Skip to content

Commit

Permalink
Merge pull request #5 from mvelazc0/purple-team-summit
Browse files Browse the repository at this point in the history 
Purple team summit. v1.2
  • Loading branch information
@mvelazc0
mvelazc0 authored May 24, 2021
2 parents 63b413c + 94f8b1f commit 7d8d7ea
Show file tree
Hide file tree
Showing 15 changed files with 1,368 additions and 917 deletions.
169 changes: 4 additions & 165 deletions PurpleSharp/Lib/Json.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,113 +5,6 @@

namespace PurpleSharp.Lib
{
// Input classes
public class SimulationExercise
{
public string domain { get; set; }
public string username { get; set; }
public string dc { get; set; }
public int sleep { get; set; }
public string type { get; set; }
public List<SimulationPlaybook> playbooks { get; set; }
}


public class SimulationPlaybook
{
public string name { get; set; }
public string scoutfpath { get; set; }
public string simrpath { get; set; }
public int pbsleep { get; set; }
public int tsleep { get; set; }
public string host { get; set; }
public List<PlaybookTask> tasks { get; set; }
}

public class PlaybookTask
{
public string technique { get; set; }
public int variation { get; set; } = 1;
}


// Result classes
public class SimulationExerciseResult
{
public List<SimulationPlaybookResult> playbookresults { get; set; }
}

public class SimulationPlaybookResult
{
public string name { get; set; }
public string host { get; set; }
public string user { get; set; }
public string simprocess { get; set; }
public int simprocessid { get; set; }

public List<PlaybookTaskResult> taskresults { get; set; }
}

public class PlaybookTaskResult
{
public string timestamp { get; set; }
public string technique { get; set; }
//public string host { get; set; }
public bool success { get; set; }
public List<TaskDebugMsg> debugmsgs { get; set; }

}
public class TaskDebugMsg
{
public string msg { get; set; }
}

//Mitre ATT&CK

public class NavigatorLayer
{
public string name { get; set; }
public string version { get; set; }
public string domain { get; set; }
public string description { get; set; }
public bool hideDisabled { get; set; }

public NavigatorFilters filters { get; set; }
public List<NavigatorTechnique> techniques { get; set; }


//public Gradient gradient { get; set; }
//public object[] legendItems { get; set; }
//public object[] metadata { get; set; }
//public bool showTacticRowBackground { get; set; }
//public string tacticRowBackground { get; set; }
//public bool selectTechniquesAcrossTactics { get; set; }
}

public class NavigatorFilters
{
public string[] stages { get; set; }
public string[] platforms { get; set; }
}

public class NavigatorGradient
{
public string[] colors { get; set; }
public int minValue { get; set; }
public int maxValue { get; set; }
}

public class NavigatorTechnique
{
public string techniqueID { get; set; }
//public string tactic { get; set; }
public string color { get; set; }
//public string comment { get; set; }
public int score { get; set; }
public bool enabled { get; set; }
//public object[] metadata { get; set; }
}


class Json
{
Expand All @@ -128,60 +21,6 @@ public static SimulationExercise ReadSimulationPlaybook(string jsoninput)
return null;
}
}

/*
public static PlaybookTaskResult GetTaskResult(string results)
{
PlaybookTaskResult taskresult = new PlaybookTaskResult();
List<TaskDebugMsg> debugmsgs = new List<TaskDebugMsg>();
string[] lines = results.Split(new string[] { "\n", "\r\n" }, StringSplitOptions.RemoveEmptyEntries);
foreach (string line in lines)
{
if (line.Contains("Starting"))
{
taskresult.timestamp = line.Substring(0, line.IndexOf('[')).Trim();
string strip = line.Substring(line.LastIndexOf("]") + 1).Replace("Starting ", "").Replace("Simulation on ", "").Trim();
taskresult.technique = strip.Split(' ')[0];
//taskresult.host = strip.Split(' ')[1];
}
else if (line.Contains("Simulator"))
{
//string strip = line.Substring(line.LastIndexOf("]") + 1).Replace("Simulator running from ", "").Replace("with PID:", "").Trim();
//string strip = line.Substring(line.LastIndexOf("]") + 1).Replace("Simulator running from ", "").Replace("with PID:", "").Replace("as ", "").Trim();
string strip = line.Substring(line.LastIndexOf("]") + 1).Replace("Simulator running from ", "").Replace("with PID:", "|").Replace("as ", "|").Trim();
//taskresult.simprocess = strip.Split('|')[0];
//taskresult.simprocessid = Int32.Parse(strip.Split('|')[1]);
//taskresult.user = strip.Split('|')[2];
}
else if (line.Contains("Simulation Finished"))
{
taskresult.success = true;
}
else if (line.Contains("Simulation Failed"))
{
taskresult.success = false;
}
else
{
TaskDebugMsg debugmsg = new TaskDebugMsg();
debugmsg.msg = line;
debugmsgs.Add(debugmsg);
}
//Console.WriteLine(line.Substring(line.LastIndexOf(']') + 1));
}
taskresult.debugmsgs = debugmsgs;
return taskresult;
//File.WriteAllText("result.json", JsonConvert.SerializeObject(taskresult));
}
*/

public static SimulationExerciseResult GetSimulationExerciseResult(string results)
{
SimulationExerciseResult simulationresult = new SimulationExerciseResult();
Expand Down Expand Up @@ -468,14 +307,14 @@ public static SimulationExercise ConvertNavigatorToSimulationExercise(NavigatorL
{
SimulationPlaybook playbook = new SimulationPlaybook();
playbook.name = layer.name;
playbook.host = "random";
playbook.scoutfpath = @"C:\Windows\Psexesvc.exe";
playbook.simrpath = @"\Downloads\Firefox_Installer.exe";
playbook.remote_host = "random";
playbook.scout_full_path = @"C:\Windows\Psexesvc.exe";
playbook.simulator_relative_path = @"\Downloads\Firefox_Installer.exe";
List<PlaybookTask> tasks = new List<PlaybookTask>();


PlaybookTask task = new PlaybookTask();
task.technique = technique.techniqueID;
task.technique_id = technique.techniqueID;
tasks.Add(task);
playbook.tasks = tasks;
playbooks.Add(playbook);
Expand Down
29 changes: 24 additions & 5 deletions PurpleSharp/Lib/Ldap.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,31 @@ public class User
public string UserName { get; set; }
public string DisplayName { get; set; }
public bool isMapped { get; set; }

public User(string username)
{
UserName = username;
}
public User()
{
}
}
public class Computer
{
public string ComputerName { get; set; }
public string Fqdn { get; set; }
public string IPv4 { get; set; }

public Computer(string hostname, string ip)
{
ComputerName = hostname;
IPv4 = ip;
}
public Computer()
{

}

}

public class Ldap
Expand Down Expand Up @@ -70,7 +89,7 @@ public static List<User> GetADUsers(int count, Lib.Logger logger, string dc = ""
SearchResult result;

if (Enabled) logger.TimestampInfo("Querying for active domain users with badPwdCount <= 3..");
else logger.TimestampInfo(" Querying for disabled domain users ..");
else logger.TimestampInfo("Querying for disabled domain users ..");

SearchResultCollection resultCol = search.FindAll();

Expand Down Expand Up @@ -101,7 +120,7 @@ public static List<User> GetADUsers(int count, Lib.Logger logger, string dc = ""
}
}

public static List<User> GetADAdmins(int count)
public static List<User> GetADAdmins(int count, Lib.Logger logger)
{

DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE");
Expand All @@ -115,7 +134,7 @@ public static List<User> GetADAdmins(int count)
search.Filter = "(&(objectCategory=person)(objectClass=user)(adminCount=1)(!samAccountName=krbtgt)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
search.SizeLimit = count * 5;
SearchResult result;
Console.WriteLine("[*] Querying for active administrative users (adminCount=1) ..");
logger.TimestampInfo("Querying for active administrative users (adminCount=1) ..");
SearchResultCollection resultCol = search.FindAll();
if (resultCol != null)
{
Expand All @@ -137,11 +156,11 @@ public static List<User> GetADAdmins(int count)

}

public static List<User> GetDomainAdmins()
public static List<User> GetDomainAdmins(Lib.Logger logger)
{
List<User> lstDas = new List<User>();
PrincipalContext PC = new PrincipalContext(ContextType.Domain);
Console.WriteLine("[*] Querying for active Domain Admins ..");
logger.TimestampInfo("Querying for active Domain Admins ..");
GroupPrincipal GP = GroupPrincipal.FindByIdentity(PC, "Domain Admins");
foreach (UserPrincipal member in GP.Members)
{
Expand Down
Loading

0 comments on commit 7d8d7ea

Please sign in to comment.