string[] FindUser(List <string> computers, string username)
{
List <string> results = new List <string>();
Amass findUser = new Amass();
foreach (string computerHostName in computers)
{
List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName);
foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts)
{
if (String.Equals(loggedInHere.wkui1_username, username, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}");
}
}
List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName);
foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo)
{
if (String.Equals(sessInformation.sesi10_username, username, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}");
}
}
}
return(results.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.ComputerName))
{
throw new EDDException("ComputerName cannot be empty");
}
Amass loggedInInfo = new Amass();
List <Amass.WKSTA_USER_INFO_1> loggedInAccounts = loggedInInfo.GetLoggedOnUsers(args.ComputerName);
List <string> results = new List <string>();
foreach (Amass.WKSTA_USER_INFO_1 sessionInformation in loggedInAccounts)
{
results.Add($"Account Name: {sessionInformation.wkui1_username}");
results.Add($"Domain Used by Account: {sessionInformation.wkui1_logon_domain}");
results.Add($"Operating System Domains: {sessionInformation.wkui1_oth_domains}");
results.Add($"Logon server: {sessionInformation.wkui1_logon_server}");
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
string[] FindMembersOfGroup(List <string> computers, string groupName)
{
try
{
List <string> results = new List <string>();
Amass findUser = new Amass();
List <string> groupList = findUser.GetDomainGroupMembers(groupName);
foreach (string computerHostName in computers)
{
List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName);
foreach (string actualUser in groupList)
{
foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts)
{
if (String.Equals(loggedInHere.wkui1_username, actualUser, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}");
}
}
}
List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName);
foreach (string actualDAAgain in groupList)
{
foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo)
{
if (String.Equals(sessInformation.sesi10_username, actualDAAgain, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}");
}
}
}
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}