) AetosDios.local diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.exe b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.exe index dbc537e3..8ad9c1f0 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.exe and b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.exe differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.pdb b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.pdb index b9088241..e6bb98f2 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.pdb and b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Debug/Graphviz4Net.WPF.Example.pdb differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.exe b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.exe index 7858b19b..123ba9b1 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.exe and b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.exe differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.pdb b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.pdb index fbff2abe..f99e13f7 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.pdb and b/SourceCode/src/Graphviz4Net.WPF.Example/bin/Release/Graphviz4Net.WPF.Example.pdb differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/domainSelection.xaml.cs b/SourceCode/src/Graphviz4Net.WPF.Example/domainSelection.xaml.cs index 56af0961..6f3f3b7e 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/domainSelection.xaml.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/domainSelection.xaml.cs @@ -20,14 +20,16 @@ namespace Graphviz4Net.WPF.Example /// public partial class domainSelection : Window { - ListdomainNames; + List domainNames; public int selection = -1; // -1 == all, otherwise it is the index in domainNames List - public domainSelection( List inNames) + public domainSelection(List inNames, string inScriptName) { InitializeComponent(); domainNames = inNames; - foreach( string domainName in domainNames) - listBoxPartialScan.Items.Add( domainName ); + domainSelect.Title = string.Format("{0} - Domain Selection", inScriptName); + textBox.Text = string.Format("{0} discovered a number of domains to be scanned.This may be a long process. Would you like to scan all domains or select from a list?", inScriptName); + foreach (string domainName in domainNames) + listBoxPartialScan.Items.Add(domainName); // show the dialog box with animation... this.Visibility = Visibility.Visible; diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.baml index 9fe3bd55..62905a1f 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.cs index ad27373f..bfed7fdf 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\ACLightWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "E25D76A63B7FEFFD2E5FFF108C79F6EE" +#pragma checksum "..\..\..\ACLightWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "7A621247449F27E8EC4C2C003421C2C0D5EE4A69" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.i.cs index ad27373f..bfed7fdf 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ACLightWindow.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\ACLightWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "E25D76A63B7FEFFD2E5FFF108C79F6EE" +#pragma checksum "..\..\..\ACLightWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "7A621247449F27E8EC4C2C003421C2C0D5EE4A69" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.cs index 5c2d9ede..2151241e 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\App.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "6E3EBDB076520CB7F4FD245E8B565E74" +#pragma checksum "..\..\..\App.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "4BCDB3685E98234BA0EDC21FB850B6EEF575BF36" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.i.cs index 5c2d9ede..2151241e 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/App.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\App.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "6E3EBDB076520CB7F4FD245E8B565E74" +#pragma checksum "..\..\..\App.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "4BCDB3685E98234BA0EDC21FB850B6EEF575BF36" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/DesignTimeResolveAssemblyReferencesInput.cache index 894d61f2..4da26f37 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt index bbeec8e1..f96351fa 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt @@ -24,3 +24,28 @@ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.exe C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ACLightWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\LicenseWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\MainWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ProgressWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\domainSelection.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\selectTogglesForms.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\App.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\GeneratedInternalTypeHelper.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example_MarkupCompile.cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example_MarkupCompile.lref +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ACLightWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\LicenseWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\MainWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ProgressWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\domainSelection.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\selectTogglesForms.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.g.resources +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Debug\Graphviz4Net.WPF.Example.exe.config +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Debug\Graphviz4Net.WPF.Example.exe +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Debug\Graphviz4Net.WPF.Example.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.Properties.Resources.resources +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\Graphviz4Net.WPF.Example.exe diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache index 1bcd9c4d..504e87fe 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache index 224704f4..203f0414 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.exe b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.exe index dbc537e3..8ad9c1f0 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.exe and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.exe differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.g.resources b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.g.resources index c7a36ba1..b64dd501 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.g.resources and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.g.resources differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.pdb b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.pdb index b9088241..e6bb98f2 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.pdb and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example.pdb differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.cache index f86979bd..8b5cae49 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.cache +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.cache @@ -4,16 +4,16 @@ winexe C# .cs -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ Graphviz4Net.WPF.Example none false DEBUG;TRACE -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\App.xaml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\App.xaml 6-1876767844 2278148519 -25937582936 +25-1636001177 ACLightWindow.xaml;LicenseWindow.xaml;MainWindow.xaml;ProgressWindow.xaml;domainSelection.xaml;selectTogglesForms.xaml; False diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.cache index 6a048eca..7ec07a77 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.cache +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.cache @@ -4,16 +4,16 @@ winexe C# .cs -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\ Graphviz4Net.WPF.Example none false DEBUG;TRACE -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\App.xaml +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\App.xaml 6-1876767844 -26-1019070235 -25937582936 +26921971925 +251172362630 ACLightWindow.xaml;LicenseWindow.xaml;MainWindow.xaml;ProgressWindow.xaml;domainSelection.xaml;selectTogglesForms.xaml; True diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.lref b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.lref index b7129136..7f80506e 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.lref +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.i.lref @@ -1,9 +1,9 @@ -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\GeneratedInternalTypeHelper.g.i.cs - -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\ACLightWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\MainWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\ProgressWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\domainSelection.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\selectTogglesForms.xaml;; - +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\GeneratedInternalTypeHelper.g.i.cs + +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\ACLightWindow.xaml;; +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\MainWindow.xaml;; +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\ProgressWindow.xaml;; +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\domainSelection.xaml;; +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\selectTogglesForms.xaml;; + diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.lref b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.lref index a9e7c846..3662f3b4 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.lref +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/Graphviz4Net.WPF.Example_MarkupCompile.lref @@ -1,9 +1,9 @@ -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Debug\GeneratedInternalTypeHelper.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Debug\GeneratedInternalTypeHelper.g.cs -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\ACLightWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\MainWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\ProgressWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\domainSelection.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\selectTogglesForms.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\ACLightWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\MainWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\ProgressWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\domainSelection.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\selectTogglesForms.xaml;; diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.baml index 41ab32bd..db169681 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.cs index c6c9f22c..a4705a34 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\LicenseWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "D4B0729EF1676103861825934763E462" +#pragma checksum "..\..\..\LicenseWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "7A05D561C0B02758D3DA887ACBF59F15B1CCD303" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.i.cs index c6c9f22c..a4705a34 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/LicenseWindow.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\LicenseWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "D4B0729EF1676103861825934763E462" +#pragma checksum "..\..\..\LicenseWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "7A05D561C0B02758D3DA887ACBF59F15B1CCD303" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.baml index 0ad5f31f..d64cb525 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.cs index 8603970d..cad1c707 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\MainWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "CB0BB42843A006661A9481579A9FCB80" +#pragma checksum "..\..\..\MainWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "15BCF6153F68363E709AE85D47951A377E043485" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.i.cs index 8603970d..cad1c707 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/MainWindow.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\MainWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "CB0BB42843A006661A9481579A9FCB80" +#pragma checksum "..\..\..\MainWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "15BCF6153F68363E709AE85D47951A377E043485" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.baml index dd5c39d1..ebc3c7fb 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.cs index c213067c..ed5233da 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\ProgressWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "BB4DACFBD6BE43329D6582225205E719" +#pragma checksum "..\..\..\ProgressWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "25F430DCE57AE7B38BC39D3337F11014C72FE6DC" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.i.cs index c213067c..ed5233da 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/ProgressWindow.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\ProgressWindow.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "BB4DACFBD6BE43329D6582225205E719" +#pragma checksum "..\..\..\ProgressWindow.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "25F430DCE57AE7B38BC39D3337F11014C72FE6DC" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.baml index 9c490ca0..19b248ac 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.cs index b9c2c5d9..b6eb27b7 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\domainSelection.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "49AA28B7BE2DC3764C126893D88B907F" +#pragma checksum "..\..\..\domainSelection.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "5DD94045AB29D8508545FF5CAC8FE47342D5C494" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.i.cs index b9c2c5d9..b6eb27b7 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/domainSelection.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\domainSelection.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "49AA28B7BE2DC3764C126893D88B907F" +#pragma checksum "..\..\..\domainSelection.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "5DD94045AB29D8508545FF5CAC8FE47342D5C494" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.baml index 51fd16ac..fd888643 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.cs index a8bdf24f..ac53f348 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\selectTogglesForms.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "C831EA328BDFDA3284B16ED32E2EDAC8" +#pragma checksum "..\..\..\selectTogglesForms.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "A472A8962A0F23A6E0EE7E86F610DC724EC48613" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.i.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.i.cs index a8bdf24f..ac53f348 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.i.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Debug/selectTogglesForms.g.i.cs @@ -1,4 +1,4 @@ -#pragma checksum "..\..\..\selectTogglesForms.xaml" "{406ea660-64cf-4c82-b6f0-42d48172a799}" "C831EA328BDFDA3284B16ED32E2EDAC8" +#pragma checksum "..\..\..\selectTogglesForms.xaml" "{ff1816ec-aa5e-4d10-87f7-6f4963833460}" "A472A8962A0F23A6E0EE7E86F610DC724EC48613" //------------------------------------------------------------------------------ // // This code was generated by a tool. diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ACLightWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ACLightWindow.baml index ca5ae1e3..642d2843 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ACLightWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ACLightWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache index 40adbe55..e1742823 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/GeneratedInternalTypeHelper.g.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/GeneratedInternalTypeHelper.g.cs index 8f77761a..0fd4dd41 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/GeneratedInternalTypeHelper.g.cs +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/GeneratedInternalTypeHelper.g.cs @@ -1,62 +1,2 @@ -//------------------------------------------------------------------------------ -// -// This code was generated by a tool. -// Runtime Version:4.0.30319.42000 -// -// Changes to this file may cause incorrect behavior and will be lost if -// the code is regenerated. -// -//------------------------------------------------------------------------------ - -namespace XamlGeneratedNamespace { - - - /// - /// GeneratedInternalTypeHelper - /// - [System.Diagnostics.DebuggerNonUserCodeAttribute()] - [System.CodeDom.Compiler.GeneratedCodeAttribute("PresentationBuildTasks", "4.0.0.0")] - [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)] - public sealed class GeneratedInternalTypeHelper : System.Windows.Markup.InternalTypeHelper { - - /// - /// CreateInstance - /// - protected override object CreateInstance(System.Type type, System.Globalization.CultureInfo culture) { - return System.Activator.CreateInstance(type, ((System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.NonPublic) - | (System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.CreateInstance)), null, null, culture); - } - - /// - /// GetPropertyValue - /// - protected override object GetPropertyValue(System.Reflection.PropertyInfo propertyInfo, object target, System.Globalization.CultureInfo culture) { - return propertyInfo.GetValue(target, System.Reflection.BindingFlags.Default, null, null, culture); - } - - /// - /// SetPropertyValue - /// - protected override void SetPropertyValue(System.Reflection.PropertyInfo propertyInfo, object target, object value, System.Globalization.CultureInfo culture) { - propertyInfo.SetValue(target, value, System.Reflection.BindingFlags.Default, null, null, culture); - } - - /// - /// CreateDelegate - /// - protected override System.Delegate CreateDelegate(System.Type delegateType, object target, string handler) { - return ((System.Delegate)(target.GetType().InvokeMember("_CreateDelegate", (System.Reflection.BindingFlags.InvokeMethod - | (System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance)), null, target, new object[] { - delegateType, - handler}, null))); - } - - /// - /// AddEventHandler - /// - protected override void AddEventHandler(System.Reflection.EventInfo eventInfo, object target, System.Delegate handler) { - eventInfo.AddEventHandler(target, handler); - } - } -} + diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt index 2b81c732..c8ee8945 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.FileListAbsolute.txt @@ -29,3 +29,33 @@ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.exe C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.pdb C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\bin\Release\System.Management.Automation.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\Graphviz4Net.WPF.Example.exe.config +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\Graphviz4Net.WPF.Example.exe +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\Graphviz4Net.WPF.Example.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\Antlr3.Runtime.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\FileHelpers.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\Graphviz4Net.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\Graphviz4Net.WPF.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\bin\Release\WPFExtensions.dll +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\ACLightWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\LicenseWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\MainWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\ProgressWindow.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\domainSelection.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\selectTogglesForms.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\App.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\GeneratedInternalTypeHelper.g.cs +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example_MarkupCompile.cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example_MarkupCompile.lref +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\ACLightWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\LicenseWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\MainWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\ProgressWindow.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\domainSelection.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\selectTogglesForms.baml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.g.resources +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.Properties.Resources.resources +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.exe +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\Graphviz4Net.WPF.Example.pdb diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache index 1bcd9c4d..91fa27a0 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csproj.GenerateResource.Cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache index 51c716f9..bb0d0c8e 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.csprojResolveAssemblyReference.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.exe b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.exe index 7858b19b..123ba9b1 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.exe and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.exe differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.g.resources b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.g.resources index 44b8af90..e5d4cdde 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.g.resources and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.g.resources differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.pdb b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.pdb index fbff2abe..f99e13f7 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.pdb and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example.pdb differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.cache index 05615068..0baf9c5b 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.cache +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.cache @@ -4,16 +4,16 @@ winexe C# .cs -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Release\ +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\ Graphviz4Net.WPF.Example none false DEBUG;TRACE -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\App.xaml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\App.xaml 6-1876767844 2278148519 -25937582936 +25-1636001177 ACLightWindow.xaml;LicenseWindow.xaml;MainWindow.xaml;ProgressWindow.xaml;domainSelection.xaml;selectTogglesForms.xaml; False diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.cache b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.cache index 16c6633b..b19645fa 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.cache +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.cache @@ -4,17 +4,17 @@ winexe C# .cs -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\obj\x86\Release\ +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\ Graphviz4Net.WPF.Example none false DEBUG;TRACE -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\App.xaml +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\App.xaml 6-1876767844 -26-713261542 -25937582936 +26-1243977288 +25-1636001177 ACLightWindow.xaml;LicenseWindow.xaml;MainWindow.xaml;ProgressWindow.xaml;domainSelection.xaml;selectTogglesForms.xaml; -True +False diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.lref b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.lref deleted file mode 100644 index 8679e9d9..00000000 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.i.lref +++ /dev/null @@ -1,4 +0,0 @@ - - -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; - diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.lref b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.lref index db09d101..656f29e8 100644 --- a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.lref +++ b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/Graphviz4Net.WPF.Example_MarkupCompile.lref @@ -1,9 +1,9 @@ - +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\obj\x86\Release\GeneratedInternalTypeHelper.g.cs -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\ACLightWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\MainWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\ProgressWindow.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\domainSelection.xaml;; -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF.Example\selectTogglesForms.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\ACLightWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\LicenseWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\MainWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\ProgressWindow.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\domainSelection.xaml;; +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF.Example\selectTogglesForms.xaml;; diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/LicenseWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/LicenseWindow.baml index 1d076a76..11c3f264 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/LicenseWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/LicenseWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/MainWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/MainWindow.baml index fabdc2af..bb2844ed 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/MainWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/MainWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ProgressWindow.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ProgressWindow.baml index d56be662..7a18719a 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ProgressWindow.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/ProgressWindow.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/domainSelection.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/domainSelection.baml index d61b74d0..9b00ce36 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/domainSelection.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/domainSelection.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/selectTogglesForms.baml b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/selectTogglesForms.baml index 49386d78..ff3a494d 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/selectTogglesForms.baml and b/SourceCode/src/Graphviz4Net.WPF.Example/obj/x86/Release/selectTogglesForms.baml differ diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.WPF/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache index cdebc868..adb5d121 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.WPF/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.cache b/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.cache index 61010a26..bd11f465 100644 --- a/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.cache +++ b/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.cache @@ -4,7 +4,7 @@ library C# .cs -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF\obj\Debug\ +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF\obj\Debug\ Graphviz4Net.WPF none false @@ -12,8 +12,8 @@ DEBUG;TRACE 1-731644535 -12-367301520 -9-2097338539 +12-1575741852 +91788230983 Themes\Generic.xaml; True diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.lref b/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.lref index 0f251890..10035c8b 100644 --- a/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.lref +++ b/SourceCode/src/Graphviz4Net.WPF/obj/Debug/Graphviz4Net.WPF_MarkupCompile.i.lref @@ -1,4 +1,4 @@ -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF\obj\Debug\GeneratedInternalTypeHelper.g.i.cs - -FC:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF\Themes\Generic.xaml;; - +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF\obj\Debug\GeneratedInternalTypeHelper.g.i.cs + +FC:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF\Themes\Generic.xaml;; + diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferences.cache b/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferences.cache index edd4ef83..d2f6f38a 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferences.cache and b/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferences.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache index 3cf342ee..3248d048 100644 Binary files a/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/Graphviz4Net.WPF/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.cache b/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.cache index 050222e2..6a52ad64 100644 --- a/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.cache +++ b/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.cache @@ -4,7 +4,7 @@ library C# .cs -C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\Graphviz4Net.WPF\obj\Release\ +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF\obj\Release\ Graphviz4Net.WPF none false @@ -12,9 +12,9 @@ TRACE 1-731644535 -12-367301520 -9-457397224 +12-1195336694 +9-1590805995 Themes\Generic.xaml; -False +True diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.lref b/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.lref new file mode 100644 index 00000000..9f1445eb --- /dev/null +++ b/SourceCode/src/Graphviz4Net.WPF/obj/Release/Graphviz4Net.WPF_MarkupCompile.i.lref @@ -0,0 +1,4 @@ +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF\obj\Release\GeneratedInternalTypeHelper.g.i.cs + +FC:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\Graphviz4Net.WPF\Themes\Generic.xaml;; + diff --git a/SourceCode/src/Graphviz4Net.WPF/obj/Release/build.force b/SourceCode/src/Graphviz4Net.WPF/obj/Release/build.force new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/Program.cs b/SourceCode/src/ZbangGui/Program.cs index 34af1f27..ead030f4 100644 --- a/SourceCode/src/ZbangGui/Program.cs +++ b/SourceCode/src/ZbangGui/Program.cs @@ -45,8 +45,8 @@ public static void Main(string[] args) if( args[0] == "compress" ) { // start by copying all relevant data to version directory - Process.Start( "xcopy.exe", "\"c:\\Users\\nimrod\\Documents\\Visual Studio 2015\\Projects\\graphviz4net_b19bb0cdc8c6\\src\\Graphviz4Net.WPF.Example\\bin\\release\\*.dll\" \"../version/System32/bin/release/*.*\" /Y" ); - Process.Start( "xcopy.exe", "\"c:\\Users\\nimrod\\Documents\\Visual Studio 2015\\Projects\\graphviz4net_b19bb0cdc8c6\\src\\Graphviz4Net.WPF.Example\\bin\\release\\*.exe\" \"../version/System32/bin/release/*.*\" /Y"); + Process.Start( "xcopy.exe", "\"c:\\Users\\yanivy\\Documents\\Visual Studio 2015\\Projects\\zBang\\SourceCode\\src\\Graphviz4Net.WPF.Example\\bin\\release\\*.dll\" \"../version/System32/bin/release/*.*\" /Y" ); + Process.Start( "xcopy.exe", "\"c:\\Users\\yanivy\\Documents\\Visual Studio 2015\\Projects\\zBang\\SourceCode\\src\\Graphviz4Net.WPF.Example\\bin\\release\\*.exe\" \"../version/System32/bin/release/*.*\" /Y"); for( int i = 0; i < 5; i++ ) { diff --git a/SourceCode/src/ZbangGui/bin/Release/ZbangGui.exe b/SourceCode/src/ZbangGui/bin/Release/ZbangGui.exe index 03890a40..fb2dc20a 100644 Binary files a/SourceCode/src/ZbangGui/bin/Release/ZbangGui.exe and b/SourceCode/src/ZbangGui/bin/Release/ZbangGui.exe differ diff --git a/SourceCode/src/ZbangGui/bin/Release/ZbangGui.pdb b/SourceCode/src/ZbangGui/bin/Release/ZbangGui.pdb index 3c54be88..204904b9 100644 Binary files a/SourceCode/src/ZbangGui/bin/Release/ZbangGui.pdb and b/SourceCode/src/ZbangGui/bin/Release/ZbangGui.pdb differ diff --git a/SourceCode/src/ZbangGui/bin/Release/version.zip b/SourceCode/src/ZbangGui/bin/Release/version.zip new file mode 100644 index 00000000..7c8418bb Binary files /dev/null and b/SourceCode/src/ZbangGui/bin/Release/version.zip differ diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Export-PotentiallyCrackableAccounts.ps1 b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Export-PotentiallyCrackableAccounts.ps1 deleted file mode 100644 index 8b7a9d4f..00000000 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Export-PotentiallyCrackableAccounts.ps1 +++ /dev/null @@ -1,119 +0,0 @@ -<# - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: Find-PotentiallyCrackableAccounts - Optional Dependencies: None -#> - - -function Export-PotentiallyCrackableAccounts -{ - <# - .SYNOPSIS - Report juicy information about user accounts associated with SPN - - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: Find-PotentiallyCrackableAccounts - Optional Dependencies: None - - .DESCRIPTION - This function queries the Active Directory and retreive information about user accounts associated with SPN. - This infromation could detremine if a service account is potentially crackable. - User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt) - configured with weak password and encryption (RC4-HMAC). - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Type - The format of the report file. The default is CSV - - .PARAMETER Path - The path to store the file. The default is the user's "Documents" folder - - .PARAMETER Name - The name of the report. The default is "Report" - - .PARAMETER Summary - Report minimial information - - .PARAMETER DoNotOpen - Do not open the report - - .EXAMPLE - Report-PotentiallyCrackableAccounts - Report all user accounts associated with SPN in entire forest. Save and open the report in CSV format in Documents folder - - .EXAMPLE - Report-PotentiallyCrackableAccounts -Type XML -Path C:\Report -DoNotOpen - Report all user accounts associated with SPN in entire forest. Save the report in XML format in C:\Report folder - - #> - [CmdletBinding()] - param - ( - [ValidateSet("CSV", "XML", "HTML", "TXT")] - [String]$Type = "CSV", - [String]$Path = "$env:USERPROFILE\Documents", - [String]$Name = "Report", - [Switch]$Summary, - [Switch]$DoNotOpen - ) - - # Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV - Function Convert-Output - { - [cmdletbinding()] - Param ( - [parameter(ValueFromPipeline=$true)] - [psobject]$InputObject - ) - Begin { - $PSBoundParameters.GetEnumerator() | ForEach { - Write-Verbose "$($_)" - } - $FirstRun = $True - } - Process { - If ($FirstRun) { - $OutputOrder = $InputObject.psobject.properties.name - $FirstRun = $False - #Get properties to process - $Properties = Get-Member -InputObject $InputObject -MemberType *Property - #Get properties that hold a collection - $Properties_Collection = @(($Properties | Where-Object { - $_.Definition -match "Collection|\[\]" - }).Name) - #Get properties that do not hold a collection - $Properties_NoCollection = @(($Properties | Where-Object { - $_.Definition -notmatch "Collection|\[\]" - }).Name) - } - - $InputObject | ForEach { - $Line = $_ - $stringBuilder = New-Object Text.StringBuilder - $Null = $stringBuilder.AppendLine("[pscustomobject] @{") - $OutputOrder | ForEach { - $Null = $stringBuilder.AppendLine("`"$($_)`" = `"$(($line.$($_) | Out-String).Trim())`"") - } - } - $Null = $stringBuilder.AppendLine("}") - Invoke-Expression $stringBuilder.ToString() - } - End {} - } - - $FilePath = "$Path\$Name.$($Type.ToLower())" - $Report = Find-PotentiallyCrackableAccounts -FullData - if ($Summary) { - $Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder - } - if ($Type -eq "CSV" ) {$Report | Convert-Output | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} - elseif ($Type -eq "XML") {$Report | Export-Clixml $FilePath -Encoding UTF8} - elseif ($Type -eq "HTML") {$Report | Convert-Output | ConvertTo-Html | Out-File $FilePath -Encoding utf8} - elseif ($Type -eq "TXT") {$Report | Convert-Output | Out-File $FilePath -Encoding utf8} - Write-Host "$Type file saved in: $FilePath" - if (!$DoNotOpen) { - Invoke-Item $FilePath - } -} diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.old b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.old deleted file mode 100644 index 272ecfd2..00000000 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.old +++ /dev/null @@ -1,360 +0,0 @@ -<# - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: None - Optional Dependencies: None -#> - -function Find-PotentiallyCrackableAccounts -{ -<# - .SYNOPSIS - Reveals juicy information about user accounts associated with SPN - - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: None - Optional Dependencies: None - - .DESCRIPTION - This function queries the Active Directory and retreive information about user accounts associated with SPN. - This infromation could detremine if a service account is potentially crackable. - User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt) - configured with weak password and encryption (RC4-HMAC). - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Domain - The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. - - .PARAMETER AddGroups - Add additional groups to consider as sensitive - - .PARAMETER Sensitive - Show only sensitive accounts. - - .PARAMETER Stealth - Do not check service/server connectivity - .PARAMETER GetSPNs - Show SPNs instead of user's data - - .PARAMETER FullData - Show more user data - - .EXAMPLE - Get-PotentiallyCrackableAccounts -Domain "IT.company.com" - Returns all user accounts associated with SPN in the IT.company.com domain. - - .EXAMPLE - Get-PotentiallyCrackableAccounts -FullData -Verbose - Returns detailed information about all user accounts associated with SPN in the forest. Enable verbose mode - - .EXAMPLE - Get-PotentiallyCrackableAccounts -AddGroups "Remote Desktop Users" -Sensitive -Stealth -GetSPNs - Returns all SPNs of sensitive user account in the forest. Consider "Remote Desktop Users" group as sensitive and do not check connectivity. - #> - - [CmdletBinding()] - param - ( - [string]$Domain, - [array]$AddGroups, - [switch]$Sensitive, - [switch]$Stealth, - [switch]$GetSPNs, - [switch]$FullData - ) - - #recursivly get nested groups of a group object - function Get-NestedGroups - { - [CmdletBinding()] - param - ( - [parameter(Mandatory=$True, ValueFromPipeline=$True)] - [ValidateNotNullOrEmpty()] - [string]$DN - ) - - $GroubObj = [adsi]"LDAP://$DN" - #if the object is a group - if ($GroubObj.Properties.samaccounttype -match '536870912' -or $GroubObj.Properties.samaccounttype -match '268435456') - { - #Searching for group objects that are member of the group - foreach ($Member in $GroubObj.Properties.member) - { - #get group objects inside this group object - Get-NestedGroups -DN $Member - } - return $GroubObj.Properties.distinguishedname - } - } - -#========================================================================= Creating ADSI Searcher ========================================================================= - - $SearchList = @() - if($Domain) - { - if ($Domain -eq "Current") { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() - } - else - { - try { - $TargetDomain = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain) - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($TargetDomain) - } - catch { - Write-Error "Could not communicate with the foreigen domain: $Domain" - return - } - } - if ($SearchScope.DomainMode.value__ -lt 4 -and $ChildDomain.DomainMode.value__ -ne -1) { - Write-Warning "The function level of domain: $($SearchScope.Name) is lower than 2008 - Some stuff may not work" - } - $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) - Write-Verbose "Searching the domain: $($SearchScope.name)" - } - else - { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() - foreach ($ChildDomain in $($SearchScope.Domains)) { - if ($ChildDomain.DomainMode.value__ -lt 4 -and $ChildDomain.DomainMode.value__ -ne -1) { - Write-Warning "The function level of domain: $($ChildDomain.Name) is lower than 2008 - Some stuff may not work" - } - $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) - } - Write-Verbose "Searching the forest: $($SearchScope.name)" - } - - #creating ADSI searcher - $Searcher = New-Object System.DirectoryServices.DirectorySearcher - $Searcher.PageSize = 500 - $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null - -#========================================================================= Gathering Sensitive Groups ========================================================================= - - #list of built-in sensitive groups (Administratos group conatins domain and enterprise admins) - did I missed a group? - $SensitiveGroups = @("Administrators", "Account Operators", "Backup Operators", "Print Operators", "Server Operators", "Group Policy Creator Owners", "Schema Admins") - if ($AddGroups) { - Write-Verbose "Adding $AddGroups to the list of senstivie groups" - $SensitiveGroups += $AddGroups - } - $AllSensitiveGroups = @() - Write-Verbose "Gathering sensitive groups" - foreach ($Path in $SearchList) { - Write-Verbose "Searching Sensitive groups in domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".")" - $Searcher.SearchRoot = $Path - foreach ($GroupName in $SensitiveGroups) { - #filter group objects with specific name - $Searcher.Filter = "(&(|(samAccountType=536870912)(samAccountType=268435456))(|(samAccountName=$GroupName)(name=$GroupName)))" - try { - $GroupObjects = $Searcher.FindAll() - } - catch { - Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".")" - } - if ($GroupObjects) - { - foreach ($GroupObject in $GroupObjects) { - #recursivly get all nested groups inherited from sensitive groups - don't trust AdminCount=1 - $AllSensitiveGroups += Get-NestedGroups -DN $GroupObject.Properties.distinguishedname - } - } - else {Write-Warning "Could not find group: $Group"} - } - } - Write-Verbose "Number of sensitive groups found: $($AllSensitiveGroups.Count)" - -#========================================================================= Gathering users with SPN ========================================================================= - - Write-Verbose "Gathering user accounts associated with SPN" - #list of properties to retreive from AD - $Properies = "msDS-UserPasswordExpiryTimeComputed", "msDS-AllowedToDelegateTo", "msDS-SupportedEncryptionTypes", "samaccountname", "userprincipalname", "useraccountcontrol", "displayname", "memberof", "serviceprincipalname", "pwdlastset", "description" - foreach ($Property in $Properies) { - $Searcher.PropertiesToLoad.Add($Property) | Out-Null - } - #filter user accounts with SPN except krbtgt account - $Searcher.Filter = "(&(samAccountType=805306368)(servicePrincipalName=*)(!(samAccountName=krbtgt)))" - $UsersWithSPN = @() - foreach ($Path in $SearchList) { - $Searcher.SearchRoot = $Path - try { - $UsersWithSPN += $Searcher.FindAll() - } - catch { - Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?" - } - } - Write-Verbose "Number of users that contain SPN: $($UsersWithSPN.Count)" - -# ========================================================================= Gathering info about users ========================================================================= - - $CurrentDate = Get-Date - $AllData = @() - foreach ($User in $UsersWithSPN) { - Write-Verbose "Gathering info about the user: $($User.Properties.displayname)" - - #----------------------------------- Time stuff ----------------------------------- - - $CrackWindow = "N/A" - #if the user's password has expiration date (works with FGPP) - https://msdn.microsoft.com/en-us/library/cc223410.aspx - if ($user.Properties.'msds-userpasswordexpirytimecomputed' -ne 9223372036854775807) # 0x7FFFFFFFFFFFFFFF - { - $PasswordExpiryDate = [datetime]::FromFileTime([string]$User.Properties.'msds-userpasswordexpirytimecomputed') - Write-Verbose "$($User.Properties.displayname)'s password will expire on $PasswordExpiryDate" - $CrackWindow = $PasswordExpiryDate.Subtract($CurrentDate).Days - Write-Verbose "Which means it has crack window of $CrackWindow days" - } - $PasswordLastSet = [datetime]::FromFileTime([string]$User.Properties.pwdlastset) - $PasswordAge = $CurrentDate.Subtract($PasswordLastSet).Days - - #----------------------------------- UAC stuff ----------------------------------- - - #reading UAC attributes using bitmask - https://support.microsoft.com/en-us/kb/305144 - [int32]$UAC = [string]$User.Properties.useraccountcontrol - $IsEnabled = $true - #if the user is disabled or lockedout - if (($UAC -band 2) -eq 2 -or ($UAC -band 16) -eq 16) {$IsEnabled = $false} # 0x0002 / 0x0010 - $IsPasswordExpires = $true - #if the user password never expires - if (($UAC -band 65536) -eq 65536) # 0x10000 - { - $IsPasswordExpires = $false - $CrackWindow = "Indefinitely" - } - $Delegation = $false - $TargetServices = "None" - #if the user is trusted for Kerberos unconstrained delegation - if (($UAC -band 524288) -eq 524288) # 0x80000 - { - $Delegation = "Unconstrained" - $TargetServices = "Any" - } - #if the user is trusted for Kerberos constrained delegation - elseif ($User.Properties.'msds-allowedtodelegateto') - { - $Delegation = "Constrained" - #if the user is trusted for Kerberos constrained delegation with protocol transition - if (($UAC -band 16777216) -eq 16777216) {$Delegation = "Protocol Transition"} # 0x1000000 - $TargetServices = [array]$User.Properties.'msds-allowedtodelegateto' - } - $EncType = "RC4-HMAC" - [int32]$eType = [string]$User.Properties.'msds-supportedencryptiontypes' - #if the user supports AES encryptions (MS-KILE 2.2.6) - https://msdn.microsoft.com/en-us/library/cc220375.aspx - if ($eType) - { - if (($eType -band 16) -eq 16) {$EncType = "AES256-HMAC"} # 0x10 - elseif (($eType -band 8) -eq 8) {$EncType = "AES128-HMAC"} # 0x08 - } - else - { - #if the UF_USE_DES_KEY_ONLY bit is set (account can only use DES in Kerberos authentication) - if (($UAC -band 2097152) -eq 2097152) {$EncType = "DES"} #0x200000 - } - - #----------------------------------- SPN stuff ----------------------------------- - - $AccountRunUnder = @() - #arranging SPNs to / format - https://technet.microsoft.com/en-us/library/cc961723.aspx - [array]$SPNs = $User.Properties.serviceprincipalname -replace ":.*" | Get-Unique - foreach ($SPN in $SPNs) - { - #splitting SPN to service type and instance name - $SPN = $SPN -split("/") - #TODO: More services and ports, take the port from the SPN - [array]$Service = switch -Wildcard ([string]$SPN[0]) - { - "MSSQL*" {"MS SQL",@(1433)} - "HTTP" {"Web",@(80,443,8080)} - "WWW" {"Web",@(80,443,8080)} - "TERMSRV" {"Terminal Services",@(3389)} - "MONGO*" {"MongoDB Enterprise"} - "HOST" {"Computer services"} - "WSMAN" {"WinRM",@(5985,5986)} - "FTP" {"File Transfer",@(22)} - default {$SPN[0]} - } - $RunUnder = New-Object -TypeName psobject -Property @{ - Service = $Service[0] - Server = $SPN[1] - IsAccessible = "N/A" - } | select Service,Server,IsAccessible - if (!$Stealth) - { - #if the service contains default ports - if ($Service[1]) - { - $Socket = New-Object System.Net.Sockets.TcpClient - $RunUnder.IsAccessible = "No" - #testing if the service default ports are open on the server - foreach ($Port in $Service[1]) { - Write-Verbose "Checking connectivity to server: $($RunUnder.Server) on port $Port" - try { - $Socket.Connect($RunUnder.Server,$Port) - $RunUnder.IsAccessible = "Yes" - break - } - catch { - Write-Verbose "Port $Port is not accessiable on server: $($RunUnder.Server)" - } - } - } - else - { - Write-Verbose "Checking connectivity to server: $($RunUnder.Server)" - #if the server answers to one ping - if (Test-Connection -ComputerName $RunUnder.Server -Quiet -Count 1) - { - $RunUnder.IsAccessible = "Yes" - } - else - { - Write-Verbose "The server: $($RunUnder.Server) is not accessiable - Is it exist?" - $RunUnder.IsAccessible = "No" - } - } - } - $AccountRunUnder += $RunUnder - } - if ($User.Properties.memberof) - { - #get sensitive groups that the user is a memberof - $UserSensitiveGroups = (@(Compare-Object $AllSensitiveGroups $([array]$User.Properties.memberof) -IncludeEqual -ExcludeDifferent)).InputObject - } - $IsSensitive = $false - #if the user is a member of a sensitive group or is allowed for Kerberos unconstrained or S4U2Self delegation - if ($UserSensitiveGroups -or $Delegation) - { - Write-Verbose "$($User.Properties.displayname) is sensitive" - $IsSensitive = $true - } - $UserData = New-Object psobject -Property @{ - UserName = [string]$User.Properties.samaccountname - DomainName = [string]$User.Properties.userprincipalname -replace ".*@" - IsSensitive = $IsSensitive - EncType = $EncType - Description = [string]$User.Properties.description - IsEnabled = $IsEnabled - IsPwdExpires = $IsPasswordExpires - PwdAge = $PasswordAge - CrackWindow = $CrackWindow - SensitiveGroups = $UserSensitiveGroups -replace "CN=" -replace ",.*" - MemberOf = $User.Properties.memberof -replace "CN=" -replace ",.*" - DelegationType = $Delegation - TargetServices = $TargetServices - NumofServers = ($AccountRunUnder.Server | select -Unique).Count - RunsUnder = $AccountRunUnder - AssociatedSPNs = [array]$User.Properties.serviceprincipalname - } | select UserName,DomainName,IsSensitive,EncType,Description,IsEnabled,IsPwdExpires,PwdAge,CrackWindow,SensitiveGroups,MemberOf,DelegationType,TargetServices,NumofServers,RunsUnder,AssociatedSPNs - $AllData += $UserData - } - if ($Sensitive) - { - Write-Verbose "Removing non-sensitive users from the list" - $AllData = $AllData | ? {$_.IsSensitive} - } - Write-Verbose "Number of users included in the list: $($AllData.UserName.Count)" - if ($GetSPNs) {return @($AllData.AssociatedSPNs)} - elseif ($FullData) {return $AllData} - else {return $AllData | ? {$_.IsEnabled} | Select-Object UserName,DomainName,IsSensitive,EncType,Description,PwdAge,CrackWindow,RunsUnder} -} diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 index 9cd86b5a..eb3207c4 100644 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 +++ b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps1 @@ -5,7 +5,7 @@ Optional Dependencies: None Revision: 01-01-2018 With user photos NS - Last Update: 01/01/2018 AH + Last Update: 13/06/2021 AH #> @@ -127,7 +127,8 @@ function Find-PotentiallyCrackableAccounts } $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) } - Write-Verbose "Searching the forest: $($SearchScope.name)" + Write-Host "Searching the forest: $($SearchScope.name)" + #Write-Verbose "Searching the forest: $($SearchScope.name)" } #creating ADSI searcher @@ -484,8 +485,9 @@ function Export-PotentiallyCrackableAccounts [CmdletBinding()] param ( + [String]$Domain, [ValidateSet("CSV", "XML", "HTML", "TXT")] - [String]$Type = "CSV", + [String]$Type = "CSV", #[String]$Path = "$env:USERPROFILE\Documents", [String]$Path = "Results/", [String]$Name = "RiskySPNs-test", @@ -538,7 +540,11 @@ function Export-PotentiallyCrackableAccounts } $FilePath = "$Path\$Name.$($Type.ToLower())" - $Report = Find-PotentiallyCrackableAccounts -FullData + if($Domain){ + $Report = Find-PotentiallyCrackableAccounts -FullData -Domain $Domain + }else{ + $Report = Find-PotentiallyCrackableAccounts -FullData + } if ($Summary) { $Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder } @@ -553,7 +559,7 @@ function Export-PotentiallyCrackableAccounts } # Call this NS 26/12/2017 -Export-PotentiallyCrackableAccounts +#Export-PotentiallyCrackableAccounts diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps_ b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps_ deleted file mode 100644 index e5dc3f76..00000000 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps_ +++ /dev/null @@ -1,515 +0,0 @@ -<# - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: None - Optional Dependencies: None -#> - -function Find-PotentiallyCrackableAccounts -{ -<# - .SYNOPSIS - Reveals juicy information about user accounts associated with SPN - - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: None - Optional Dependencies: None - - .DESCRIPTION - This function queries the Active Directory and retreive information about user accounts associated with SPN. - This infromation could detremine if a service account is potentially crackable. - User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt) - configured with weak password and encryption (RC4-HMAC). - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Domain - The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. - - .PARAMETER AddGroups - Add additional groups to consider as sensitive - - .PARAMETER Sensitive - Show only sensitive accounts. - - .PARAMETER Stealth - Do not check service/server connectivity - .PARAMETER GetSPNs - Show SPNs instead of user's data - - .PARAMETER FullData - Show more user data - - .EXAMPLE - Get-PotentiallyCrackableAccounts -Domain "IT.company.com" - Returns all user accounts associated with SPN in the IT.company.com domain. - - .EXAMPLE - Get-PotentiallyCrackableAccounts -FullData -Verbose - Returns detailed information about all user accounts associated with SPN in the forest. Enable verbose mode - - .EXAMPLE - Get-PotentiallyCrackableAccounts -AddGroups "Remote Desktop Users" -Sensitive -Stealth -GetSPNs - Returns all SPNs of sensitive user account in the forest. Consider "Remote Desktop Users" group as sensitive and do not check connectivity. - #> - - [CmdletBinding()] - param - ( - [string]$Domain, - [array]$AddGroups, - [switch]$Sensitive, - [switch]$Stealth, - [switch]$GetSPNs, - [switch]$FullData - ) - - #recursivly get nested groups of a group object - function Get-NestedGroups - { - [CmdletBinding()] - param - ( - [parameter(Mandatory=$True, ValueFromPipeline=$True)] - [ValidateNotNullOrEmpty()] - [string]$DN - ) - - $GroubObj = [adsi]"LDAP://$DN" - #if the object is a group - if ($GroubObj.Properties.samaccounttype -match '536870912' -or $GroubObj.Properties.samaccounttype -match '268435456') - { - #Searching for group objects that are member of the group - foreach ($Member in $GroubObj.Properties.member) - { - #get group objects inside this group object - Get-NestedGroups -DN $Member - } - return $GroubObj.Properties.distinguishedname - } - } - -#========================================================================= Creating ADSI Searcher ========================================================================= - - $SearchList = @() - if($Domain) - { - if ($Domain -eq "Current") { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() - } - else - { - try { - $TargetDomain = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain) - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($TargetDomain) - } - catch { - Write-Error "Could not communicate with the foreigen domain: $Domain" - return - } - } - if ($SearchScope.DomainMode.value__ -lt 4 -and $ChildDomain.DomainMode.value__ -ne -1) { - Write-Warning "The function level of domain: $($SearchScope.Name) is lower than 2008 - Some stuff may not work" - } - $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) - Write-Verbose "Searching the domain: $($SearchScope.name)" - } - else - { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() - foreach ($ChildDomain in $($SearchScope.Domains)) { - if ($ChildDomain.DomainMode.value__ -lt 4 -and $ChildDomain.DomainMode.value__ -ne -1) { - Write-Warning "The function level of domain: $($ChildDomain.Name) is lower than 2008 - Some stuff may not work" - } - $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) - } - Write-Verbose "Searching the forest: $($SearchScope.name)" - } - - #creating ADSI searcher - $Searcher = New-Object System.DirectoryServices.DirectorySearcher - $Searcher.PageSize = 500 - $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null - -#========================================================================= Gathering Sensitive Groups ========================================================================= - - #list of built-in sensitive groups (Administratos group conatins domain and enterprise admins) - did I missed a group? - $SensitiveGroups = @("Administrators", "Account Operators", "Backup Operators", "Print Operators", "Server Operators", "Group Policy Creator Owners", "Schema Admins") - if ($AddGroups) { - Write-Verbose "Adding $AddGroups to the list of senstivie groups" - $SensitiveGroups += $AddGroups - } - $AllSensitiveGroups = @() - Write-Verbose "Gathering sensitive groups" - foreach ($Path in $SearchList) { - Write-Verbose "Searching Sensitive groups in domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".")" - $Searcher.SearchRoot = $Path - foreach ($GroupName in $SensitiveGroups) { - #filter group objects with specific name - $Searcher.Filter = "(&(|(samAccountType=536870912)(samAccountType=268435456))(|(samAccountName=$GroupName)(name=$GroupName)))" - try { - $GroupObjects = $Searcher.FindAll() - } - catch { - Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".")" - } - if ($GroupObjects) - { - foreach ($GroupObject in $GroupObjects) { - #recursivly get all nested groups inherited from sensitive groups - don't trust AdminCount=1 - $AllSensitiveGroups += Get-NestedGroups -DN $GroupObject.Properties.distinguishedname - } - } - else {Write-Warning "Could not find group: $Group"} - } - } - Write-Verbose "Number of sensitive groups found: $($AllSensitiveGroups.Count)" - -#========================================================================= Gathering users with SPN ========================================================================= - - Write-Verbose "Gathering user accounts associated with SPN" - #list of properties to retreive from AD - $Properies = "msDS-UserPasswordExpiryTimeComputed", "msDS-AllowedToDelegateTo", "msDS-SupportedEncryptionTypes", "samaccountname", "userprincipalname", "useraccountcontrol", "displayname", "memberof", "serviceprincipalname", "pwdlastset", "description" - foreach ($Property in $Properies) { - $Searcher.PropertiesToLoad.Add($Property) | Out-Null - } - #filter user accounts with SPN except krbtgt account - $Searcher.Filter = "(&(samAccountType=805306368)(servicePrincipalName=*)(!(samAccountName=krbtgt)))" - $UsersWithSPN = @() - foreach ($Path in $SearchList) { - $Searcher.SearchRoot = $Path - try { - $UsersWithSPN += $Searcher.FindAll() - } - catch { - Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?" - } - } - Write-Verbose "Number of users that contain SPN: $($UsersWithSPN.Count)" - -# ========================================================================= Gathering info about users ========================================================================= - - $CurrentDate = Get-Date - $AllData = @() - foreach ($User in $UsersWithSPN) { - Write-Verbose "Gathering info about the user: $($User.Properties.displayname)" - - #----------------------------------- Time stuff ----------------------------------- - - $CrackWindow = "N/A" - #if the user's password has expiration date (works with FGPP) - https://msdn.microsoft.com/en-us/library/cc223410.aspx - if ($user.Properties.'msds-userpasswordexpirytimecomputed' -ne 9223372036854775807) # 0x7FFFFFFFFFFFFFFF - { - $PasswordExpiryDate = [datetime]::FromFileTime([string]$User.Properties.'msds-userpasswordexpirytimecomputed') - Write-Verbose "$($User.Properties.displayname)'s password will expire on $PasswordExpiryDate" - $CrackWindow = $PasswordExpiryDate.Subtract($CurrentDate).Days - Write-Verbose "Which means it has crack window of $CrackWindow days" - } - $PasswordLastSet = [datetime]::FromFileTime([string]$User.Properties.pwdlastset) - $PasswordAge = $CurrentDate.Subtract($PasswordLastSet).Days - - #----------------------------------- UAC stuff ----------------------------------- - - #reading UAC attributes using bitmask - https://support.microsoft.com/en-us/kb/305144 - [int32]$UAC = [string]$User.Properties.useraccountcontrol - $IsEnabled = $true - #if the user is disabled or lockedout - if (($UAC -band 2) -eq 2 -or ($UAC -band 16) -eq 16) {$IsEnabled = $false} # 0x0002 / 0x0010 - $IsPasswordExpires = $true - #if the user password never expires - if (($UAC -band 65536) -eq 65536) # 0x10000 - { - $IsPasswordExpires = $false - $CrackWindow = "Indefinitely" - } - $Delegation = $false - $TargetServices = "None" - #if the user is trusted for Kerberos unconstrained delegation - if (($UAC -band 524288) -eq 524288) # 0x80000 - { - $Delegation = "Unconstrained" - $TargetServices = "Any" - } - #if the user is trusted for Kerberos constrained delegation - elseif ($User.Properties.'msds-allowedtodelegateto') - { - $Delegation = "Constrained" - #if the user is trusted for Kerberos constrained delegation with protocol transition - if (($UAC -band 16777216) -eq 16777216) {$Delegation = "Protocol Transition"} # 0x1000000 - $TargetServices = [array]$User.Properties.'msds-allowedtodelegateto' - } - $EncType = "RC4-HMAC" - [int32]$eType = [string]$User.Properties.'msds-supportedencryptiontypes' - #if the user supports AES encryptions (MS-KILE 2.2.6) - https://msdn.microsoft.com/en-us/library/cc220375.aspx - if ($eType) - { - if (($eType -band 16) -eq 16) {$EncType = "AES256-HMAC"} # 0x10 - elseif (($eType -band 8) -eq 8) {$EncType = "AES128-HMAC"} # 0x08 - } - else - { - #if the UF_USE_DES_KEY_ONLY bit is set (account can only use DES in Kerberos authentication) - if (($UAC -band 2097152) -eq 2097152) {$EncType = "DES"} #0x200000 - } - - #----------------------------------- SPN stuff ----------------------------------- - - $AccountRunUnder = @() - #arranging SPNs to / format - https://technet.microsoft.com/en-us/library/cc961723.aspx - [array]$SPNs = $User.Properties.serviceprincipalname -replace ":.*" | Get-Unique - foreach ($SPN in $SPNs) - { - #splitting SPN to service type and instance name - $SPN = $SPN -split("/") - #TODO: More services and ports, take the port from the SPN - [array]$Service = switch -Wildcard ([string]$SPN[0]) - { - "MSSQL*" {"MS SQL",@(1433)} - "HTTP" {"Web",@(80,443,8080)} - "WWW" {"Web",@(80,443,8080)} - "TERMSRV" {"Terminal Services",@(3389)} - "MONGO*" {"MongoDB Enterprise"} - "HOST" {"Computer services"} - "WSMAN" {"WinRM",@(5985,5986)} - "FTP" {"File Transfer",@(22)} - default {$SPN[0]} - } - $RunUnder = New-Object -TypeName psobject -Property @{ - Service = $Service[0] - Server = $SPN[1] - IsAccessible = "N/A" - } | select Service,Server,IsAccessible - if (!$Stealth) - { - #if the service contains default ports - if ($Service[1]) - { - $Socket = New-Object System.Net.Sockets.TcpClient - $RunUnder.IsAccessible = "No" - #testing if the service default ports are open on the server - foreach ($Port in $Service[1]) { - Write-Verbose "Checking connectivity to server: $($RunUnder.Server) on port $Port" - try { - $Socket.Connect($RunUnder.Server,$Port) - $RunUnder.IsAccessible = "Yes" - break - } - catch { - Write-Verbose "Port $Port is not accessiable on server: $($RunUnder.Server)" - } - } - } - else - { - Write-Verbose "Checking connectivity to server: $($RunUnder.Server)" - #if the server answers to one ping - if (Test-Connection -ComputerName $RunUnder.Server -Quiet -Count 1) - { - $RunUnder.IsAccessible = "Yes" - } - else - { - Write-Verbose "The server: $($RunUnder.Server) is not accessiable - Is it exist?" - $RunUnder.IsAccessible = "No" - } - } - } - $AccountRunUnder += $RunUnder - } - if ($User.Properties.memberof) - { - #get sensitive groups that the user is a memberof - $UserSensitiveGroups = (@(Compare-Object $AllSensitiveGroups $([array]$User.Properties.memberof) -IncludeEqual -ExcludeDifferent)).InputObject - } - $IsSensitive = $false - #if the user is a member of a sensitive group or is allowed for Kerberos unconstrained or S4U2Self delegation - if ($UserSensitiveGroups -or $Delegation) - { - Write-Verbose "$($User.Properties.displayname) is sensitive" - $IsSensitive = $true - } - <# - $UserData = New-Object psobject -Property @{ - UserName = [string]$User.Properties.samaccountname - DomainName = [string]$User.Properties.userprincipalname -replace ".*@" - IsSensitive = $IsSensitive - EncType = $EncType - Description = [string]$User.Properties.description - IsEnabled = $IsEnabled - IsPwdExpires = $IsPasswordExpires - PwdAge = $PasswordAge - CrackWindow = $CrackWindow - SensitiveGroups = $UserSensitiveGroups -replace "CN=" -replace ",.*" - MemberOf = $User.Properties.memberof -replace "CN=" -replace ",.*" - DelegationType = $Delegation - TargetServices = $TargetServices - NumofServers = ($AccountRunUnder.Server | select -Unique).Count - RunsUnder = $AccountRunUnder - AssociatedSPNs = [array]$User.Properties.serviceprincipalname - } | select UserName,DomainName,IsSensitive,EncType,Description,IsEnabled,IsPwdExpires,PwdAge,CrackWindow,SensitiveGroups,MemberOf,DelegationType,TargetServices,NumofServers,RunsUnder,AssociatedSPNs - $AllData += $UserData -#> - - # AH 2612 - $ofs = '<|>' - $AccountRunUnder = [string]($AccountRunUnder | foreach {[string]$_}) - - $UserData = [PSCustomObject][ordered] @{ - UserName = [string]$User.Properties.samaccountname - DomainName = [string]$User.Properties.userprincipalname -replace ".*@" - IsSensitive = $IsSensitive - EncType = $EncType - Description = [string]$User.Properties.description - IsEnabled = $IsEnabled - IsPwdExpires = $IsPasswordExpires - PwdAge = $PasswordAge - CrackWindow = $CrackWindow - SensitiveGroups = $UserSensitiveGroups -replace "CN=" -replace ",.*" - MemberOf = $User.Properties.memberof -replace "CN=" -replace ",.*" - IsUnconstrained = $Unconstrained - IsConstrained = $Constrained - RunsUnder = $AccountRunUnder - AssociatedSPNs = [String]$User.Properties.serviceprincipalname - } - $AllData += $UserData - - } - if ($Sensitive) - { - Write-Verbose "Removing non-sensitive users from the list" - $AllData = $AllData | ? {$_.IsSensitive} - } - Write-Verbose "Number of users included in the list: $($AllData.UserName.Count)" - if ($GetSPNs) {return @($AllData.AssociatedSPNs)} - elseif ($FullData) {return $AllData} - else {return $AllData | ? {$_.IsEnabled} | Select-Object UserName,DomainName,IsSensitive,EncType,Description,PwdAge,CrackWindow,RunsUnder} -} - - - -<# - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: Find-PotentiallyCrackableAccounts - Optional Dependencies: None -#> - - -function Export-PotentiallyCrackableAccounts -{ - <# - .SYNOPSIS - Report juicy information about user accounts associated with SPN - - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: Find-PotentiallyCrackableAccounts - Optional Dependencies: None - - .DESCRIPTION - This function queries the Active Directory and retreive information about user accounts associated with SPN. - This infromation could detremine if a service account is potentially crackable. - User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt) - configured with weak password and encryption (RC4-HMAC). - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Type - The format of the report file. The default is CSV - - .PARAMETER Path - The path to store the file. The default is the user's "Documents" folder - - .PARAMETER Name - The name of the report. The default is "Report" - - .PARAMETER Summary - Report minimial information - - .PARAMETER DoNotOpen - Do not open the report - - .EXAMPLE - Report-PotentiallyCrackableAccounts - Report all user accounts associated with SPN in entire forest. Save and open the report in CSV format in Documents folder - - .EXAMPLE - Report-PotentiallyCrackableAccounts -Type XML -Path C:\Report -DoNotOpen - Report all user accounts associated with SPN in entire forest. Save the report in XML format in C:\Report folder - - #> - [CmdletBinding()] - param - ( - [ValidateSet("CSV", "XML", "HTML", "TXT")] - [String]$Type = "CSV", - #[String]$Path = "$env:USERPROFILE\Documents", - [String]$Path = "Reports/", - [String]$Name = "Report", - [Switch]$Summary, - [Switch]$DoNotOpen - ) - - # Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV - Function Convert-Output - { - [cmdletbinding()] - Param ( - [parameter(ValueFromPipeline=$true)] - [psobject]$InputObject - ) - Begin { - $PSBoundParameters.GetEnumerator() | ForEach { - Write-Verbose "$($_)" - } - $FirstRun = $True - } - Process { - If ($FirstRun) { - $OutputOrder = $InputObject.psobject.properties.name - $FirstRun = $False - #Get properties to process - $Properties = Get-Member -InputObject $InputObject -MemberType *Property - #Get properties that hold a collection - $Properties_Collection = @(($Properties | Where-Object { - $_.Definition -match "Collection|\[\]" - }).Name) - #Get properties that do not hold a collection - $Properties_NoCollection = @(($Properties | Where-Object { - $_.Definition -notmatch "Collection|\[\]" - }).Name) - } - - $InputObject | ForEach { - $Line = $_ - $stringBuilder = New-Object Text.StringBuilder - $Null = $stringBuilder.AppendLine("[pscustomobject] @{") - $OutputOrder | ForEach { - $Null = $stringBuilder.AppendLine("`"$($_)`" = `"$(($line.$($_) | Out-String).Trim())`"") - } - } - $Null = $stringBuilder.AppendLine("}") - Invoke-Expression $stringBuilder.ToString() - } - End {} - } - - $FilePath = "$Path\$Name.$($Type.ToLower())" - $Report = Find-PotentiallyCrackableAccounts -FullData - if ($Summary) { - $Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder - } - if ($Type -eq "CSV" ) {$Report | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} - elseif ($Type -eq "XML") {$Report | Export-Clixml $FilePath -Encoding UTF8} - elseif ($Type -eq "HTML") {$Report | Convert-Output | ConvertTo-Html | Out-File $FilePath -Encoding utf8} - elseif ($Type -eq "TXT") {$Report | Convert-Output | Out-File $FilePath -Encoding utf8} - Write-Host "$Type file saved in: $FilePath" - if (!$DoNotOpen) { - # NS Invoke-Item $FilePath - } -} - -# Call this NS 26/12/2017 -Export-PotentiallyCrackableAccounts - - - diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps__ b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps__ deleted file mode 100644 index 21b54002..00000000 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/RiskySPN-master/Find-PotentiallyCrackableAccounts.ps__ +++ /dev/null @@ -1,517 +0,0 @@ -<# - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: None - Optional Dependencies: None -#> - -function Find-PotentiallyCrackableAccounts -{ -<# - .SYNOPSIS - Reveals juicy information about user accounts associated with SPN - - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: None - Optional Dependencies: None - - .DESCRIPTION - This function queries the Active Directory and retreive information about user accounts associated with SPN. - This infromation could detremine if a service account is potentially crackable. - User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt) - configured with weak password and encryption (RC4-HMAC). - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Domain - The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. - - .PARAMETER AddGroups - Add additional groups to consider as sensitive - - .PARAMETER Sensitive - Show only sensitive accounts. - - .PARAMETER Stealth - Do not check service/server connectivity - .PARAMETER GetSPNs - Show SPNs instead of user's data - - .PARAMETER FullData - Show more user data - - .EXAMPLE - Get-PotentiallyCrackableAccounts -Domain "IT.company.com" - Returns all user accounts associated with SPN in the IT.company.com domain. - - .EXAMPLE - Get-PotentiallyCrackableAccounts -FullData -Verbose - Returns detailed information about all user accounts associated with SPN in the forest. Enable verbose mode - - .EXAMPLE - Get-PotentiallyCrackableAccounts -AddGroups "Remote Desktop Users" -Sensitive -Stealth -GetSPNs - Returns all SPNs of sensitive user account in the forest. Consider "Remote Desktop Users" group as sensitive and do not check connectivity. - #> - - [CmdletBinding()] - param - ( - [string]$Domain, - [array]$AddGroups, - [switch]$Sensitive, - [switch]$Stealth, - [switch]$GetSPNs, - [switch]$FullData - ) - - #recursivly get nested groups of a group object - function Get-NestedGroups - { - [CmdletBinding()] - param - ( - [parameter(Mandatory=$True, ValueFromPipeline=$True)] - [ValidateNotNullOrEmpty()] - [string]$DN - ) - - $GroubObj = [adsi]"LDAP://$DN" - #if the object is a group - if ($GroubObj.Properties.samaccounttype -match '536870912' -or $GroubObj.Properties.samaccounttype -match '268435456') - { - #Searching for group objects that are member of the group - foreach ($Member in $GroubObj.Properties.member) - { - #get group objects inside this group object - Get-NestedGroups -DN $Member - } - return $GroubObj.Properties.distinguishedname - } - } - -#========================================================================= Creating ADSI Searcher ========================================================================= - - $SearchList = @() - if($Domain) - { - if ($Domain -eq "Current") { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() - } - else - { - try { - $TargetDomain = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain) - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($TargetDomain) - } - catch { - Write-Error "Could not communicate with the foreigen domain: $Domain" - return - } - } - if ($SearchScope.DomainMode.value__ -lt 4 -and $ChildDomain.DomainMode.value__ -ne -1) { - Write-Warning "The function level of domain: $($SearchScope.Name) is lower than 2008 - Some stuff may not work" - } - $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) - Write-Verbose "Searching the domain: $($SearchScope.name)" - } - else - { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() - foreach ($ChildDomain in $($SearchScope.Domains)) { - if ($ChildDomain.DomainMode.value__ -lt 4 -and $ChildDomain.DomainMode.value__ -ne -1) { - Write-Warning "The function level of domain: $($ChildDomain.Name) is lower than 2008 - Some stuff may not work" - } - $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) - } - Write-Verbose "Searching the forest: $($SearchScope.name)" - } - - #creating ADSI searcher - $Searcher = New-Object System.DirectoryServices.DirectorySearcher - $Searcher.PageSize = 500 - $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null - -#========================================================================= Gathering Sensitive Groups ========================================================================= - - #list of built-in sensitive groups (Administratos group conatins domain and enterprise admins) - did I missed a group? - $SensitiveGroups = @("Administrators", "Account Operators", "Backup Operators", "Print Operators", "Server Operators", "Group Policy Creator Owners", "Schema Admins") - if ($AddGroups) { - Write-Verbose "Adding $AddGroups to the list of senstivie groups" - $SensitiveGroups += $AddGroups - } - $AllSensitiveGroups = @() - Write-Verbose "Gathering sensitive groups" - foreach ($Path in $SearchList) { - Write-Verbose "Searching Sensitive groups in domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".")" - $Searcher.SearchRoot = $Path - foreach ($GroupName in $SensitiveGroups) { - #filter group objects with specific name - $Searcher.Filter = "(&(|(samAccountType=536870912)(samAccountType=268435456))(|(samAccountName=$GroupName)(name=$GroupName)))" - try { - $GroupObjects = $Searcher.FindAll() - } - catch { - Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".")" - } - if ($GroupObjects) - { - foreach ($GroupObject in $GroupObjects) { - #recursivly get all nested groups inherited from sensitive groups - don't trust AdminCount=1 - $AllSensitiveGroups += Get-NestedGroups -DN $GroupObject.Properties.distinguishedname - } - } - else {Write-Warning "Could not find group: $Group"} - } - } - Write-Verbose "Number of sensitive groups found: $($AllSensitiveGroups.Count)" - -#========================================================================= Gathering users with SPN ========================================================================= - - Write-Verbose "Gathering user accounts associated with SPN" - #list of properties to retreive from AD - $Properies = "msDS-UserPasswordExpiryTimeComputed", "msDS-AllowedToDelegateTo", "msDS-SupportedEncryptionTypes", "samaccountname", "userprincipalname", "useraccountcontrol", "displayname", "memberof", "serviceprincipalname", "pwdlastset", "description" - foreach ($Property in $Properies) { - $Searcher.PropertiesToLoad.Add($Property) | Out-Null - } - #filter user accounts with SPN except krbtgt account - $Searcher.Filter = "(&(samAccountType=805306368)(servicePrincipalName=*)(!(samAccountName=krbtgt)))" - $UsersWithSPN = @() - foreach ($Path in $SearchList) { - $Searcher.SearchRoot = $Path - try { - $UsersWithSPN += $Searcher.FindAll() - } - catch { - Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?" - } - } - Write-Verbose "Number of users that contain SPN: $($UsersWithSPN.Count)" - -# ========================================================================= Gathering info about users ========================================================================= - - $CurrentDate = Get-Date - $AllData = @() - foreach ($User in $UsersWithSPN) { - Write-Verbose "Gathering info about the user: $($User.Properties.displayname)" - - #----------------------------------- Time stuff ----------------------------------- - - $CrackWindow = "N/A" - #if the user's password has expiration date (works with FGPP) - https://msdn.microsoft.com/en-us/library/cc223410.aspx - if ($user.Properties.'msds-userpasswordexpirytimecomputed' -ne 9223372036854775807) # 0x7FFFFFFFFFFFFFFF - { - $PasswordExpiryDate = [datetime]::FromFileTime([string]$User.Properties.'msds-userpasswordexpirytimecomputed') - Write-Verbose "$($User.Properties.displayname)'s password will expire on $PasswordExpiryDate" - $CrackWindow = $PasswordExpiryDate.Subtract($CurrentDate).Days - Write-Verbose "Which means it has crack window of $CrackWindow days" - } - $PasswordLastSet = [datetime]::FromFileTime([string]$User.Properties.pwdlastset) - $PasswordAge = $CurrentDate.Subtract($PasswordLastSet).Days - - #----------------------------------- UAC stuff ----------------------------------- - - #reading UAC attributes using bitmask - https://support.microsoft.com/en-us/kb/305144 - [int32]$UAC = [string]$User.Properties.useraccountcontrol - $IsEnabled = $true - #if the user is disabled or lockedout - if (($UAC -band 2) -eq 2 -or ($UAC -band 16) -eq 16) {$IsEnabled = $false} # 0x0002 / 0x0010 - $IsPasswordExpires = $true - #if the user password never expires - if (($UAC -band 65536) -eq 65536) # 0x10000 - { - $IsPasswordExpires = $false - $CrackWindow = "Indefinitely" - } - $Delegation = $false - $TargetServices = "None" - #if the user is trusted for Kerberos unconstrained delegation - if (($UAC -band 524288) -eq 524288) # 0x80000 - { - $Delegation = "Unconstrained" - $Unconstrained = $true - $TargetServices = "Any" - } - #if the user is trusted for Kerberos constrained delegation - elseif ($User.Properties.'msds-allowedtodelegateto') - { - $Delegation = "Constrained" - $Constrained = $true - #if the user is trusted for Kerberos constrained delegation with protocol transition - if (($UAC -band 16777216) -eq 16777216) {$Delegation = "Protocol Transition"} # 0x1000000 - $TargetServices = [array]$User.Properties.'msds-allowedtodelegateto' - } - $EncType = "RC4-HMAC" - [int32]$eType = [string]$User.Properties.'msds-supportedencryptiontypes' - #if the user supports AES encryptions (MS-KILE 2.2.6) - https://msdn.microsoft.com/en-us/library/cc220375.aspx - if ($eType) - { - if (($eType -band 16) -eq 16) {$EncType = "AES256-HMAC"} # 0x10 - elseif (($eType -band 8) -eq 8) {$EncType = "AES128-HMAC"} # 0x08 - } - else - { - #if the UF_USE_DES_KEY_ONLY bit is set (account can only use DES in Kerberos authentication) - if (($UAC -band 2097152) -eq 2097152) {$EncType = "DES"} #0x200000 - } - - #----------------------------------- SPN stuff ----------------------------------- - - $AccountRunUnder = @() - #arranging SPNs to / format - https://technet.microsoft.com/en-us/library/cc961723.aspx - [array]$SPNs = $User.Properties.serviceprincipalname -replace ":.*" | Get-Unique - foreach ($SPN in $SPNs) - { - #splitting SPN to service type and instance name - $SPN = $SPN -split("/") - #TODO: More services and ports, take the port from the SPN - [array]$Service = switch -Wildcard ([string]$SPN[0]) - { - "MSSQL*" {"MS SQL",@(1433)} - "HTTP" {"Web",@(80,443,8080)} - "WWW" {"Web",@(80,443,8080)} - "TERMSRV" {"Terminal Services",@(3389)} - "MONGO*" {"MongoDB Enterprise"} - "HOST" {"Computer services"} - "WSMAN" {"WinRM",@(5985,5986)} - "FTP" {"File Transfer",@(22)} - default {$SPN[0]} - } - $RunUnder = New-Object -TypeName psobject -Property @{ - Service = $Service[0] - Server = $SPN[1] - IsAccessible = "N/A" - } | select Service,Server,IsAccessible - if (!$Stealth) - { - #if the service contains default ports - if ($Service[1]) - { - $Socket = New-Object System.Net.Sockets.TcpClient - $RunUnder.IsAccessible = "No" - #testing if the service default ports are open on the server - foreach ($Port in $Service[1]) { - Write-Verbose "Checking connectivity to server: $($RunUnder.Server) on port $Port" - try { - $Socket.Connect($RunUnder.Server,$Port) - $RunUnder.IsAccessible = "Yes" - break - } - catch { - Write-Verbose "Port $Port is not accessiable on server: $($RunUnder.Server)" - } - } - } - else - { - Write-Verbose "Checking connectivity to server: $($RunUnder.Server)" - #if the server answers to one ping - if (Test-Connection -ComputerName $RunUnder.Server -Quiet -Count 1) - { - $RunUnder.IsAccessible = "Yes" - } - else - { - Write-Verbose "The server: $($RunUnder.Server) is not accessiable - Is it exist?" - $RunUnder.IsAccessible = "No" - } - } - } - $AccountRunUnder += $RunUnder - } - if ($User.Properties.memberof) - { - #get sensitive groups that the user is a memberof - $UserSensitiveGroups = (@(Compare-Object $AllSensitiveGroups $([array]$User.Properties.memberof) -IncludeEqual -ExcludeDifferent)).InputObject - } - $IsSensitive = $false - #if the user is a member of a sensitive group or is allowed for Kerberos unconstrained or S4U2Self delegation - if ($UserSensitiveGroups -or $Delegation) - { - Write-Verbose "$($User.Properties.displayname) is sensitive" - $IsSensitive = $true - } - <# - $UserData = New-Object psobject -Property @{ - UserName = [string]$User.Properties.samaccountname - DomainName = [string]$User.Properties.userprincipalname -replace ".*@" - IsSensitive = $IsSensitive - EncType = $EncType - Description = [string]$User.Properties.description - IsEnabled = $IsEnabled - IsPwdExpires = $IsPasswordExpires - PwdAge = $PasswordAge - CrackWindow = $CrackWindow - SensitiveGroups = $UserSensitiveGroups -replace "CN=" -replace ",.*" - MemberOf = $User.Properties.memberof -replace "CN=" -replace ",.*" - DelegationType = $Delegation - TargetServices = $TargetServices - NumofServers = ($AccountRunUnder.Server | select -Unique).Count - RunsUnder = $AccountRunUnder - AssociatedSPNs = [array]$User.Properties.serviceprincipalname - } | select UserName,DomainName,IsSensitive,EncType,Description,IsEnabled,IsPwdExpires,PwdAge,CrackWindow,SensitiveGroups,MemberOf,DelegationType,TargetServices,NumofServers,RunsUnder,AssociatedSPNs - $AllData += $UserData -#> - - # AH 2612 - $ofs = '<|>' - $AccountRunUnder = [string]($AccountRunUnder | foreach {[string]$_}) - - $UserData = [PSCustomObject][ordered] @{ - UserName = [string]$User.Properties.samaccountname - DomainName = [string]$User.Properties.userprincipalname -replace ".*@" - IsSensitive = $IsSensitive - EncType = $EncType - Description = [string]$User.Properties.description - IsEnabled = $IsEnabled - IsPwdExpires = $IsPasswordExpires - PwdAge = $PasswordAge - CrackWindow = $CrackWindow - SensitiveGroups = $UserSensitiveGroups -replace "CN=" -replace ",.*" - MemberOf = $User.Properties.memberof -replace "CN=" -replace ",.*" - IsUnconstrained = $Unconstrained - IsConstrained = $Constrained - RunsUnder = $AccountRunUnder - AssociatedSPNs = [String]$User.Properties.serviceprincipalname - } - $AllData += $UserData - - } - if ($Sensitive) - { - Write-Verbose "Removing non-sensitive users from the list" - $AllData = $AllData | ? {$_.IsSensitive} - } - Write-Verbose "Number of users included in the list: $($AllData.UserName.Count)" - if ($GetSPNs) {return @($AllData.AssociatedSPNs)} - elseif ($FullData) {return $AllData} - else {return $AllData | ? {$_.IsEnabled} | Select-Object UserName,DomainName,IsSensitive,EncType,Description,PwdAge,CrackWindow,RunsUnder} -} - - - -<# - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: Find-PotentiallyCrackableAccounts - Optional Dependencies: None -#> - - -function Export-PotentiallyCrackableAccounts -{ - <# - .SYNOPSIS - Report juicy information about user accounts associated with SPN - - Author: Matan Hart (@machosec) - License: GNU v3 - Required Dependencies: Find-PotentiallyCrackableAccounts - Optional Dependencies: None - - .DESCRIPTION - This function queries the Active Directory and retreive information about user accounts associated with SPN. - This infromation could detremine if a service account is potentially crackable. - User accounts associated with SPN are vulnerable to offline brute-forceing and they are often (by defualt) - configured with weak password and encryption (RC4-HMAC). - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Type - The format of the report file. The default is CSV - - .PARAMETER Path - The path to store the file. The default is the user's "Documents" folder - - .PARAMETER Name - The name of the report. The default is "Report" - - .PARAMETER Summary - Report minimial information - - .PARAMETER DoNotOpen - Do not open the report - - .EXAMPLE - Report-PotentiallyCrackableAccounts - Report all user accounts associated with SPN in entire forest. Save and open the report in CSV format in Documents folder - - .EXAMPLE - Report-PotentiallyCrackableAccounts -Type XML -Path C:\Report -DoNotOpen - Report all user accounts associated with SPN in entire forest. Save the report in XML format in C:\Report folder - - #> - [CmdletBinding()] - param - ( - [ValidateSet("CSV", "XML", "HTML", "TXT")] - [String]$Type = "CSV", - #[String]$Path = "$env:USERPROFILE\Documents", - [String]$Path = "Results/", - [String]$Name = "RiskySPNs-test", - [Switch]$Summary, - [Switch]$DoNotOpen - ) - - # Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV - Function Convert-Output - { - [cmdletbinding()] - Param ( - [parameter(ValueFromPipeline=$true)] - [psobject]$InputObject - ) - Begin { - $PSBoundParameters.GetEnumerator() | ForEach { - Write-Verbose "$($_)" - } - $FirstRun = $True - } - Process { - If ($FirstRun) { - $OutputOrder = $InputObject.psobject.properties.name - $FirstRun = $False - #Get properties to process - $Properties = Get-Member -InputObject $InputObject -MemberType *Property - #Get properties that hold a collection - $Properties_Collection = @(($Properties | Where-Object { - $_.Definition -match "Collection|\[\]" - }).Name) - #Get properties that do not hold a collection - $Properties_NoCollection = @(($Properties | Where-Object { - $_.Definition -notmatch "Collection|\[\]" - }).Name) - } - - $InputObject | ForEach { - $Line = $_ - $stringBuilder = New-Object Text.StringBuilder - $Null = $stringBuilder.AppendLine("[pscustomobject] @{") - $OutputOrder | ForEach { - $Null = $stringBuilder.AppendLine("`"$($_)`" = `"$(($line.$($_) | Out-String).Trim())`"") - } - } - $Null = $stringBuilder.AppendLine("}") - Invoke-Expression $stringBuilder.ToString() - } - End {} - } - - $FilePath = "$Path\$Name.$($Type.ToLower())" - $Report = Find-PotentiallyCrackableAccounts -FullData - if ($Summary) { - $Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder - } - if ($Type -eq "CSV" ) {$Report | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} - elseif ($Type -eq "XML") {$Report | Export-Clixml $FilePath -Encoding UTF8} - elseif ($Type -eq "HTML") {$Report | Convert-Output | ConvertTo-Html | Out-File $FilePath -Encoding utf8} - elseif ($Type -eq "TXT") {$Report | Convert-Output | Out-File $FilePath -Encoding utf8} - Write-Host "$Type file saved in: $FilePath" - if (!$DoNotOpen) { - # NS Invoke-Item $FilePath - } -} - -# Call this NS 26/12/2017 -Export-PotentiallyCrackableAccounts - - - diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/Results/Report.csv b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/Results/Report.csv deleted file mode 100644 index 45382795..00000000 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/Results/Report.csv +++ /dev/null @@ -1,4 +0,0 @@ -UserName,DomainName,DisplayName,mainSID,SIDHistory,initiallySensitive,Description,IsEnabled,SensitiveGroups,initiallyMemberOf,SIDHistoryName,SIDHistoryMemberOf,secondaryDomainSID,secondaryDomainName,secondaryMemberOf,isSecondaryPriv -jennib-old,research.com,Jenni Bloom,S-1-5-21-2898880340-3804455595-428560722-2270,S-1-5-21-304654729-3147011263-1431158397-1165,FALSE,,TRUE,,"IL Wiki Users ,IL Product Commitments",previousSIDnotFound,previousSIDnotFound,US\jennib-old,us.research.com,,FALSE -andyw,research.com,Andy Walden,S-1-5-21-2898880340-3804455595-428560722-2301,S-1-5-21-304654729-3147011263-1431158397-1277,FALSE,,TRUE,,"Americas - Sales ,Americas - US Newton Office ,Congrats Email ,US research (USA) ,US Account Executives ,US Standard VPN Access ,US Office ,Daily News ,US research Employees ,US Sales ,US research ,Marketing Events Calendar",previousSIDnotFound,previousSIDnotFound,US\andyw-old,us.research.com,,FALSE -georges,research.com,George Smith,S-1-5-21-2898880340-3804455595-428560722-2301,S-1-5-21-304654729-3147011263-1431158397-1277,TRUE,,TRUE,,"Americas - Sales ,Americas - US Newton Office ,Congrats Email ,US research (USA) ,US Account Executives ,US Standard VPN Access ,US Office ,Daily News ,US research Employees ,US Sales ,US research ,Marketing Events Calendar",previousSIDnotFound,previousSIDnotFound,HK\georges-old,hk.research.com,,TRUE diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/SIDHistory_Scanner.old b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/SIDHistory_Scanner.old deleted file mode 100644 index 6524576b..00000000 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/SIDHistory_Scanner.old +++ /dev/null @@ -1,987 +0,0 @@ -<#---------------------------------------------------------------------------------------------------- -Release Notes: - -The SID History module queries the Active Directory and searches for -accounts that have SID history attribute. - -Version 1: 14.6.16 - -Based on riskySPN script: -https://github.com/CyberArkLabs/RiskySPN - -----------------------------------------------------------------------------------------------------#> - - -function Get-UsersWithSIDHistory -{ - <# - .SYNOPSIS - Reveals users that have SID History and gives important information about them. - - .DESCRIPTION - This function queries the Active Directory and searches for accounts - that have SID history attribute. - If you didn't do "migration" in your domain - this attribute - shouldn't be there and it might be as a result of an attack. - With compromised SID history attribute - an attacker can impersonate - to an Entrepise/Domain admin. - Requires Active Directory authentication (domain user is enough). - - .PARAMETER Domain - The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. - - .PARAMETER AddGroups - Add additional groups to consider as sensitive - - .PARAMETER FullData - Show more user data - - .EXAMPLE - Get-UsersWithSIDHistory -Domain "IT.company.com" - Returns all user accounts witj SID History attribute in the IT.company.com domain. - - .EXAMPLE - Get-UsersWithSIDHistory -FullData -Verbose - Returns detailed information about all user accounts with SID History attribute in the forest. Enable verbose mode - #> - - [CmdletBinding()] - param - ( - [string]$Domain, - [array]$AddGroups, - [switch]$Sensitive, - [switch]$Stealth, - [switch]$GetSPNs, - [switch]$FullData - ) - - #recursivly get nested groups of a group object - function Get-NestedGroups - { - [CmdletBinding()] - param - ( - [parameter(Mandatory=$True, ValueFromPipeline=$True)] - [ValidateNotNullOrEmpty()] - [string]$DN - ) - - $GroubObj = [adsi]"LDAP://$DN" - #if the object is a group - if ($GroubObj.Properties.samaccounttype -match '536870912' -or $GroubObj.Properties.samaccounttype -match '268435456') - { - Write-Verbose "Searching for nested groups inside group: $($GroubObj.Properties.samaccountname)" - foreach ($Member in $GroubObj.Properties.member) - { - #get group objects inside this group object - Get-NestedGroups -DN $Member - } - return $GroubObj.Properties.distinguishedname - } - } - -#========================================================================= Creating ADSI Searcher ========================================================================= - - $SearchList = @() - if($Domain) - { - if ($Domain -eq "Current") - { - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() - } - else - { - try - { - $TargetDomain = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $Domain) - $SearchScope = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($TargetDomain) - } - catch - { - Write-Error "Could not communicate with the foreigen domain: $Domain" - return - } - } - if ($SearchScope.DomainMode.value__ -lt 4) - { - Write-host "The function level of domain: $($ChildDomain.name) is lower than 2008R2 - it may cause partial results" - } - $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) - Write-Host "Searching the domain: $($SearchScope.name)" - } - else - { - try{ - $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() - }catch{ - write-host "The current forest cannot be reached. Seems like the machine is not part of any domain." -ForegroundColor Red - exit - } - foreach ($ChildDomain in $($SearchScope.Domains)) - { - if ($ChildDomain.DomainMode.value__ -lt 4) - { - Write-host "The function level of domain: $($ChildDomain.Name) is lower than 2008R2 - it may cause partial results" - } - $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) - } - Write-Host "Searching the forest: $($SearchScope.name)" - } - - #creating ADSI searcher - $Searcher = New-Object System.DirectoryServices.DirectorySearcher - $Searcher.PageSize = 500 - $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null - -#========================================================================= Gathering Sensitive Groups ========================================================================= - - #list of built-in sensitive groups (Administratos group conatins domain and enterprise admins) - did I missed a group? -> maybe "DS Restore Mode Administrator" - $SensitiveGroups = @("Administrators", "Account Operators", "Backup Operators", "Print Operators", "Server Operators", "Group Policy Creator Owners", "Schema Admins") - if ($AddGroups) - { - Write-Verbose "Adding $AddGroups to the list of senstivie groups" - $SensitiveGroups += $AddGroups - } - $AllSensitiveGroups = @() - Write-Verbose "Gathering sensitive groups" - foreach ($Path in $SearchList) - { - $Searcher.SearchRoot = $Path - foreach ($GroupName in $SensitiveGroups) - { - #filter group objects with specific name - $Searcher.Filter = "(&(|(samAccountType=536870912)(samAccountType=268435456))(|(samAccountName=$GroupName)(name=$GroupName)))" - try {$GroupObjects = $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} - #if we find groups - if ($GroupObjects) - { - foreach ($GroupObject in $GroupObjects) - { - #recursivly get all nested groups inherited from sensitive groups - don't trust AdminCount=1 - $AllSensitiveGroups += Get-NestedGroups -DN $GroupObject.Properties.distinguishedname - } - } - else {Write-Warning "Could not find group: $Group"} - } - } - Write-Verbose "Number of sensitive groups found: $($AllSensitiveGroups.Count)" - -#========================================================================= Gathering users with SID History attribute ========================================================================= - - Write-Host "Gathering user accounts with SID History attribute" - #list of properties to retreive from AD - $Properies = "samaccountname","displayname", "SID", "SIDHistory", "userprincipalname", "memberof","pwdlastset","objectCategory","ObjectClass" - - foreach ($Property in $Properies) - { - $Searcher.PropertiesToLoad.Add($Property) | Out-Null - } - - #filter user accounts with SID History - $Searcher.Filter = "(&(objectCategory=User)(SIDHistory=*))" - - $UsersWithSIDHistory = @() - foreach ($Path in $SearchList) - { - $Searcher.SearchRoot = $Path - #Write-Host $Path - #printing the user results - #foreach ($objResult in $Searcher.FindAll()) - # {$objItem = $objResult.Properties; $objItem.displayname} - - try {$UsersWithSIDHistory += $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} - } - - if ($($UsersWithSIDHistory.Count -eq 0)) - { - Write-host "`nSID History scan completed`nThe scanned forest don't have user accounts with SID History" -ForegroundColor Yellow - } - else { - Write-host "`nSID History scan completed`nFound users with SID History - Number of users: $($UsersWithSIDHistory.Count)" -ForegroundColor Yellow - Write-host "Please check the results file in `"\Results\SIDHistory`" folder" -ForegroundColor Yellow - } - - -# ========================================================================= Gathering info about users ========================================================================= - - $CurrentDate = Get-Date - $AllData = @() - foreach ($User in $UsersWithSIDHistory) - { - #write-host "" - Write-Verbose "Gathering info about the user: $($User.Properties.displayname)" - - [int32]$UAC = [string]$User.Properties.useraccountcontrol - #reading UAC attributes using bitmask - https://support.microsoft.com/en-us/kb/305144 - $IsEnabled = $true - #if the user is disabled or lockedout - if (($UAC -band 2) -eq 2 -or ($UAC -band 16) -eq 16) {$IsEnabled = $false} # 0x0002 / 0x0010 - - if ($User.Properties.memberof) - { - #get sensitive groups that the user is a memberof - $UserSensitiveGroups = (@(Compare-Object $AllSensitiveGroups $([array]$User.Properties.memberof) -IncludeEqual -ExcludeDifferent)).InputObject - } - $IsSensitive = 'False' - #if the user is a member of a sensitive group or is allowed for Kerberos unconstrained delegation - if ($UserSensitiveGroups -or $Unconstrained) - { - Write-Verbose "$($User.Properties.displayname) is sensitive" - $IsSensitive = $true - } - -# ========================================================================= Gathering info about user's SID History ========================================================================= - - #Write-host "Found user with SIDHistory: $($User.Properties.displayname)" - #Write-Host "main SID:" - $userprincipalname = [string]$User.Properties.userprincipalname - $objUser = New-Object System.Security.Principal.NTAccount($userprincipalname) - $strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier]) - #write-host $strSID.Value - - #write-host "SidHistory:" - $objItemT = $User.Properties - $tsam = $objItemT.samaccountname - $objpath = $User.path - $objpath1=[ADSI]"$objpath" - $objectSIDHistory = [byte[]]$objpath1.sidhistory.value - $sidHistory = new-object System.Security.Principal.SecurityIdentifier $objectSIDHistory,0 - #write-host $sidHistory - -# ========================================================================= Gathering info on the SID History ========================================================================= - - #search for the SID History object in the forest - $Searcher.Filter = "(objectSID=$sidHistory)" - - $infoFromHistory = @() - foreach ($Path in $SearchList) - { - $Searcher.SearchRoot = $Path - #Write-Host $Path - #printing the user results - #foreach ($objResult in $Searcher.FindAll()) - # {$objItem = $objResult.Properties; $objItem.displayname} - - try {$infoFromHistory += $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} - } - - $historyNotFound = 'previousSIDnotFound' - if ($infoFromHistory.Count -eq 0) - { - $HistoryName = $historyNotFound - $HistoryMemberOf = $historyNotFound - } - else { - #write-host "SidHistory Name:" - $objSID = New-Object System.Security.Principal.SecurityIdentifier ($sidHistory) - $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) - $HistoryName = $objUser.Value - #write-host $HistoryName - #$HistoryName = $HistoryName -replace ".*\\" - #write-host $userHistoryName - } - - foreach ($history in $infoFromHistory) - { - - #write-host "SID History member of:" - #$MemberOf = $history.Properties.memberof -replace "CN=" -replace ",.*" - $HistoryMemberOf = $history.Properties.memberof -replace "CN=" -replace ",.*" - #write-host $HistoryMemberOf - } - - $secondaryDomainSID = "" - $isSecondaryPriv = "" - - $secondaryDomainSID = Convert-SidToName $sid - - write-host "" - -# ========================================================================= Building the final Data Structure ========================================================================= - - $UserData = [PSCustomObject][ordered] @{ - UserName = [string]$User.Properties.samaccountname - DomainName = [string]$User.Properties.userprincipalname -replace ".*@" - DisplayName = [string]$User.Properties.displayname - mainSID = [string]$strSID.Value - SIDHistory = [string]$sidHistory - initiallySensitive = $IsSensitive - Description = [string]$User.Properties.description - IsEnabled = $IsEnabled - SensitiveGroups = $UserSensitiveGroups -replace "CN=" -replace ",.*" - initiallyMemberOf = $User.Properties.memberof -replace "CN=" -replace ",.*" - SIDHistoryName = [string]$HistoryName - SIDHistoryMemberOf = $HistoryMemberOf - secondaryDomainSID = $secondaryDomainSID - isSecondaryPriv = $isSecondaryPriv - } - $AllData += $UserData - } - - Write-Verbose "Number of users included in the list: $($AllData.UserName.Count)" - - #For now the FullData paramter is not relevant - if ($FullData) {return $AllData} - else {return $AllData} -} - -function Report-UsersWithSIDHistory -{ - <# - .SYNOPSIS - Report important information about users that have SID History attribute - - .DESCRIPTION - This function queries the Active Directory and searches for accounts - that have SID history attribute. - If you didn't do "migration" in your domain - this attribute - shouldn't be there and it might be as a result of an attack. - With compromised SID history attribute - an attacker can impersonate - to an Entrepise/Domain admin. - - .PARAMETER Type - The format of the report file. The default is CSV - - .PARAMETER Path - The path to store the file. The default is the user's "Documents" folder - - .PARAMETER Name - The name of the report. The default is "Report" - - .PARAMETER Summary - Report minimial information - - .PARAMETER DoNotOpen - Do not open the report - - .EXAMPLE - Report-UsersWithSIDHistory - Report all user accounts that have SID History attribute. Save and open the report in CSV format in Documents folder - - .EXAMPLE - Report-UsersWithSIDHistory -Type XML -Path C:\Report -DoNotOpen - Report all user accounts that have SID History attribute in entire forest. Save the report in XML format in C:\Report folder - #> - - [CmdletBinding()] - param - ( - [ValidateSet("CSV", "XML", "HTML", "TXT")] - [String]$Type = "CSV", - # [String]$Path = "$env:USERPROFILE\Documents", - [String]$Path = "Results/", - [String]$Name = "Report", - [Switch]$Summary, - [Switch]$DoNotOpen - ) - - # Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV-6e552fc6 - Function Convert-Output - { - [cmdletbinding()] - Param ( - [parameter(ValueFromPipeline=$true)] - [psobject]$InputObject - ) - Begin { - $PSBoundParameters.GetEnumerator() | ForEach { - Write-Verbose "$($_)" - } - $FirstRun = $True - } - Process { - If ($FirstRun) { - $OutputOrder = $InputObject.psobject.properties.name - $FirstRun = $False - #Get properties to process - $Properties = Get-Member -InputObject $InputObject -MemberType *Property - #Get properties that hold a collection - $Properties_Collection = @(($Properties | Where-Object { - $_.Definition -match "Collection|\[\]" - }).Name) - #Get properties that do not hold a collection - $Properties_NoCollection = @(($Properties | Where-Object { - $_.Definition -notmatch "Collection|\[\]" - }).Name) - } - $InputObject | ForEach { - $Line = $_ - $stringBuilder = New-Object Text.StringBuilder - $Null = $stringBuilder.AppendLine("[pscustomobject] @{") - $OutputOrder | ForEach { - <#if ($_ -eq "SIDHistoryMemberOf") - { - $Null = $stringBuilder.Append("`"$($_)`" = `"$((($line.$($_) | Out-String).Trim()) -replace "\n",",")`"") - } - else { - $Null = $stringBuilder.AppendLine("`"$($_)`" = `"$(($line.$($_) | Out-String).Trim())`"") - }#> - $Null = $stringBuilder.AppendLine("`"$($_)`" = `"$((($line.$($_) | Out-String).Trim()) -replace "\n",",")`"") - } - } - $Null = $stringBuilder.AppendLine("}") - Invoke-Expression $stringBuilder.ToString() - } - End {} - } - - - $FilePath = "$Path\$Name.$($Type.ToLower())" - $FilePathCSV = "$Path\$Name" +".csv" - - $Report = Get-UsersWithSIDHistory -FullData - - if ($Summary) - { - #---------------Not relevant for now-------------------------------------------------------------------------# - #$Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder - } -# NS if ($Type -eq "CSV" ) {$Report | Convert-Output | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} - if ($Type -eq "CSV" ) {$Report | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} - elseif ($Type -eq "XML") - { - $Report | Export-Clixml $FilePath -Encoding UTF8 - $Report | Convert-Output | Export-Csv $FilePathCSV -Encoding UTF8 -NoTypeInformation - } - elseif ($Type -eq "HTML") {$Report | Convert-Output | ConvertTo-Html | Out-File $FilePath -Encoding utf8} - elseif ($Type -eq "TXT") {$Report | Convert-Output | Out-File $FilePath -Encoding utf8} - #Write-Host "$Type file saved in: $FilePath" - - if (!$DoNotOpen) - { -# Invoke-Item $FilePath - } -} - - -############# -# The function Convert-SidToName is from the open source project PowerView by Will Schroeder (@harmj0y): -# https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1 -############# -filter Convert-SidToName { -<# - .SYNOPSIS - - Converts a security identifier (SID) to a group/user name. - - .PARAMETER SID - - The SID to convert. - - .EXAMPLE - - PS C:\> Convert-SidToName S-1-5-21-2620891829-2411261497-1773853088-1105 -#> - [CmdletBinding()] - param( - [Parameter(Mandatory=$True, ValueFromPipeline=$True)] - [String] - [ValidatePattern('^S-1-.*')] - $SID - ) - - try { - $SID2 = $SID.trim('*') - - # try to resolve any built-in SIDs first - # from https://support.microsoft.com/en-us/kb/243330 - Switch ($SID2) { - 'S-1-0' { 'Null Authority' } - 'S-1-0-0' { 'Nobody' } - 'S-1-1' { 'World Authority' } - 'S-1-1-0' { 'Everyone' } - 'S-1-2' { 'Local Authority' } - 'S-1-2-0' { 'Local' } - 'S-1-2-1' { 'Console Logon ' } - 'S-1-3' { 'Creator Authority' } - 'S-1-3-0' { 'Creator Owner' } - 'S-1-3-1' { 'Creator Group' } - 'S-1-3-2' { 'Creator Owner Server' } - 'S-1-3-3' { 'Creator Group Server' } - 'S-1-3-4' { 'Owner Rights' } - 'S-1-4' { 'Non-unique Authority' } - 'S-1-5' { 'NT Authority' } - 'S-1-5-1' { 'Dialup' } - 'S-1-5-2' { 'Network' } - 'S-1-5-3' { 'Batch' } - 'S-1-5-4' { 'Interactive' } - 'S-1-5-6' { 'Service' } - 'S-1-5-7' { 'Anonymous' } - 'S-1-5-8' { 'Proxy' } - 'S-1-5-9' { 'Enterprise Domain Controllers' } - 'S-1-5-10' { 'Principal Self' } - 'S-1-5-11' { 'Authenticated Users' } - 'S-1-5-12' { 'Restricted Code' } - 'S-1-5-13' { 'Terminal Server Users' } - 'S-1-5-14' { 'Remote Interactive Logon' } - 'S-1-5-15' { 'This Organization ' } - 'S-1-5-17' { 'This Organization ' } - 'S-1-5-18' { 'Local System' } - 'S-1-5-19' { 'NT Authority' } - 'S-1-5-20' { 'NT Authority' } - 'S-1-5-80-0' { 'All Services ' } - 'S-1-5-32-544' { 'BUILTIN\Administrators' } - 'S-1-5-32-545' { 'BUILTIN\Users' } - 'S-1-5-32-546' { 'BUILTIN\Guests' } - 'S-1-5-32-547' { 'BUILTIN\Power Users' } - 'S-1-5-32-548' { 'BUILTIN\Account Operators' } - 'S-1-5-32-549' { 'BUILTIN\Server Operators' } - 'S-1-5-32-550' { 'BUILTIN\Print Operators' } - 'S-1-5-32-551' { 'BUILTIN\Backup Operators' } - 'S-1-5-32-552' { 'BUILTIN\Replicators' } - 'S-1-5-32-554' { 'BUILTIN\Pre-Windows 2000 Compatible Access' } - 'S-1-5-32-555' { 'BUILTIN\Remote Desktop Users' } - 'S-1-5-32-556' { 'BUILTIN\Network Configuration Operators' } - 'S-1-5-32-557' { 'BUILTIN\Incoming Forest Trust Builders' } - 'S-1-5-32-558' { 'BUILTIN\Performance Monitor Users' } - 'S-1-5-32-559' { 'BUILTIN\Performance Log Users' } - 'S-1-5-32-560' { 'BUILTIN\Windows Authorization Access Group' } - 'S-1-5-32-561' { 'BUILTIN\Terminal Server License Servers' } - 'S-1-5-32-562' { 'BUILTIN\Distributed COM Users' } - 'S-1-5-32-569' { 'BUILTIN\Cryptographic Operators' } - 'S-1-5-32-573' { 'BUILTIN\Event Log Readers' } - 'S-1-5-32-574' { 'BUILTIN\Certificate Service DCOM Access' } - 'S-1-5-32-575' { 'BUILTIN\RDS Remote Access Servers' } - 'S-1-5-32-576' { 'BUILTIN\RDS Endpoint Servers' } - 'S-1-5-32-577' { 'BUILTIN\RDS Management Servers' } - 'S-1-5-32-578' { 'BUILTIN\Hyper-V Administrators' } - 'S-1-5-32-579' { 'BUILTIN\Access Control Assistance Operators' } - 'S-1-5-32-580' { 'BUILTIN\Access Control Assistance Operators' } - Default { - $Obj = (New-Object System.Security.Principal.SecurityIdentifier($SID2)) - $Obj.Translate( [System.Security.Principal.NTAccount]).Value - } - } - } - catch { - Write-Verbose "Invalid SID: $SID" - $SID - } -} - -filter Convert-ADName { -<# - .SYNOPSIS - - Converts user/group names from NT4 (DOMAIN\user) or domainSimple (user@domain.com) - to canonical format (domain.com/Users/user) or NT4. - - Based on Bill Stewart's code from this article: - http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats - - .PARAMETER ObjectName - - The user/group name to convert. - - .PARAMETER InputType - - The InputType of the user/group name ("NT4","Simple","Canonical"). - - .PARAMETER OutputType - - The OutputType of the user/group name ("NT4","Simple","Canonical"). - - .EXAMPLE - - PS C:\> Convert-ADName -ObjectName "dev\dfm" - - Returns "dev.testlab.local/Users/Dave" - - .EXAMPLE - - PS C:\> Convert-SidToName "S-..." | Convert-ADName - - Returns the canonical name for the resolved SID. - - .LINK - - http://windowsitpro.com/active-directory/translating-active-directory-object-names-between-formats -#> - [CmdletBinding()] - param( - [Parameter(Mandatory=$True, ValueFromPipeline=$True)] - [String] - $ObjectName, - - [String] - [ValidateSet("NT4","Simple","Canonical")] - $InputType, - - [String] - [ValidateSet("NT4","Simple","Canonical")] - $OutputType - ) - - $NameTypes = @{ - 'Canonical' = 2 - 'NT4' = 3 - 'Simple' = 5 - } - - if(-not $PSBoundParameters['InputType']) { - if( ($ObjectName.split('/')).Count -eq 2 ) { - $ObjectName = $ObjectName.replace('/', '\') - } - - if($ObjectName -match "^[A-Za-z]+\\[A-Za-z ]+") { - $InputType = 'NT4' - } - elseif($ObjectName -match "^[A-Za-z ]+@[A-Za-z\.]+") { - $InputType = 'Simple' - } - elseif($ObjectName -match "^[A-Za-z\.]+/[A-Za-z]+/[A-Za-z/ ]+") { - $InputType = 'Canonical' - } - else { - Write-Warning "Can not identify InType for $ObjectName" - return $ObjectName - } - } - elseif($InputType -eq 'NT4') { - $ObjectName = $ObjectName.replace('/', '\') - } - - if(-not $PSBoundParameters['OutputType']) { - $OutputType = Switch($InputType) { - 'NT4' {'Canonical'} - 'Simple' {'NT4'} - 'Canonical' {'NT4'} - } - } - - # try to extract the domain from the given format - $Domain = Switch($InputType) { - 'NT4' { $ObjectName.split("\")[0] } - 'Simple' { $ObjectName.split("@")[1] } - 'Canonical' { $ObjectName.split("/")[0] } - } - - # Accessor functions to simplify calls to NameTranslate - function Invoke-Method([__ComObject] $Object, [String] $Method, $Parameters) { - $Output = $Object.GetType().InvokeMember($Method, "InvokeMethod", $Null, $Object, $Parameters) - if ( $Output ) { $Output } - } - function Set-Property([__ComObject] $Object, [String] $Property, $Parameters) { - [Void] $Object.GetType().InvokeMember($Property, "SetProperty", $Null, $Object, $Parameters) - } - - $Translate = New-Object -ComObject NameTranslate - - try { - Invoke-Method $Translate "Init" (1, $Domain) - } - catch [System.Management.Automation.MethodInvocationException] { - Write-Verbose "Error with translate init in Convert-ADName: $_" - } - - Set-Property $Translate "ChaseReferral" (0x60) - - try { - Invoke-Method $Translate "Set" ($NameTypes[$InputType], $ObjectName) - (Invoke-Method $Translate "Get" ($NameTypes[$OutputType])) - } - catch [System.Management.Automation.MethodInvocationException] { - Write-Verbose "Error with translate Set/Get in Convert-ADName: $_" - } -} - -filter Get-DomainSearcher { -<# - .SYNOPSIS - - Helper used by various functions that takes an ADSpath and - domain specifier and builds the correct ADSI searcher object. - - .PARAMETER Domain - - The domain to use for the query, defaults to the current domain. - - .PARAMETER DomainController - - Domain controller to reflect LDAP queries through. - - .PARAMETER ADSpath - - The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" - Useful for OU queries. - - .PARAMETER ADSprefix - - Prefix to set for the searcher (like "CN=Sites,CN=Configuration") - - .PARAMETER PageSize - - The PageSize to set for the LDAP searcher object. - - .PARAMETER Credential - - A [Management.Automation.PSCredential] object of alternate credentials - for connection to the target domain. - - .EXAMPLE - - PS C:\> Get-DomainSearcher -Domain testlab.local - - .EXAMPLE - - PS C:\> Get-DomainSearcher -Domain testlab.local -DomainController SECONDARY.dev.testlab.local -#> - - param( - [Parameter(ValueFromPipeline=$True)] - [String] - $Domain, - - [String] - $DomainController, - - [String] - $ADSpath, - - [String] - $ADSprefix, - - [ValidateRange(1,10000)] - [Int] - $PageSize = 200, - - [Management.Automation.PSCredential] - $Credential - ) - - if(-not $Credential) { - if(-not $Domain) { - $Domain = (Get-NetDomain).name - } - elseif(-not $DomainController) { - try { - # if there's no -DomainController specified, try to pull the primary DC to reflect queries through - $DomainController = ((Get-NetDomain).PdcRoleOwner).Name - } - catch { - throw "Get-DomainSearcher: Error in retrieving PDC for current domain" - } - } - } - elseif (-not $DomainController) { - # if a DC isn't specified - try { - $DomainController = ((Get-NetDomain -Credential $Credential).PdcRoleOwner).Name - } - catch { - throw "Get-DomainSearcher: Error in retrieving PDC for current domain" - } - - if(!$DomainController) { - throw "Get-DomainSearcher: Error in retrieving PDC for current domain" - } - } - - $SearchString = "LDAP://" - - if($DomainController) { - $SearchString += $DomainController - if($Domain){ - $SearchString += '/' - } - } - - if($ADSprefix) { - $SearchString += $ADSprefix + ',' - } - - if($ADSpath) { - if($ADSpath -Match '^GC://') { - # if we're searching the global catalog - $DN = $AdsPath.ToUpper().Trim('/') - $SearchString = '' - } - else { - if($ADSpath -match '^LDAP://') { - if($ADSpath -match "LDAP://.+/.+") { - $SearchString = '' - } - else { - $ADSpath = $ADSpath.Substring(7) - } - } - $DN = $ADSpath - } - } - else { - if($Domain -and ($Domain.Trim() -ne "")) { - $DN = "DC=$($Domain.Replace('.', ',DC='))" - } - } - - $SearchString += $DN - Write-Verbose "Get-DomainSearcher search string: $SearchString" - - if($Credential) { - Write-Verbose "Using alternate credentials for LDAP connection" - $DomainObject = New-Object DirectoryServices.DirectoryEntry($SearchString, $Credential.UserName, $Credential.GetNetworkCredential().Password) - $Searcher = New-Object System.DirectoryServices.DirectorySearcher($DomainObject) - } - else { - $Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) - } - - $Searcher.PageSize = $PageSize - $Searcher.CacheResults = $False - $Searcher -} - - -function Get-ADObject { -<# - .SYNOPSIS - - Takes a domain SID and returns the user, group, or computer object - associated with it. - - .PARAMETER SID - - The SID of the domain object you're querying for. - - .PARAMETER Name - - The Name of the domain object you're querying for. - - .PARAMETER SamAccountName - - The SamAccountName of the domain object you're querying for. - - .PARAMETER Domain - - The domain to query for objects, defaults to the current domain. - - .PARAMETER DomainController - - Domain controller to reflect LDAP queries through. - - .PARAMETER ADSpath - - The LDAP source to search through, e.g. "LDAP://OU=secret,DC=testlab,DC=local" - Useful for OU queries. - - .PARAMETER Filter - - Additional LDAP filter string for the query. - - .PARAMETER ReturnRaw - - Switch. Return the raw object instead of translating its properties. - Used by Set-ADObject to modify object properties. - - .PARAMETER PageSize - - The PageSize to set for the LDAP searcher object. - - .PARAMETER Credential - - A [Management.Automation.PSCredential] object of alternate credentials - for connection to the target domain. - - .EXAMPLE - - PS C:\> Get-ADObject -SID "S-1-5-21-2620891829-2411261497-1773853088-1110" - - Get the domain object associated with the specified SID. - - .EXAMPLE - - PS C:\> Get-ADObject -ADSpath "CN=AdminSDHolder,CN=System,DC=testlab,DC=local" - - Get the AdminSDHolder object for the testlab.local domain. -#> - - [CmdletBinding()] - Param ( - [Parameter(ValueFromPipeline=$True)] - [String] - $SID, - - [String] - $Name, - - [String] - $SamAccountName, - - [String] - $Domain, - - [String] - $DomainController, - - [String] - $ADSpath, - - [String] - $Filter, - - [Switch] - $ReturnRaw, - - [ValidateRange(1,10000)] - [Int] - $PageSize = 200, - - [Management.Automation.PSCredential] - $Credential - ) - process { - if($SID) { - # if a SID is passed, try to resolve it to a reachable domain name for the searcher - try { - $Name = Convert-SidToName $SID - if($Name) { - $Canonical = Convert-ADName -ObjectName $Name -InputType NT4 -OutputType Canonical - if($Canonical) { - $Domain = $Canonical.split("/")[0] - } - else { - Write-Warning "Error resolving SID '$SID'" - return $Null - } - } - } - catch { - Write-Warning "Error resolving SID '$SID' : $_" - return $Null - } - } - - $ObjectSearcher = Get-DomainSearcher -Domain $Domain -DomainController $DomainController -Credential $Credential -ADSpath $ADSpath -PageSize $PageSize - - if($ObjectSearcher) { - if($SID) { - $ObjectSearcher.filter = "(&(objectsid=$SID)$Filter)" - } - elseif($Name) { - $ObjectSearcher.filter = "(&(name=$Name)$Filter)" - } - elseif($SamAccountName) { - $ObjectSearcher.filter = "(&(samAccountName=$SamAccountName)$Filter)" - } - - $Results = $ObjectSearcher.FindAll() - $Results | Where-Object {$_} | ForEach-Object { - if($ReturnRaw) { - $_ - } - else { - # convert/process the LDAP fields for each result - Convert-LDAPProperty -Properties $_.Properties - } - } - $Results.dispose() - $ObjectSearcher.dispose() - } - } -} - -Report-UsersWithSIDHistory diff --git a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/sidhistory_scanner.ps1 b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/sidhistory_scanner.ps1 index afc0ab4d..1b753955 100644 --- a/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/sidhistory_scanner.ps1 +++ b/SourceCode/src/ZbangGui/bin/version/System32/ZBANG/SIDHistory/sidhistory_scanner.ps1 @@ -4,14 +4,14 @@ Release Notes: The SID History module queries the Active Directory and searches for accounts that have SID history attribute. -Version 1: 14.6.16 +Version 1: 14.6.18 +Last Update: 15.08.2021 Based on riskySPN script: https://github.com/CyberArkLabs/RiskySPN ----------------------------------------------------------------------------------------------------#> - function Get-UsersWithSIDHistory { <# @@ -27,8 +27,18 @@ function Get-UsersWithSIDHistory to an Entrepise/Domain admin. Requires Active Directory authentication (domain user is enough). + .PARAMETER Ou + The name of the Organizational Unit to query. + .PARAMETER Domain - The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. + The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. + + .PARAMETER SecondSearch + The scope of the second search, the search is for users who have equal sid to one of the sidhistory. + Only apply with Ou parameter or domain parameter + 0 - no scope + 1 - withn the domain scope + 2 - entire forest scope .PARAMETER AddGroups Add additional groups to consider as sensitive @@ -48,14 +58,66 @@ function Get-UsersWithSIDHistory [CmdletBinding()] param ( + [string]$Ou, [string]$Domain, + [int]$SecondSearch=2, [array]$AddGroups, [switch]$Sensitive, [switch]$Stealth, [switch]$GetSPNs, [switch]$FullData ) + + #Added 3.8.21 Log + function DisposeWrapper ($InputObject) + { + if ($null -ne $InputObject -and $InputObject -is [System.IDisposable]) + { + $InputObject.Dispose() + } + } + # $todaysdate = Get-Date -Format "MM_dd_HH_mm_" + # $logfilepath = ".\"+$todaysdate+"Log.log" + # if(Test-Path $logfilepath) + # { + # Remove-Item $logfilepath + # } + + # function WriteToLog($messege) + # { + # Add-Content $logfilepath -value $messege + # } + # Add stop transcript + # Start-Transcript -Path $logfilepath + # WriteToLog("Log Start") + function initSearcher { + $SearcherToReturn = New-Object System.DirectoryServices.DirectorySearcher + $SearcherToReturn.PageSize = 500 + $SearcherToReturn.CacheResults = $false + return $SearcherToReturn + } + + function forestDomains { + $SearchListForest = @() + try{ + $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() + }catch{ + write-host "The current forest cannot be reached. Seems like the machine is not part of any domain." -ForegroundColor Red + exit + } + foreach ($ChildDomain in $($SearchScope.Domains)) + { + if ($ChildDomain.DomainMode.value__ -lt 4) + { + Write-host "The function level of domain: $($ChildDomain.Name) is lower than 2008R2 - it may cause partial results" + } + $SearchListForest += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) + } + return $SearchListForest + } + # Added 3.8.21 till here + #recursivly get nested groups of a group object function Get-NestedGroups { @@ -107,32 +169,29 @@ function Get-UsersWithSIDHistory { Write-host "The function level of domain: $($ChildDomain.name) is lower than 2008R2 - it may cause partial results" } - $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) - Write-Host "Searching the domain: $($SearchScope.name)" + # $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + #Added 3.8.21 + $SearchListDomain += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + if ($Ou) + { + $SearchList += 'LDAP://OU='+$Ou+',DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + Write-Host "Searching the domain: $($SearchScope.name) within the OU:$($Ou)" + }else{ + $SearchList += 'LDAP://DC=' + ($SearchScope.Name -Replace ("\.",',DC=')) + Write-Host "Searching the domain: $($SearchScope.name)" + } + } else { - try{ - $SearchScope = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() - }catch{ - write-host "The current forest cannot be reached. Seems like the machine is not part of any domain." -ForegroundColor Red - exit - } - foreach ($ChildDomain in $($SearchScope.Domains)) - { - if ($ChildDomain.DomainMode.value__ -lt 4) - { - Write-host "The function level of domain: $($ChildDomain.Name) is lower than 2008R2 - it may cause partial results" - } - $SearchList += 'LDAP://DC=' + ($ChildDomain.Name -Replace ("\.",',DC=')) - } - Write-Host "Searching the forest: $($SearchScope.name)" + $SearchList = forestDomains } #creating ADSI searcher - $Searcher = New-Object System.DirectoryServices.DirectorySearcher - $Searcher.PageSize = 500 + $Searcher = initSearcher $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null + # Added 3.8.21 + #========================================================================= Gathering Sensitive Groups ========================================================================= @@ -145,6 +204,7 @@ function Get-UsersWithSIDHistory } $AllSensitiveGroups = @() Write-Verbose "Gathering sensitive groups" + $counterPath = 1 foreach ($Path in $SearchList) { $Searcher.SearchRoot = $Path @@ -154,6 +214,9 @@ function Get-UsersWithSIDHistory $Searcher.Filter = "(&(|(samAccountType=536870912)(samAccountType=268435456))(|(samAccountName=$GroupName)(name=$GroupName)))" try {$GroupObjects = $Searcher.FindAll()} catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + #Added 3.8.21 + # WriteToLog("Line 218 Searcher.FindAll() complete with filter $($GroupName) and path number: $($counterPath)") + #if we find groups if ($GroupObjects) { @@ -163,8 +226,12 @@ function Get-UsersWithSIDHistory $AllSensitiveGroups += Get-NestedGroups -DN $GroupObject.Properties.distinguishedname } } - else {Write-Warning "Could not find group: $Group"} + else {Write-Warning "Could not find group: $Group"} + # Added 3.8.21 + DisposeWrapper($GroupObjects) + } + $counterPath++ } Write-Verbose "Number of sensitive groups found: $($AllSensitiveGroups.Count)" @@ -173,6 +240,11 @@ function Get-UsersWithSIDHistory Write-Host "Gathering user accounts with SID History attribute" #list of properties to retreive from AD $Properies = "samaccountname","displayname", "SID", "SIDHistory", "userprincipalname", "memberof","pwdlastset","objectCategory","ObjectClass" + + #Added 3.8.21 + DisposeWrapper($Searcher) + $Searcher = initSearcher + $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null foreach ($Property in $Properies) { @@ -183,6 +255,7 @@ function Get-UsersWithSIDHistory $Searcher.Filter = "(&(objectCategory=User)(SIDHistory=*))" $UsersWithSIDHistory = @() + $counterPath = 1 foreach ($Path in $SearchList) { $Searcher.SearchRoot = $Path @@ -190,11 +263,15 @@ function Get-UsersWithSIDHistory #printing the user results #foreach ($objResult in $Searcher.FindAll()) # {$objItem = $objResult.Properties; $objItem.displayname} - + try {$UsersWithSIDHistory += $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + # WriteToLog ("Line 269 DirectorySearcher.findall() Complete at Path number: $($counterPath)") + $counterPath++ } - + + DisposeWrapper($Searcher) + if ($($UsersWithSIDHistory.Count -eq 0)) { Write-host "`nSID History scan completed`nThe scanned forest don't have user accounts with SID History" -ForegroundColor Yellow @@ -209,8 +286,33 @@ function Get-UsersWithSIDHistory $CurrentDate = Get-Date $AllData = @() + + #Added 3.8.21 + DisposeWrapper($Searcher) + # WriteToLog ("Line 292 There is $($UsersWithSIDHistory.Count) UsersWithSIDHistory") + + #Added 3.8.21 + if ($Ou -or $Domain){ + Switch($SecondSearch) + { + 0 { $SearchList = @()} + 1 { $SearchList = $SearchListDomain} + 2 { $SearchList = forestDomains} + } + } + + $counterUsers=1 foreach ($User in $UsersWithSIDHistory) { + #Added 3.8.21 + # WriteToLog("Line 308: start enumerate sidhistory user number $($counterUsers) ") + $Searcher = initSearcher + $Searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null + foreach ($Property in $Properies) + { + $Searcher.PropertiesToLoad.Add($Property) | Out-Null + } + #write-host "" Write-Verbose "Gathering info about the user: $($User.Properties.displayname)" @@ -243,11 +345,15 @@ function Get-UsersWithSIDHistory #write-host $strSID.Value #write-host "SidHistory:" - $objItemT = $User.Properties - $tsam = $objItemT.samaccountname + + # Added 3.8.21 + # $objItemT = $User.Properties + # $tsam = $objItemT.samaccountname + $objpath = $User.path $objpath1=[ADSI]"$objpath" $objectSIDHistory = [byte[]]$objpath1.sidhistory.value + $sidHistory = new-object System.Security.Principal.SecurityIdentifier $objectSIDHistory,0 #write-host $sidHistory @@ -257,6 +363,8 @@ function Get-UsersWithSIDHistory $Searcher.Filter = "(objectSID=$sidHistory)" $infoFromHistory = @() + + $counterPath = 1 foreach ($Path in $SearchList) { $Searcher.SearchRoot = $Path @@ -266,20 +374,27 @@ function Get-UsersWithSIDHistory # {$objItem = $objResult.Properties; $objItem.displayname} try {$infoFromHistory += $Searcher.FindAll()} - catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + catch {Write-Warning "Could not communicate with the domain: $($Path -replace "LDAP://DC=" -replace ",DC=", ".") - Does it have trust?"} + # WriteToLog ("Line 378 search for sidhistory as objectsid in path number $($counterPath)") + $counterPath++ } - + $historyNotFound = 'previousSIDnotFound' if ($infoFromHistory.Count -eq 0) { + $HistoryName = $historyNotFound $HistoryMemberOf = $historyNotFound } else { #write-host "SidHistory Name:" - $objSID = New-Object System.Security.Principal.SecurityIdentifier ($sidHistory) - $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) - $HistoryName = $objUser.Value + try{ + $objSID = New-Object System.Security.Principal.SecurityIdentifier ($sidHistory) + $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) + $HistoryName = $objUser.Value + } + catch { $HistoryName = 'CouldNotFind'} + #write-host $HistoryName #$HistoryName = $HistoryName -replace ".*\\" #write-host $userHistoryName @@ -306,16 +421,12 @@ function Get-UsersWithSIDHistory $secondaryMemberOf = [string]($HistoryMemberOf | foreach {[string]$_}) #write-host $HistoryMemberOf } - - - + #$secondaryDomainSID = Convert-SidToName $sid - - write-host "" $ofs = '<|>' $initiallyMemberOf = [string](($User.Properties.memberof -replace "CN=" -replace ",.*") | foreach {[string]$_}) - #NS 02-01-2018 + # NS 02-01-2018 $userphoto = "" $bytes = GetMemberThumbnail([string]$User.Properties.samaccountname) if ($bytes -ne $null) { @@ -352,13 +463,25 @@ function Get-UsersWithSIDHistory UserPhoto = $userphoto } $AllData += $UserData - } + + #Added 3.8.21 + DisposeWrapper($infoFromHistory) + DisposeWrapper($Searcher) + # WriteToLog("Line 473: enumerate sidhistory user number $($counterUsers) ended ") + $counterUsers++ + } + Write-Verbose "Number of users included in the list: $($AllData.UserName.Count)" + #Added 3.8.21 + DisposeWrapper($UsersWithSIDHistory) + + #For now the FullData paramter is not relevant if ($FullData) {return $AllData} else {return $AllData} + } @@ -379,6 +502,9 @@ function GetMemberThumbnail($userName) { return $result.Properties["thumbnailPhoto"] } + + #Added 3.8.21 + DisposeWrapper($searcher) } @@ -398,6 +524,19 @@ function Report-UsersWithSIDHistory With compromised SID history attribute - an attacker can impersonate to an Entrepise/Domain admin. + .PARAMETER Ou + The name of the Organizational Unit to query. + + .PARAMETER Domain + The name of the domain to query. "Current" for the user's current domain. Defualts to the entire forest. + + .PARAMETER SecondSearch + The scope of the second search, the search is for users who have equal sid to one of the users sidhistory. + Only apply with Ou parameter or domain parameter + 0 - no scope + 1 - withn the domain scope + 2 - entire forest scope + .PARAMETER Type The format of the report file. The default is CSV @@ -425,13 +564,18 @@ function Report-UsersWithSIDHistory [CmdletBinding()] param ( + [String]$Ou, + [String]$Domain , + [int]$SecondSearch=1, + # [int]$ResultsPerCSV, [ValidateSet("CSV", "XML", "HTML", "TXT")] [String]$Type = "CSV", - # [String]$Path = "$env:USERPROFILE\Documents", - [String]$Path = "Results/", + # [String]$Path = "$env:USERPROFILE\Documents", + [String]$Path = "Results/", [String]$Name = "Report", [Switch]$Summary, - [Switch]$DoNotOpen + [Switch]$DoNotOpen, + [Switch]$FullData ) # Credits for Boe Prox from TechNet - https://gallery.technet.microsoft.com/scriptcenter/Convert-OutoutForCSV-6e552fc6 @@ -484,17 +628,52 @@ function Report-UsersWithSIDHistory End {} } - $FilePath = "$Path\$Name.$($Type.ToLower())" $FilePathCSV = "$Path\$Name" +".csv" + + #Added 3.8.21 + if($Domain) + { + if($Ou){ + $Report = Get-UsersWithSIDHistory -Ou $Ou -Domain $Domain -SecondSearch $SecondSearch + }else{ + $Report = Get-UsersWithSIDHistory -Domain $Domain -SecondSearch $SecondSearch + } + }else{ + $Report = Get-UsersWithSIDHistory + } - $Report = Get-UsersWithSIDHistory -FullData + #for Full Data in the future + # $ParamsUsersWithSid = "" + # if ($FullData){ + # $ParamsUsersWithSid = $ParamsUsersWithSid + '-FullData' + # } + # if ($Domain){ + # if($Ou){ + # $ParamsUsersWithSid = $ParamsUsersWithSid + " -Ou $($Ou)" + " -Domain $($Domain)" + # }else{ + # $ParamsUsersWithSid = $ParamsUsersWithSid + " -Domain $($Domain)" + # } + # } + + # $Report = powershell -command "& { . .\SIDHistory_Scanner.ps1; Get-UsersWithSIDHistory $($ParamsUsersWithSid) }" + # $Report=Get-UsersWithSIDHistory "$($ParamsUsersWithSid)" if ($Summary) { #---------------Not relevant for now-------------------------------------------------------------------------# #$Report = $Report | Select-Object UserName,DomainName,IsSensitive,PwdAge,CrackWindow,RunsUnder } + + # Added 3.8.21 + if (!(Test-Path -Path $FilePath)) { + "Results folder doesn't exist. Create Folder" + New-Item -Path ".\" -Name "Results" -ItemType "directory" + } + # $Check = Get-Location + # Write-Host $Check + # Added till here + # NS if ($Type -eq "CSV" ) {$Report | Convert-Output | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} if ($Type -eq "CSV" ) {$Report | Export-Csv $FilePath -Encoding UTF8 -NoTypeInformation} elseif ($Type -eq "XML") @@ -510,6 +689,8 @@ function Report-UsersWithSIDHistory { # Invoke-Item $FilePath } + + # Stop-Transcript } @@ -1090,7 +1271,8 @@ filter Get-DomainSearcher { $Searcher.PageSize = $PageSize $Searcher.CacheResults = $False - $Searcher + #Added 3.8.21 + DisposeWrapper($Searcher) } @@ -1214,7 +1396,7 @@ function Get-ADObject { } $ObjectSearcher = Get-DomainSearcher -Domain $Domain -DomainController $DomainController -Credential $Credential -ADSpath $ADSpath -PageSize $PageSize - + if($ObjectSearcher) { if($SID) { $ObjectSearcher.filter = "(&(objectsid=$SID)$Filter)" @@ -1236,8 +1418,9 @@ function Get-ADObject { Convert-LDAPProperty -Properties $_.Properties } } - $Results.dispose() - $ObjectSearcher.dispose() + DisposeWrapper($Results) + DisposeWrapper($ObjectSearcher) + } } } @@ -1309,5 +1492,4 @@ function Convert-LDAPProperty { New-Object -TypeName PSObject -Property $ObjectProperties } - -Report-UsersWithSIDHistory +# Report-UsersWithSIDHistory diff --git a/SourceCode/src/ZbangGui/bin/version/System32/bin/release/Graphviz4Net.WPF.Example.exe b/SourceCode/src/ZbangGui/bin/version/System32/bin/release/Graphviz4Net.WPF.Example.exe index 7858b19b..123ba9b1 100644 Binary files a/SourceCode/src/ZbangGui/bin/version/System32/bin/release/Graphviz4Net.WPF.Example.exe and b/SourceCode/src/ZbangGui/bin/version/System32/bin/release/Graphviz4Net.WPF.Example.exe differ diff --git a/SourceCode/src/ZbangGui/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/ZbangGui/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache new file mode 100644 index 00000000..c4d79248 Binary files /dev/null and b/SourceCode/src/ZbangGui/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/ZbangGui/obj/Debug/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs b/SourceCode/src/ZbangGui/obj/Debug/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/obj/Debug/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs b/SourceCode/src/ZbangGui/obj/Debug/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/obj/Debug/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs b/SourceCode/src/ZbangGui/obj/Debug/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache b/SourceCode/src/ZbangGui/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache index 89f6f088..acb1a509 100644 Binary files a/SourceCode/src/ZbangGui/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/SourceCode/src/ZbangGui/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/SourceCode/src/ZbangGui/obj/Release/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs b/SourceCode/src/ZbangGui/obj/Release/TemporaryGeneratedFile_036C0B5B-1481-4323-8D20-8F5ADCB23D92.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/obj/Release/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs b/SourceCode/src/ZbangGui/obj/Release/TemporaryGeneratedFile_5937a670-0e60-4077-877b-f7221da3dda1.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/obj/Release/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs b/SourceCode/src/ZbangGui/obj/Release/TemporaryGeneratedFile_E7A71F73-0F8D-4B9B-B56E-8E70B10BC5D3.cs new file mode 100644 index 00000000..e69de29b diff --git a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.Properties.Resources.resources b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.Properties.Resources.resources index 857fdf14..8525c9d9 100644 Binary files a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.Properties.Resources.resources and b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.Properties.Resources.resources differ diff --git a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.FileListAbsolute.txt b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.FileListAbsolute.txt index 433c320b..6cd10cab 100644 --- a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.FileListAbsolute.txt +++ b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.FileListAbsolute.txt @@ -5,3 +5,17 @@ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\ C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\ZbangGui\obj\Release\ZbangGui.csproj.GenerateResource.Cache C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\ZbangGui\obj\Release\ZbangGui.exe C:\Users\nimrod\Documents\Visual Studio 2015\Projects\graphviz4net_b19bb0cdc8c6\src\ZbangGui\obj\Release\ZbangGui.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\bin\Release\ZbangGui.exe.config +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.exe +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.csproj.GenerateResource.Cache +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\bin\Release\ZbangGui.exe +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\bin\Release\ZbangGui.pdb +C:\Users\yanivy\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.Properties.Resources.resources +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\bin\Release\ZbangGui.exe.config +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.exe +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.pdb +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\bin\Release\ZbangGui.exe +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\bin\Release\ZbangGui.pdb +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.Properties.Resources.resources +C:\Users\Administrator\Documents\Visual Studio 2015\Projects\zBang\SourceCode\src\ZbangGui\obj\Release\ZbangGui.csproj.GenerateResource.Cache diff --git a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.GenerateResource.Cache b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.GenerateResource.Cache index 334f595c..6fa40e50 100644 Binary files a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.GenerateResource.Cache and b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.csproj.GenerateResource.Cache differ diff --git a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.exe b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.exe index 9cd97972..fb2dc20a 100644 Binary files a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.exe and b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.exe differ diff --git a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.pdb b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.pdb index 3c54be88..204904b9 100644 Binary files a/SourceCode/src/ZbangGui/obj/Release/ZbangGui.pdb and b/SourceCode/src/ZbangGui/obj/Release/ZbangGui.pdb differ diff --git a/SourceCode/src/zBang.sln b/SourceCode/src/zBang.sln index 67ee016d..a4fe1c78 100644 --- a/SourceCode/src/zBang.sln +++ b/SourceCode/src/zBang.sln @@ -52,8 +52,8 @@ Global {EE5D79D6-D196-4345-A271-DC2E79E26DDA}.Release|Mixed Platforms.Build.0 = Release|Any CPU {EE5D79D6-D196-4345-A271-DC2E79E26DDA}.Release|x86.ActiveCfg = Release|Any CPU {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|Any CPU.ActiveCfg = Debug|x86 - {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|Mixed Platforms.ActiveCfg = Debug|x86 - {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|Mixed Platforms.Build.0 = Debug|x86 + {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|Mixed Platforms.ActiveCfg = Release|x86 + {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|Mixed Platforms.Build.0 = Release|x86 {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|x86.ActiveCfg = Debug|x86 {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Debug|x86.Build.0 = Debug|x86 {F820EB5A-BBFD-46AD-9EEB-3DFE8D1D7BE7}.Release|Any CPU.ActiveCfg = Release|x86 @@ -115,8 +115,8 @@ Global {A7915102-8326-4862-96F0-4EB80ED087B4}.Release|x86.Build.0 = Release|Any CPU {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|Any CPU.Build.0 = Debug|Any CPU - {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU - {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU + {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|Mixed Platforms.ActiveCfg = Release|Any CPU + {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|Mixed Platforms.Build.0 = Release|Any CPU {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|x86.ActiveCfg = Debug|Any CPU {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Debug|x86.Build.0 = Debug|Any CPU {F688C62D-6E1E-4214-8BEB-34ABE324AE01}.Release|Any CPU.ActiveCfg = Release|Any CPU diff --git a/zBang.exe b/zBang.exe index 03890a40..fb2dc20a 100644 Binary files a/zBang.exe and b/zBang.exe differ