chore: small fixes

SpecterOps · Jan 8, 2025 · 22f0c10 · 22f0c10
1 parent 129db7b
commit 22f0c10
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 11 deletions.
diff --git a/src/CommonLib/Ntlm/HttpNtlmAuthenticationService.cs b/src/CommonLib/Ntlm/HttpNtlmAuthenticationService.cs
@@ -17,25 +17,25 @@ public HttpNtlmAuthenticationService(IHttpClientFactory httpClientFactory, ILogg
         _httpClientFactory = httpClientFactory;
     }
 
-    public async Task EnsureRequiresAuth(Uri Url, bool? useBadChannelBindings) {
-        if (Url == null)
+    public async Task EnsureRequiresAuth(Uri url, bool? useBadChannelBindings) {
+        if (url == null)
             throw new ArgumentException("Url property is null");
 
-        if (useBadChannelBindings == null && Url.Scheme == "https")
+        if (useBadChannelBindings == null && url.Scheme == "https")
             throw new ArgumentException("When using HTTPS, useBadChannelBindings must be set");
 
-        var supportedAuthSchemes = await GetSupportedNtlmAuthSchemesAsync(Url);
+        var supportedAuthSchemes = await GetSupportedNtlmAuthSchemesAsync(url);
 
-        _logger.LogDebug($"Supported NTLM auth schemes for {Url}: " + string.Join(",", supportedAuthSchemes));
+        _logger.LogDebug($"Supported NTLM auth schemes for {url}: " + string.Join(",", supportedAuthSchemes));
 
         foreach (var authScheme in supportedAuthSchemes) {
             if (useBadChannelBindings == null) {
-                await AuthWithBadChannelBindings(Url, authScheme);
+                await AuthWithBadChannelBindings(url, authScheme);
             } else {
                 if ((bool)useBadChannelBindings) {
-                    await AuthWithBadChannelBindings(Url, authScheme);
+                    await AuthWithBadChannelBindings(url, authScheme);
                 } else {
-                    await AuthWithChannelBindingAsync(Url, authScheme);
+                    await AuthWithChannelBindingAsync(url, authScheme);
                 }
             }
 

diff --git a/src/CommonLib/Ntlm/NtlmAuthenticationHandler.cs b/src/CommonLib/Ntlm/NtlmAuthenticationHandler.cs
@@ -22,8 +22,7 @@ public NtlmAuthenticationHandler(string targetService, ILogger logger = null)
         _logger = logger ?? Logging.LogProvider.CreateLogger("NtlmAuthenticationHandler");
         _targetService = targetService;
 
-        Options = new LdapAuthOptions()
-        {
+        Options = new LdapAuthOptions {
             Signing = false,
             Bindings = null
         };

diff --git a/src/CommonLib/OutputTypes/NtlmSession.cs b/src/CommonLib/OutputTypes/NtlmSession.cs
@@ -36,7 +36,7 @@ public override string ToString() {
             var targetUser = AccountDomain + "\\" + AccountName;
             var source = (SourceIp != null || SourcePort != null) ? $"{SourceIp}:{SourcePort}" : "";
 
-            return ($"  {TimeCreatedUtc?.ToLocalTime()},{Id},{targetUser},{AccountSid},{SourceHost},,{PackageName}");
+            return ($"{TimeCreatedUtc?.ToLocalTime()},{Id},{targetUser},{AccountSid},{SourceHost},{source},{PackageName}");
         }
 
         public static NtlmSession FromLogonEvent(EventRecord evnt) {

diff --git a/src/CommonLib/Processors/WebClientServiceProcessor.cs b/src/CommonLib/Processors/WebClientServiceProcessor.cs
@@ -39,6 +39,7 @@ public static extern SafeFileHandle CreateFile(
             IntPtr hTemplateFile);
 
         public static bool TestPathExists(string path) {
+            //The CreateFile API is used here because File.Create throws exceptions for pipes. Using these lower level APIs is easier to deal with
             using var handle = CreateFile(
                 path,
                 MAXIMUM_ALLOWED, // Request maximum allowed access