Servicepoint, renamed variable, added NTDS debug dump

lkarlslund · Jan 30, 2024 · cacbfb2 · cacbfb2
1 parent 34780b3
commit cacbfb2
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 34 deletions.
diff --git a/modules/engine/objecttype.go b/modules/engine/objecttype.go
@@ -18,6 +18,7 @@ type ObjectType byte
 var (
 	NonExistingObjectType                = ^ObjectType(0)
 	ObjectTypeOther                      = NewObjectType("Other", "")
+	ObjectTypeCallableServicePoint       = NewObjectType("CallableService", "Callable-Service-Point")
 	ObjectTypeDomainDNS                  = NewObjectType("DomainDNS", "Domain-DNS")
 	ObjectTypeDNSNode                    = NewObjectType("DNSNode", "Dns-Node").SetDefault(Last, false)
 	ObjectTypeDNSZone                    = NewObjectType("DNSZone", "Dns-Zone").SetDefault(Last, false)
@@ -127,6 +128,10 @@ func (ot ObjectType) String() string {
 	return objecttypenums[ot].Name
 }
 
+func (ot ObjectType) ValueString() AttributeValueString {
+	return AttributeValueString(objecttypenums[ot].Lookup)
+}
+
 func (ot ObjectType) Lookup() string {
 	return objecttypenums[ot].Lookup
 }

diff --git a/modules/integrations/activedirectory/analyze/adloader.go b/modules/integrations/activedirectory/analyze/adloader.go
@@ -28,7 +28,7 @@ var (
 	limitattributes = analyze.Command.Flags().Bool("limitattributes", false, "Limit attributes to import (saves memory, experimental)")
 
 	adsource = engine.AttributeValueString("Active Directory")
-	Loader   = engine.AddLoader(func() engine.Loader { return (&ADLoader{}) })
+	LoaderID = engine.AddLoader(func() engine.Loader { return (&ADLoader{}) })
 
 	defaultNamingContext = engine.NewAttribute("defaultNamingContext")
 )

diff --git a/modules/integrations/activedirectory/collect/cli.go b/modules/integrations/activedirectory/collect/cli.go
@@ -252,8 +252,8 @@ func Execute(cmd *cobra.Command, args []string) error {
 		}
 
 		do := DumpOptions{
-			ReturnObjects: false,
-			WriteToFile:   filepath.Join(datapath, filepath.Base(*ntdsfile)+".objects.msgp.lz4"),
+			// ReturnObjects: true,
+			WriteToFile: filepath.Join(datapath, filepath.Base(*ntdsfile)+".objects.msgp.lz4"),
 		}
 
 		cp, _ := util.ParseBool(*collectgpos)
@@ -269,7 +269,15 @@ func Execute(cmd *cobra.Command, args []string) error {
 			}
 		}
 
-		_, err = ad.Dump(do)
+		// err = ad.DebugDump()
+		objects, err := ad.Dump(do)
+		if len(objects) > 0 {
+			debugfilename := do.WriteToFile + ".json"
+			ui.Debug().Msgf("Writing %v debug objects to %v", len(objects), debugfilename)
+			jsondata, _ := json.MarshalIndent(objects, "", "  ")
+			os.WriteFile(debugfilename, jsondata, 0644)
+		}
+
 		if err != nil {
 			os.Remove(do.WriteToFile)
 			return fmt.Errorf("problem collecting Active Directory objects: %v", err)

diff --git a/modules/integrations/activedirectory/collect/ntdsdit.go b/modules/integrations/activedirectory/collect/ntdsdit.go
@@ -46,6 +46,36 @@ type Table struct {
 	Fields map[int64]string
 }
 
+func (ntds *NTDSDumper) DebugDump() error {
+	// Initialize the catalog
+	catalog, err := parser.ReadCatalog(ntds.ese)
+	if err != nil {
+		return err
+	}
+
+	output, _ := os.Create(ntds.path + ".txt")
+	bufout := bufio.NewWriter(output)
+	tables := catalog.Tables.Keys()
+	for _, t := range tables {
+		count := 0
+		fmt.Fprintln(bufout, "-----------------------------", t, "----------------------------")
+		err = catalog.DumpTable(t, func(row *ordereddict.Dict) error {
+			serialized, err := json.Marshal(row)
+			if err != nil {
+				return err
+			}
+
+			count++
+			fmt.Fprintf(bufout, "%v\n", string(serialized))
+
+			return nil
+		})
+	}
+	bufout.Flush()
+	output.Close()
+	return nil
+}
+
 func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error) {
 	// Initialize the catalog
 	catalog, err := parser.ReadCatalog(ntds.ese)
@@ -203,16 +233,12 @@ func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error
 		e = msgp.NewWriter(boutfile)
 	}
 	var objects []activedirectory.RawObject
+	fmt.Println(catalog.Dump())
 
 	err = catalog.DumpTable("datatable", func(row *ordereddict.Dict) error {
 		var item activedirectory.RawObject
 		item.Init()
 
-		if _, ok := row.GetBool("isDeleted"); ok {
-			// deleted object
-			return nil
-		}
-
 		// Find distinguished name
 		if rdn, ok := row.GetString("Ancestors_col"); ok {
 			item.DistinguishedName = getDistinguishedName(rdn, namemap)
@@ -366,7 +392,7 @@ func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error
 				}
 
 				if len(resultval) > 0 {
-					if usedname == "whenChanged" {
+					if fieldname == "ATTm1572870" || usedname == "whenChanged" {
 						ui.Debug().Msgf("DN %v has values %v for field %v (%v)", item.DistinguishedName, resultval, fieldname, usedname)
 					}
 
@@ -423,30 +449,6 @@ func (ntds *NTDSDumper) Dump(do DumpOptions) ([]activedirectory.RawObject, error
 	})
 	return objects, err
 
-	output, _ := os.Create(ntds.path + ".txt")
-	bufout := bufio.NewWriter(output)
-	tables := catalog.Tables.Keys()
-	for _, t := range tables {
-		count := 0
-		fmt.Fprintln(bufout, "-----------------------------", t, "----------------------------")
-		err = catalog.DumpTable(t, func(row *ordereddict.Dict) error {
-			serialized, err := json.Marshal(row)
-			if err != nil {
-				return err
-			}
-
-			count++
-			fmt.Fprintf(bufout, "%v\n", string(serialized))
-			// if count >= 10 {
-			// 	return errors.New("No more")
-			// }
-
-			return nil
-		})
-	}
-	bufout.Flush()
-	output.Close()
-
 	/*
 		tables := make(map[int64]Table)