Skip to content

Commit

Permalink
add Registry collection
Browse files Browse the repository at this point in the history
  • Loading branch information
leechristensen committed Dec 20, 2024
1 parent 64ef0e5 commit 5865714
Show file tree
Hide file tree
Showing 9 changed files with 75 additions and 17 deletions.
8 changes: 8 additions & 0 deletions Properties/launchSettings.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"profiles": {
"Sharphound": {
"commandName": "Project",
"commandLineArgs": "-C All"
}
}
}
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dotnet build
The listing below details the CLI arguments SharpHound supports. Additional details about these options can be found in the [BloodHound CE Collection documentation](https://support.bloodhoundenterprise.io/hc/en-us/articles/17481375424795-All-SharpHound-Community-Edition-Flags-Explained).
```
-c, --collectionmethods (Default: Default) Collection Methods: Container, Group, LocalGroup, GPOLocalGroup,
Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly, UserRights, CARegistry, DCRegistry, CertServices
Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly, UserRights, CARegistry, DCRegistry, CertServices, Registry
-d, --domain Specify domain to enumerate
Expand Down
14 changes: 9 additions & 5 deletions Sharphound.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net462</TargetFramework>
<TargetFramework>net472</TargetFramework>
<LangVersion>latest</LangVersion>
<DebugType>full</DebugType>
<ApplicationIcon>favicon.ico</ApplicationIcon>
Expand All @@ -24,14 +24,18 @@
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<PackageReference Include="SharpHoundCommon" Version="4.0.9" />
<PackageReference Include="SharpHoundRPC" Version="4.0.8" />
<PackageReference Include="SharpZipLib" Version="1.3.3" />
<PackageReference Include="System.Net.Http" Version="4.3.0" />
<!--<PackageReference Include="SharpHoundCommon" Version="4.0.9" />
<PackageReference Include="SharpHoundRPC" Version="4.0.8" />-->
<PackageReference Include="SharpZipLib" Version="1.3.3" />
<PackageReference Include="System.Runtime.CompilerServices.Unsafe" Version="6.0.0" />
<PackageReference Include="System.Threading.Channels" Version="8.0.0" />
<PackageReference Include="System.ValueTuple" Version="4.5.0" />
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\sharphoundcommon\src\CommonLib\SharpHoundCommonLib.csproj" />
<ProjectReference Include="..\sharphoundcommon\src\SharpHoundRPC\SharpHoundRPC.csproj" />
</ItemGroup>
<ItemGroup>
<!-- <Reference Include="SharpHoundCommon">-->
<!-- <HintPath>..\SharpHoundCommon\src\CommonLib\bin\Debug\net462\SharpHoundCommonLib.dll</HintPath>-->
Expand Down
20 changes: 18 additions & 2 deletions Sharphound.sln
Original file line number Diff line number Diff line change
@@ -1,9 +1,17 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.31321.278
# Visual Studio Version 17
VisualStudioVersion = 17.10.34928.147
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Sharphound", "Sharphound.csproj", "{90A6822C-4336-433D-923F-F54CE66BA98F}"
ProjectSection(ProjectDependencies) = postProject
{B837B250-80BC-4086-B0DC-E43A956C3D1D} = {B837B250-80BC-4086-B0DC-E43A956C3D1D}
{FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186} = {FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186}
EndProjectSection
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SharpHoundRPC", "..\sharphoundcommon\src\SharpHoundRPC\SharpHoundRPC.csproj", "{FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SharpHoundCommonLib", "..\sharphoundcommon\src\CommonLib\SharpHoundCommonLib.csproj", "{B837B250-80BC-4086-B0DC-E43A956C3D1D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Expand All @@ -15,6 +23,14 @@ Global
{90A6822C-4336-433D-923F-F54CE66BA98F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{90A6822C-4336-433D-923F-F54CE66BA98F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{90A6822C-4336-433D-923F-F54CE66BA98F}.Release|Any CPU.Build.0 = Release|Any CPU
{FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186}.Debug|Any CPU.Build.0 = Debug|Any CPU
{FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186}.Release|Any CPU.ActiveCfg = Release|Any CPU
{FDC2F19A-5B0A-4F64-99E0-4CB18D7CD186}.Release|Any CPU.Build.0 = Release|Any CPU
{B837B250-80BC-4086-B0DC-E43A956C3D1D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{B837B250-80BC-4086-B0DC-E43A956C3D1D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{B837B250-80BC-4086-B0DC-E43A956C3D1D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{B837B250-80BC-4086-B0DC-E43A956C3D1D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
Expand Down
1 change: 1 addition & 0 deletions src/Client/Enums.cs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ public enum CollectionMethodOptions
CARegistry,
DCRegistry,
CertServices,
Registry,
All
}
}
9 changes: 8 additions & 1 deletion src/Options.cs
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ public class Options
// Options that affect what is collected
[Option('c', "collectionmethods", Default = new[] { "Default" },
HelpText =
"Collection Methods: Group, LocalGroup, LocalAdmin, RDP, DCOM, PSRemote, Session, Trusts, ACL, Container, ComputerOnly, GPOLocalGroup, LoggedOn, ObjectProps, SPNTargets, UserRights, Default, DCOnly, CARegistry, DCRegistry, CertServices, All")]
"Collection Methods: Group, LocalGroup, LocalAdmin, RDP, DCOM, PSRemote, Session, Trusts, ACL, Container, ComputerOnly, GPOLocalGroup, LoggedOn, ObjectProps, SPNTargets, UserRights, Default, DCOnly, CARegistry, DCRegistry, CertServices, Registry, All")]
public IEnumerable<string> CollectionMethods { get; set; }

[Option('d', "domain", Default = null, HelpText = "Specify domain to enumerate")]
Expand Down Expand Up @@ -204,6 +204,7 @@ internal bool ResolveCollectionMethods(ILogger logger, out CollectionMethod reso
CollectionMethodOptions.CARegistry => CollectionMethod.CARegistry,
CollectionMethodOptions.DCRegistry => CollectionMethod.DCRegistry,
CollectionMethodOptions.CertServices => CollectionMethod.CertServices,
CollectionMethodOptions.Registry => CollectionMethod.Registry,
CollectionMethodOptions.All => CollectionMethod.All,
CollectionMethodOptions.None => CollectionMethod.None,
_ => throw new ArgumentOutOfRangeException()
Expand Down Expand Up @@ -262,6 +263,12 @@ internal bool ResolveCollectionMethods(ILogger logger, out CollectionMethod reso
updates.Add("[-] Removed DCRegistry Collection");
}

if ((resolved & CollectionMethod.Registry) != 0)
{
resolved ^= CollectionMethod.Registry;
updates.Add("[-] Removed Registry Collection");
}

if (localGroupRemoved)
{
resolved |= CollectionMethod.GPOLocalGroup;
Expand Down
9 changes: 7 additions & 2 deletions src/Runtime/CollectionTask.cs
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,13 @@ internal async Task<string> StartCollection()
{
for (var i = 0; i < _context.Threads; i++)
{
var consumer = LDAPConsumer.ConsumeSearchResults(_ldapChannel, _compStatusChannel, _outputChannel,
_context, i);
var consumer = LDAPConsumer.ConsumeSearchResults(
_ldapChannel,
_compStatusChannel,
_outputChannel,
_context,
i);

_taskPool.Add(consumer);
}

Expand Down
17 changes: 12 additions & 5 deletions src/Runtime/LDAPConsumer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,32 @@
using SharpHoundCommonLib;
using SharpHoundCommonLib.Enums;
using SharpHoundCommonLib.OutputTypes;
using SharpHoundCommonLib.Processors;

namespace Sharphound.Runtime
{
public static class LDAPConsumer
{
internal static async Task ConsumeSearchResults(Channel<IDirectoryObject> inputChannel,
Channel<CSVComputerStatus> computerStatusChannel, Channel<OutputBase> outputChannel, IContext context,
internal static async Task ConsumeSearchResults(
Channel<IDirectoryObject> inputChannel,
Channel<CSVComputerStatus> computerStatusChannel,
Channel<OutputBase> outputChannel,
IContext context,
int id)
{
var log = context.Logger;
var processor = new ObjectProcessors(context, log);
var portScanner = new PortScanner() { Timeout = context.PortScanTimeout };
var processor = new ObjectProcessors(context, log, portScanner);
var watch = new Stopwatch();
var threadId = Thread.CurrentThread.ManagedThreadId;

await foreach (var item in inputChannel.Reader.ReadAllAsync())
try
{
if (await LdapUtils.ResolveSearchResult(item, context.LDAPUtils) is not (true, var res) || res == null || res.ObjectType == Label.Base) {
if (item.TryGetDistinguishedName(out var dn)) {
if (await LdapUtils.ResolveSearchResult(item, context.LDAPUtils) is not (true, var res) || res == null || res.ObjectType == Label.Base)
{
if (item.TryGetDistinguishedName(out var dn))
{
log.LogTrace("Consumer failed to resolve entry for {item} or label was Base", dn);
}
continue;
Expand Down
12 changes: 11 additions & 1 deletion src/Runtime/ObjectProcessors.cs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
using SharpHoundCommonLib.Enums;
using SharpHoundCommonLib.OutputTypes;
using SharpHoundCommonLib.Processors;
using SharpHoundRPC.PortScanner;
using Container = SharpHoundCommonLib.OutputTypes.Container;
using Group = SharpHoundCommonLib.OutputTypes.Group;
using Label = SharpHoundCommonLib.Enums.Label;
Expand All @@ -33,11 +34,12 @@ public class ObjectProcessors {
private readonly GPOLocalGroupProcessor _gpoLocalGroupProcessor;
private readonly UserRightsAssignmentProcessor _userRightsAssignmentProcessor;
private readonly LocalGroupProcessor _localGroupProcessor;
private readonly RegistryProcessor _registryProcessor;
private readonly ILogger _log;
private readonly CollectionMethod _methods;
private readonly SPNProcessors _spnProcessor;

public ObjectProcessors(IContext context, ILogger log) {
public ObjectProcessors(IContext context, ILogger log, IPortScanner portScanner) {
_context = context;
_aclProcessor = new ACLProcessor(context.LDAPUtils);
_spnProcessor = new SPNProcessors(context.LDAPUtils);
Expand All @@ -55,6 +57,7 @@ public ObjectProcessors(IContext context, ILogger log) {
_gpoLocalGroupProcessor = new GPOLocalGroupProcessor(context.LDAPUtils);
_userRightsAssignmentProcessor = new UserRightsAssignmentProcessor(context.LDAPUtils);
_localGroupProcessor = new LocalGroupProcessor(context.LDAPUtils);
_registryProcessor = new RegistryProcessor(_log, context.DomainName);
_methods = context.ResolvedCollectionMethods;
_cancellationToken = context.CancellationTokenSource.Token;
_log = log;
Expand Down Expand Up @@ -238,6 +241,7 @@ await compStatusChannel.Writer.WriteAsync(availability.GetCSVStatus(resolvedSear
// DCRegistry
if (resolvedSearchResult.IsDomainController &
(_methods & CollectionMethod.DCRegistry) != 0) {
await _context.DoDelay();
DCRegistryData dCRegistryData = new() {
CertificateMappingMethods = _dCRegistryProcessor.GetCertificateMappingMethods(apiName),
StrongCertificateBindingEnforcement =
Expand Down Expand Up @@ -298,6 +302,12 @@ await compStatusChannel.Writer.WriteAsync(new CSVComputerStatus {
ret.UserRights = await userRights.ToArrayAsync();
}

if ((_methods & CollectionMethod.Registry) != 0)
{
await _context.DoDelay();
ret.RegistryData = await _registryProcessor.ReadRegistrySettings(apiName);
}

if (!_methods.IsLocalGroupCollectionSet())
return ret;

Expand Down

0 comments on commit 5865714

Please sign in to comment.