Skip to content

Commit

Permalink
增加exchange
Browse files Browse the repository at this point in the history
  • Loading branch information
2867a0 committed Jul 19, 2023
1 parent dbbcda6 commit 96706a2
Show file tree
Hide file tree
Showing 42 changed files with 2,511 additions and 2 deletions.
84 changes: 84 additions & 0 deletions plugins/Exchange/Plugin_Exchange_Scan_4001.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
import urllib3
from ldap3 import SUBTREE
from copy import copy

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
from plugins.Exchange import PluginExchangeScanBase
from utils.consts import AllPluginTypes


class PluginExchangEexceptionGroup(PluginExchangeScanBase):
"""Exchange Windows Permissions组存在异常成员"""

display = "Exchange Windows Permissions组存在异常成员"
alias = "ex_excep_gp"
p_type = AllPluginTypes.Scan

def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

def run_script(self, args) -> dict:
result = copy(self.result)
instance_list = []
query = "(&(objectclass=top)(objectclass=group))"
attributes = ["member", "cn"]
# ldap_cli = "CN=Mailbox Import Export,OU=Microsoft Exchange Security Groups," + self.ldap_cli.domain_dn
ldap_cli = "CN=Exchange Windows Permissions,OU=Microsoft Exchange Security Groups," + self.ldap_cli.domain_dn
entry_generator = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli,
search_filter=query,
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)

for entry in entry_generator:
if entry["type"] != "searchResEntry":
continue
attrs = entry["attributes"]['member']

for attr in attrs:
if "CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups" in attr:
continue
else:
result['status'] = 1
instance = {}
instance["账户名"] = entry["attributes"]['cn']
instance["异常成员"] = attr
instance_list.append(instance)
result['data'] = {"instance_list": instance_list}
return result
#
#
# if __name__ == '__main__':
# dc_conf = {
# 'ldap_conf': {"password": "High123456",
# "dn": "DC=exchange16,DC=local",
# "ldapServer": "ldap://192.168.31.185:389",
# "DNS": "192.168.31.185",
# "user": "exchange16\\administrator"},
# 'name': 'exchange16.local',
# 'ip': '192.168.31.185',
# 'hostname': 'exchange2016',
# 'fqdn': 'exchange2016.exchange16.local',
# 'platform': 'Windows Server 2016 Standard'
# }
# meta_data = {
# "min_password_day": "45",
# }
#
# env = {
# 'redis_conf': {
# 'uri': 'redis://:[email protected]:6379/0'
# },
# 'mongo_conf': {
# 'host': '192.168.30.167:27017',
# 'password': 'Aqm3GzSaw2dYABncD',
# 'user': 'user_adm',
# 'db_name': 'db_adm'
# }
# }
#
# plugin = Plugin(dc_conf, meta_data, env)
# # print(plugin.info)
# print(plugin.verify())
48 changes: 48 additions & 0 deletions plugins/Exchange/Plugin_Exchange_Scan_4002.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
import urllib3
from ldap3 import SUBTREE
from copy import copy

from plugins.Exchange import PluginExchangeScanBase
from utils.consts import AllPluginTypes

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


class PluginExchangeAbuseMailboxImportExport(PluginExchangeScanBase):
"""Mailbox Import Export权限滥用"""

display = "Mailbox Import Export权限滥用"
alias = "ex_abuse_mailbox"
p_type = AllPluginTypes.Scan

def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

def run_script(self, args) -> dict:
result = copy(self.result)
instance_list = []
query = "(&(objectClass=person)(objectCategory=person))"
attributes = ["msExchUserBL", "cn"]
entry_generator = self.ldap_cli.con.extend.standard.paged_search(search_base=self.ldap_cli.domain_dn,
search_filter=query,
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)

for entry in entry_generator:
if entry["type"] != "searchResEntry":
continue
if entry["attributes"]['cn'] == "Administrator" or entry["attributes"]['cn'] == "administrator":
continue
if entry["attributes"]['msExchUserBL']:
for ms in entry["attributes"]['msExchUserBL']:
if 'Mailbox Import Export' in ms:
result['status'] = 1
instance = {}
instance["用户名"] = entry["attributes"]['cn']
instance_list.append(instance)
break
result['data'] = {"instance_list": instance_list}
return result
50 changes: 50 additions & 0 deletions plugins/Exchange/Plugin_Exchange_Scan_4003.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
import urllib3
from ldap3 import SUBTREE
from copy import copy

from plugins.Exchange import PluginExchangeScanBase
from utils.consts import AllPluginTypes

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


class PluginExchangInvalidOrganizationManagementGroup(PluginExchangeScanBase):
"""Organization Management组存在异常成员"""

display = "Organization Management组存在异常成员"
alias = "ex_inv_org"
p_type = AllPluginTypes.Scan

def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

def run_script(self, args) -> dict:

result = copy(self.result)
instance_list = []
query = "(&(objectclass=top)(objectclass=group))"
attributes = ["member", "cn"]
ldap_cli = "CN=Organization Management,OU=Microsoft Exchange Security Groups," + self.ldap_cli.domain_dn
entry_generator = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli, # TODO 确认是否一致
search_filter=query,
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)

for entry in entry_generator:
if entry["type"] != "searchResEntry":
continue
attrs = entry["attributes"]['member']
for attr in attrs:
if "CN=Administrator" in attr:
continue
else:
result['status'] = 1
instance = {}
instance["账户名"] = entry["attributes"]['cn']
instance["异常成员"] = attr
instance_list.append(instance)
result['data'] = {"instance_list": instance_list}
return result
65 changes: 65 additions & 0 deletions plugins/Exchange/Plugin_Exchange_Scan_4004.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
import urllib3
from ldap3 import SUBTREE
from copy import copy

from plugins.Exchange import PluginExchangeScanBase
from utils.consts import AllPluginTypes

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

class PluginExchangeExcepTrustedSubsystem(PluginExchangeScanBase):
"""Exchange Trusted Subsystem组存在异常成员"""

display = "Exchange Trusted Subsystem组存在异常成员"
alias = "ex_trust_sub"
p_type = AllPluginTypes.Scan

def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

def run_script(self, args) -> dict:
result = copy(self.result)
instance_list = []
computer_list = []
query = "(&(objectclass=top)(objectclass=group))"
attributes = ["member", "cn"]
ldap_cli = "CN=Exchange Servers,OU=Microsoft Exchange Security Groups," + self.ldap_cli.domain_dn
entry_generator = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli,
search_filter=query,
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)

for entry in entry_generator:
if entry["type"] != "searchResEntry":
continue
computer_list = entry["attributes"]['member']

# print(computer_list)
query = "(&(objectclass=top)(objectclass=group))"
attributes = ["member", "cn"]
ldap_cli = "CN=Exchange Trusted Subsystem,OU=Microsoft Exchange Security Groups," + self.ldap_cli.domain_dn
entry_generator = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli,
search_filter=query,
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)
for entry in entry_generator:
if entry["type"] != "searchResEntry":
continue
attrs = entry["attributes"]['member']
for attr in attrs:
if attr in computer_list:
continue
else:
result['status'] = 1
instance ={}
instance["组名"] = entry["attributes"]['cn']
instance["异常成员"] = attr
instance_list.append(instance)
result['data'] = {"instance_list": instance_list}
return result
73 changes: 73 additions & 0 deletions plugins/Exchange/Plugin_Exchange_Scan_4005.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
from copy import copy

import urllib3
from ldap3 import LEVEL, BASE

from plugins.Exchange import PluginExchangeScanBase
from utils.consts import AllPluginTypes

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

class PluginExchangeNotSetSecureLogin(PluginExchangeScanBase):
"""IMAP4登录认证未设置为SecureLogin"""

display = "IMAP4登录认证未设置为SecureLogin"
alias = "ex_no_securelogin"
p_type = AllPluginTypes.Scan

def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)

def run_script(self, args) -> dict:
result = copy(self.result)
instance_list = []
query = "(objectClass=*)"
attributes = ["cn"]
ldap_cli = "CN=Microsoft Exchange,CN=Services,CN=Configuration," + self.ldap_cli.domain_dn
entry_generator = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli,
search_filter=query,
search_scope=LEVEL,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)

for entry in entry_generator:
ldap_cli = "CN=Administrative Groups,CN=" + entry["attributes"]['cn'] + "," + ldap_cli
entry_generator1 = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli,
search_filter=query,
search_scope=LEVEL,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)
for entry1 in entry_generator1:
ldap_cli1 = "CN=Servers,CN=" + entry1["attributes"]['cn'] + "," + ldap_cli

attributes = ["cn"]
entry_generator2 = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli1,
search_filter=query,
search_scope=LEVEL,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)
for entry2 in entry_generator2:
attributes = ["msexchauthenticationflags", "cn"]
ldap_cli2 = "CN=1,CN=IMAP4,CN=Protocols,CN=" + entry2["attributes"]['cn'] + "," + ldap_cli1
entry_generator3 = self.ldap_cli.con.extend.standard.paged_search(search_base=ldap_cli2,
search_filter=query,
search_scope=BASE,
get_operational_attributes=True,
attributes=attributes,
paged_size=1000,
generator=True)
for entry3 in entry_generator3:
if entry3["attributes"]['msexchauthenticationflags']:
result['status'] = 1
instance ={}
# instance["数据源"] = self.dc_domain
instance["msexchauthenticationflags"] = entry3["attributes"]['msexchauthenticationflags']
instance_list.append(instance)
result['data'] = {"instance_list": instance_list}
return result
Loading

0 comments on commit 96706a2

Please sign in to comment.