/// <summary>
/// 유해 사이트 노출 점검
/// </summary>
/// <param name="item"></param>
public static void Diagnosis_MA_003(CheckItem item)
{
string output = GreyCommand.GetOutputFile("MA-002", "util1");
var reports = GreyXML.GetChormeCacheXmlOutput(output);
string output2 = GreyCommand.GetOutputFile("MA-002", "util2");
var reports2 = GreyXML.GetIeCacheOutput(output2);
reports.Concat(reports2);
List <string> blacklist = new List <string>();
int count = 0;
foreach (var elem in reports)
{
string host;
try
{
host = (new Uri(elem["url"])).Host;
if (blacklist.Contains(host))
{
item.Proofs.Add(host, "블랙리스트 도메인 접근 확인");
count += 1;
}
}
catch (Exception)
{
continue;
}
}
if (count > 0)
{
item.Status = Result.Negative;
}
else
{
item.Status = Result.Fulfilled;
}
// 진단 시작
}
public MainWindow()
{
InitializeComponent();
GreyUtils.Default();
GreyCommand.Default();
InitializeCheckList();
InitTimer = new Timer();
InitTimer.Interval = 3000;
InitTimer.Elapsed += DoItNow;
InitTimer.AutoReset = false;
InitTimer.Start();
//string value = GreyWnReg.GetRegistryValue("SOFTWARE\\Microsoft\\Internet Explorer", "svcUpdateVersion", GreyWnReg.Hive.LocalMachine);
//MessageBox.Show(value);
//value = GreyWnReg.GetRegistryValue("SOFTWARE\\Microsoft\\Internet Explorer", "svcKBNumber", GreyWnReg.Hive.LocalMachine);
//MessageBox.Show(value);
// SOFTWARE\AhnLab\ASPack\9.0\Option\AVMON\
// HKEY_LOCAL_MACHINE\SOFTWARE\AhnLab\ASPack\9.0\ServiceStatus
// 레지스트리의 값이 없는 경우도 평가에 넣어야 함
//value = GreyWnReg.GetRegistryValue("SOFTWARE\\AhnLab\\ASPack\\9.0\\Option\\AVMON", "sysmonuse", GreyWnReg.Hive.LocalMachine);
//MessageBox.Show(value);
// 권한 상승 로직
if (IsAdministrator() == false)
{
//https://stackoverflow.com/questions/133379/elevating-process-privilege-programmatically
// Restart program and run as admin
var exeName = System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName;
ProcessStartInfo startInfo = new ProcessStartInfo(exeName);
startInfo.Verb = "runas";
System.Diagnostics.Process.Start(startInfo);
Application.Current.Shutdown();
return;
}
//var CheckList = ConfigurationManager.AppSettings["Title"];
//GreyUtils.Instance.ExtractExecutable("CheckList.xml");
//string[] arg = GreyCommand.GetCommandLine("util1");
//GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
//string output = GreyCommand.GetOutputFile("util1");
//var reports = GreyXML.GetXmlOutput(output);
//MessageBox.Show(reports[0]["time"]);
/*
* XElement root = XElement.Load("CheckList.xml");
*
* IEnumerable<XElement> util = from el in root.Elements("Item")
* where (string)el.Attribute("code") == "MA-001"
* select el;
* IEnumerable<XElement> util1 = from el in root.Descendants("util")
* where (string)el.Attribute("type") == "util1"
* select el;
* //where (string)el.Attribute("type") == "util1"
* //select el;
*
* foreach(XElement el in util)
* {
* MessageBox.Show((string)el.Attribute("title"));
* MessageBox.Show((string)el.Attribute("code"));
*
* }
* // 명령어 옵션 추출
* foreach (var el in util1)
* {
* MessageBox.Show(string.Join(" ", (from xl in el.Elements("param")
* select (string)xl.Attribute("value"))));
* }
*
* /*
* XElement root = XElement.Load("PurchaseOrders.xml");
* IEnumerable<XElement> purchaseOrders =
* from el in root.Elements("PurchaseOrder")
* where
* (from add in el.Elements("Address")
* where
* (string)add.Attribute("Type") == "Shipping" &&
* (string)add.Element("State") == "NY"
* select add)
* .Any()
* select el;
* foreach (XElement el in purchaseOrders)
* Console.WriteLine((string)el.Attribute("PurchaseOrderNumber"));
*
*/
//GreyUtils.Instance.ExtractExecutable("lastactivityview.exe");
//DiagnosticCheckList.ItemsSource = new List<String>{"fy","sadf" };
}
public static void Default()
{
GreyCommand.Instance = new GreyCommand();
}
/// <summary>
/// 방화벽 예외 프로그램 등록 현황 확인
/// </summary>
/// <param name="item"></param>
public static void Diagnosis_MA_006(CheckItem item)
{
string[] arg = GreyCommand.GetCommandLine("MA-006", "util1");
GreyUtils.Instance.ExtractExecutable(arg[0]);
GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
string output = GreyCommand.GetOutputFile("MA-006", "util1");
var reports = GreyXML.GetXmlOutput(output);
string[] arg2 = GreyCommand.GetCommandLine("MA-006", "util2");
GreyUtils.Instance.ExtractExecutable(arg2[0]);
List <string> Dupless = new List <string>();
int count = 0;
string[] extension = { "BAT", "BIN", "CMD", "COM", "CPL", "EXE", "GADGET", "INF1", "INS", "INX", "ISU", "JOB", "JSE", "LNK", "MSC", "MSI", "MSP", "MST", "PAF", "PIF", "PS1", "REG", "RGS", "SCR", "SCT", "SHB", "SHS", "U3P", "VB", "VBE", "VBS", "VBSCRIPT", "WS", "WSF", "WSH" };
foreach (var elem in reports)
{
string filePath = elem["path"];
if (!Dupless.Contains(filePath))
{
Dupless.Add(filePath);
if (extension.Where(x => filePath.ToLower().EndsWith(x.ToLower())).Count() > 0)
{
if (File.Exists(filePath))
{
if (IsSigned(filePath) == -2146762496)
{
count += 1;
string hash = "";
try
{
using (var sha256 = SHA256.Create())
{
using (var stream = File.OpenRead(filePath))
{
byte[] hashValue = sha256.ComputeHash(stream);
hash = BitConverter.ToString(hashValue).Replace("-", String.Empty);
}
}
}
catch (Exception) { }
try
{
item.Proofs.Add(hash, filePath);
}
catch (Exception) { }
}
}
}
}
}
if (count > 0)
{
item.Status = Result.Negative;
}
else
{
item.Status = Result.Fulfilled;
}
}
/// <summary>
/// 말버타이징 위험 노출 점검
/// </summary>
/// <param name="item"></param>
public static void Diagnosis_MA_002(CheckItem item)
{
// Code 를 통해서 우선 검토
string[] arg = GreyCommand.GetCommandLine("MA-002", "util1");
GreyUtils.Instance.ExtractExecutable(arg[0]);
GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]);
string output = GreyCommand.GetOutputFile("MA-002", "util1");
var reports = GreyXML.GetChormeCacheXmlOutput(output);
string[] arg2 = GreyCommand.GetCommandLine("MA-002", "util2");
GreyUtils.Instance.ExtractExecutable(arg2[0]);
GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg2[0], arg2[1]);
string output2 = GreyCommand.GetOutputFile("MA-002", "util2");
var reports2 = GreyXML.GetIeCacheOutput(output2);
reports.Concat(reports2);
int count = 0;
int progress = 0;
int total = reports.Count;
List <string> DuplessHost = new List <string>();
foreach (var elem in reports)
{
string host;
try {
host = (new Uri(elem["url"])).Host;
progress += 1;
item.Progress = "(" + ((int)((float)progress / (float)total * 100)).ToString() + " %) ";
} catch (Exception) {
continue;
} finally
{
}
if (DuplessHost.Contains(host))
{
continue;
}
else
{
DuplessHost.Add(host);
}
try
{
IPHostEntry ip = Dns.GetHostEntry(host);
try
{
item.Proofs[host] = "유효한 도메인 입니다.";
}
catch (Exception) { }
}
catch (Exception)
{
try
{
item.Proofs[host] = "유효한 도메인이 아닙니다.";
count++;
}
catch (Exception) { }
}
}
item.Progress = "";
if (count > 0)
{
item.Status = Result.Negative;
}
else
{
item.Status = Result.Fulfilled;
}
}
