Merge remote-tracking branch 'origin/master'

lkarlslund · Dec 22, 2021 · 70d4a41 · 70d4a41
2 parents 50e128f + 804c55e
commit 70d4a41
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 11 deletions.
diff --git a/build.cmd b/build.cmd
@@ -20,7 +20,14 @@ go build -ldflags "%LDFLAGS%" -o adalanche-osx-x64-%VERSION% ./adalanche
 set GOOS=linux
 go build -ldflags "%LDFLAGS%" -o adalanche-linux-x64-%VERSION% ./adalanche
 
+set GOARCH=arm64
+set GOOS=linux
+go build -ldflags "%LDFLAGS%" -o adalanche-linux-arm64-%VERSION% ./adalanche
+set GOOS=darwin
+go build -ldflags "%LDFLAGS%" -o adalanche-osx-m1-%VERSION% ./adalanche
+
 set LDFLAGS=-X github.com/lkarlslund/adalanche/modules/version.Program=adalanche-collector -X github.com/lkarlslund/adalanche/modules/version.Builddate=%BUILDDATE% -X github.com/lkarlslund/adalanche/modules/version.Commit=%COMMIT% -X github.com/lkarlslund/adalanche/modules/version.Version=%VERSION%
 set GOARCH=386
 set GOOS=windows
 go build -ldflags "%LDFLAGS%" -o adalanche-collector-windows-386-%VERSION%.exe ./collector
+
diff --git a/build.sh b/build.sh
@@ -14,7 +14,9 @@ LDFLAGS="-X github.com/lkarlslund/adalanche/modules/version.Program=adalanche -X
 
 GOOS=windows GOARCH=amd64 go build -ldflags "$LDFLAGS" -o adalanche-windows-x64-$VERSION.exe ./adalanche || EXIT_STATUS=$?
 GOOS=darwin GOARCH=amd64 go build -ldflags "$LDFLAGS" -o adalanche-osx-x64-$VERSION ./adalanche || EXIT_STATUS=$?
+GOOS=darwin GOARCH=arm64 go build -ldflags "$LDFLAGS" -o adalanche-osx-m1-$VERSION ./adalanche || EXIT_STATUS=$?
 GOOS=linux GOARCH=amd64 go build -ldflags "$LDFLAGS" -o adalanche-linux-x64-$VERSION ./adalanche || EXIT_STATUS=$?
+GOOS=linux GOARCH=arm64 go build -ldflags "$LDFLAGS" -o adalanche-linux-arm64-$VERSION ./adalanche || EXIT_STATUS=$?
 
 LDFLAGS="-X github.com/lkarlslund/adalanche/modules/version.Program=adalanche-collector -X github.com/lkarlslund/adalanche/modules/version.Builddate=$BUILDDATE -X github.com/lkarlslund/adalanche/modules/version.Commit=$COMMIT -X github.com/lkarlslund/adalanche/modules/version.Version=$VERSION"
 

diff --git a/modules/analyze/export-graph.go b/modules/analyze/export-graph.go
@@ -103,7 +103,7 @@ func GenerateCytoscapeJS(pg engine.PwnGraph, alldetails bool) (CytoGraph, error)
 				"type": object.Type().String(),
 			}}
 
-		if uac, ok := object.OneAttrRaw(activedirectory.UserAccountControl).(uint64); ok && uac&engine.UAC_ACCOUNTDISABLE != 0 {
+		if uac, ok := object.AttrInt(activedirectory.UserAccountControl); ok && uac&engine.UAC_ACCOUNTDISABLE != 0 {
 			newnode.Data["_disabled"] = true
 		}
 

diff --git a/modules/integrations/activedirectory/analyze/analyze-ad.go b/modules/integrations/activedirectory/analyze/analyze-ad.go
@@ -500,10 +500,11 @@ func init() {
 			// Method: activedirectory.PwnResetPassword,
 			Description: "Indicator that a group or user can reset the password of an account",
 			ObjectAnalyzer: func(o *engine.Object, ao *engine.Objects) {
-				// Only computers and users
+				// Only users, computers and service accounts
 				if o.Type() != engine.ObjectTypeUser && o.Type() != engine.ObjectTypeComputer && o.Type() != engine.ObjectTypeManagedServiceAccount {
 					return
 				}
+				// Check who can reset the password
 				sd, err := o.SecurityDescriptor()
 				if err != nil {
 					return

diff --git a/modules/integrations/activedirectory/pwns.go b/modules/integrations/activedirectory/pwns.go
@@ -3,15 +3,20 @@ package activedirectory
 import "github.com/lkarlslund/adalanche/modules/engine"
 
 var (
-	PwnCreateUser                           = engine.NewPwn("CreateUser")
-	PwnCreateGroup                          = engine.NewPwn("CreateGroup")
-	PwnCreateComputer                       = engine.NewPwn("CreateComputer")
-	PwnCreateAnyObject                      = engine.NewPwn("CreateAnyObject")
-	PwnDeleteChildrenTarget                 = engine.NewPwn("DeleteChildrenTarget")
-	PwnDeleteObject                         = engine.NewPwn("DeleteObject")
-	PwnInheritsSecurity                     = engine.NewPwn("InheritsSecurity")
-	PwnACLContainsDeny                      = engine.NewPwn("ACLContainsDeny").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return -1 })
-	PwnResetPassword                        = engine.NewPwn("ResetPassword")
+	PwnCreateUser           = engine.NewPwn("CreateUser")
+	PwnCreateGroup          = engine.NewPwn("CreateGroup")
+	PwnCreateComputer       = engine.NewPwn("CreateComputer")
+	PwnCreateAnyObject      = engine.NewPwn("CreateAnyObject")
+	PwnDeleteChildrenTarget = engine.NewPwn("DeleteChildrenTarget")
+	PwnDeleteObject         = engine.NewPwn("DeleteObject")
+	PwnInheritsSecurity     = engine.NewPwn("InheritsSecurity")
+	PwnACLContainsDeny      = engine.NewPwn("ACLContainsDeny").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return -1 })
+	PwnResetPassword        = engine.NewPwn("ResetPassword").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability {
+		if uac, ok := target.AttrInt(UserAccountControl); ok && uac&engine.UAC_ACCOUNTDISABLE != 0 {
+			return -1
+		}
+		return 100
+	})
 	PwnOwns                                 = engine.NewPwn("Owns")
 	PwnGenericAll                           = engine.NewPwn("GenericAll")
 	PwnWriteAll                             = engine.NewPwn("WriteAll")