Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added Path parameter to specify search container #6

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Added Path parameter to specify search container #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
66a2d59
Merge pull request #1 from FuzzySecurity/main
FuzzySecurity Nov 9, 2020
01ae05f
Merge branch 'FuzzySecurity:main' into main
FuzzySecurity Jun 10, 2021
4fd49c8
Added path option to specify search container
TheWover Jun 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 13 additions & 10 deletions StandIn/StandIn/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ namespace StandIn
{
class Program
{
public static void returnObject(String sObject, String sDomain = "", String sUser = "", String sPass = "", String sFilter = "")
public static void returnObject(String sObject, String sDomain = "", String sUser = "", String sPass = "", String sFilter = "", String sPath = "")
{
// Create searcher
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass);
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, sPath);
if (!so.success)
{
Console.WriteLine("[!] Failed to create directory searcher..");
Expand Down Expand Up @@ -192,10 +192,10 @@ public static void returnObject(String sObject, String sDomain = "", String sUse
}
}

public static void returnLDAP(String sLDAP, String sDomain = "", String sUser = "", String sPass = "", String sFilter = "", UInt32 iLimit = 0)
public static void returnLDAP(String sLDAP, String sDomain = "", String sUser = "", String sPass = "", String sPath = "", String sFilter = "", UInt32 iLimit = 0)
{
// Create searcher
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass);
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, sPath);
if (!so.success)
{
Console.WriteLine("[!] Failed to create directory searcher..");
Expand Down Expand Up @@ -1347,7 +1347,7 @@ public static void GPOObjectIncCounter(String sGPOName, String sTaskType, String
public static void setAllowedToActOnBehalfOfOtherIdentity(String sMachineName, String sObjectSID, String sDomain = "", String sUser = "", String sPass = "")
{
// Create searcher
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, true);
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, "", true);
if (!so.success)
{
Console.WriteLine("[!] Failed to create directory searcher..");
Expand Down Expand Up @@ -1418,7 +1418,7 @@ public static void setAllowedToActOnBehalfOfOtherIdentity(String sMachineName, S
public static void removeAllowedToActOnBehalfOfOtherIdentity(String sMachineName, String sDomain = "", String sUser = "", String sPass = "")
{
// Create searcher
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, true);
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, "", true);
if (!so.success)
{
Console.WriteLine("[!] Failed to create directory searcher..");
Expand Down Expand Up @@ -1709,10 +1709,10 @@ public static void deleteMachineAccount(String sMachineName, String sDomain = ""
}
}

public static void getObjectAccessPermissions(String sObject, String sNTAccount = "", String sDomain = "", String sUser = "", String sPass = "")
public static void getObjectAccessPermissions(String sObject, String sNTAccount = "", String sDomain = "", String sUser = "", String sPass = "", String sPath = "")
{
// Create searcher
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass);
hStandIn.SearchObject so = hStandIn.createSearchObject(sDomain, sUser, sPass, sPath);
if (!so.success)
{
Console.WriteLine("[!] Failed to create directory searcher..");
Expand Down Expand Up @@ -3348,6 +3348,9 @@ class ArgOptions
[Option(null, "pass")]
public String sPass { get; set; }

[Option(null, "path")]
public String sPath { get; set; }

[Option(null, "grant")]
public String sGrant { get; set; }

Expand Down Expand Up @@ -3511,7 +3514,7 @@ static void Main(string[] args)
{
if (ArgOptions.bAccess)
{
getObjectAccessPermissions(ArgOptions.sObject, ArgOptions.sNtaccount, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass);
getObjectAccessPermissions(ArgOptions.sObject, ArgOptions.sNtaccount, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass, ArgOptions.sPath);
}
else if (!String.IsNullOrEmpty(ArgOptions.sGrant))
{
Expand Down Expand Up @@ -3591,7 +3594,7 @@ static void Main(string[] args)
}
else if (!String.IsNullOrEmpty(ArgOptions.sLdap))
{
returnLDAP(ArgOptions.sLdap, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass, ArgOptions.sFilter, ArgOptions.iLimit);
returnLDAP(ArgOptions.sLdap, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass, ArgOptions.sPath, ArgOptions.sFilter, ArgOptions.iLimit);
}
else if (ArgOptions.bGPO)
{
Expand Down
12 changes: 9 additions & 3 deletions StandIn/StandIn/hStandIn.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ public static void getHelp()
"--domain Domain name, e.g. REDHOOK\n" +
"--user User name\n" +
"--pass Password\n" +
"--path LDAP path / container to search in\n" +
"--newpass New password to set for object\n" +
"--gpo List group policy objects\n" +
"--acl Show ACL's for returned GPO's\n" +
Expand Down Expand Up @@ -228,7 +229,8 @@ public static void getHelp()
"# Grant object access permissions\n" +
"StandIn.exe --object \"distinguishedname=DC=redhook,DC=local\" --grant \"REDHOOK\\MBWillett\" --type DCSync\n" +
"StandIn.exe --object \"distinguishedname=DC=redhook,DC=local\" --grant \"REDHOOK\\MBWillett\" --guid 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2\n" +
"StandIn.exe --object samaccountname=SomeTarget001$ --grant \"REDHOOK\\MBWillett\" --type GenericWrite --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n\n" +
"StandIn.exe --object samaccountname=SomeTarget001$ --grant \"REDHOOK\\MBWillett\" --type GenericWrite --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n" +
"StandIn.exe --object (&(objectClass=pKICertificateTemplate)(cn=User)) --path LDAP://CN=Configuration,DC=redhook,DC=local --access\n\n" +

"# Set object password\n" +
"StandIn.exe --object samaccountname=SomeTarget001$ --newpass \"Arkh4mW1tch!\"\n" +
Expand Down Expand Up @@ -357,14 +359,18 @@ public static String genAccountPass()
return new string(sPass);
}

public static SearchObject createSearchObject(String sDomain = "", String sUser = "", String sPass = "", Boolean ActOnBehalf = false)
public static SearchObject createSearchObject(String sDomain = "", String sUser = "", String sPass = "", String sPath = "", Boolean ActOnBehalf = false)
{
DirectoryEntry de = null;
DirectorySearcher ds = null;
SearchObject resultObject = new SearchObject();
try
{
de = new DirectoryEntry();
if (sPath == "")
de = new DirectoryEntry();
else
de = new DirectoryEntry(sPath);

resultObject.sDC = de.Options.GetCurrentServerName();
Console.WriteLine("\n[?] Using DC : " + de.Options.GetCurrentServerName());
if (!String.IsNullOrEmpty(sDomain) && !String.IsNullOrEmpty(sUser) && !String.IsNullOrEmpty(sPass))
Expand Down