string[] FindUser(List <string> computers, string username)
{
List <string> results = new List <string>();
Amass findUser = new Amass();
foreach (string computerHostName in computers)
{
List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName);
foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts)
{
if (String.Equals(loggedInHere.wkui1_username, username, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}");
}
}
List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName);
foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo)
{
if (String.Equals(sessInformation.sesi10_username, username, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}");
}
}
}
return(results.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.ComputerName))
{
throw new EDDException("ComputerName cannot be empty");
}
Amass sessionInfo = new Amass();
List <Amass.SESSION_INFO_10> incomingSessions = sessionInfo.GetRemoteSessionInfo(args.ComputerName);
List <string> results = new List <string>();
foreach (Amass.SESSION_INFO_10 sessionInformation in incomingSessions)
{
results.Add($"Connection From: {sessionInformation.sesi10_cname}");
results.Add($"Idle Time: {sessionInformation.sesi10_idle_time}");
results.Add($"Total Active Time: {sessionInformation.sesi10_time}");
results.Add($"Username: {sessionInformation.sesi10_username}");
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
string[] FindMembersOfGroup(List <string> computers, string groupName)
{
try
{
List <string> results = new List <string>();
Amass findUser = new Amass();
List <string> groupList = findUser.GetDomainGroupMembers(groupName);
foreach (string computerHostName in computers)
{
List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName);
foreach (string actualUser in groupList)
{
foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts)
{
if (String.Equals(loggedInHere.wkui1_username, actualUser, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}");
}
}
}
List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName);
foreach (string actualDAAgain in groupList)
{
foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo)
{
if (String.Equals(sessInformation.sesi10_username, actualDAAgain, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}");
}
}
}
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
