public static string IsDomainJoined()
{
// returns Compuer Domain if the system is inside an AD (an nothing if it is not)
try
{
NetJoinStatus status = NetJoinStatus.NetSetupUnknownStatus;
IntPtr pDomain = IntPtr.Zero;
int result = Netapi32.NetGetJoinInformation(null, out pDomain, out status);
if (pDomain != IntPtr.Zero)
{
Netapi32.NetApiBufferFree(pDomain);
}
if (result == Win32.ErrorSuccess)
{
// If in domain, return domain name, if not, return empty
return(status == NetJoinStatus.NetSetupDomainName ? Environment.UserDomainName : "");
}
}
catch (Exception ex)
{
Beaprint.GrayPrint(string.Format(" [X] Exception: {0}\n Trying to check if domain is joined using WMI", ex.Message));
return(IsDomainJoinedWmi());
}
return("");
}
public static string PermInt2Str(int current_perm, bool only_write_or_equivalent = false, bool is_service = false)
{
Dictionary <string, int> interesting_perms = new Dictionary <string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData },
{ "Modify", (int)FileSystemRights.Modify },
{ "Write", (int)FileSystemRights.Write },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "Delete", (int)FileSystemRights.Delete },
{ "DeleteSubdirectoriesAndFiles", (int)FileSystemRights.DeleteSubdirectoriesAndFiles },
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
if (only_write_or_equivalent)
{
interesting_perms = new Dictionary <string, int>()
{
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl }, //0x1f01ff
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership }, //0x80000
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData }, //0x2
{ "Modify", (int)FileSystemRights.Modify }, //0x301bf
{ "Write", (int)FileSystemRights.Write }, //0x116
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions }, //0x40000
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
};
}
if (is_service)
{
interesting_perms["Start"] = 0x00000010;
interesting_perms["Stop"] = 0x00000020;
}
try
{
foreach (KeyValuePair <string, int> entry in interesting_perms)
{
if ((entry.Value & current_perm) == entry.Value)
{
return(entry.Key);
}
}
}
catch (Exception ex)
{
Beaprint.GrayPrint("Error in PermInt2Str: " + ex);
}
return("");
}
public static List <string> GetMyPermissionsR(RegistryKey key, Dictionary <string, string> SIDs)
{
// Get interesting permissions in rSecurity (Only Registry)
List <string> results = new List <string>();
Dictionary <string, string> container = new Dictionary <string, string>();
try
{
var rSecurity = key.GetAccessControl();
//Go through the rules returned from the DirectorySecurity
foreach (RegistryAccessRule rule in rSecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)))
{
int current_perm = (int)rule.RegistryRights;
string current_perm_str = PermInt2Str(current_perm, true);
if (current_perm_str == "")
{
continue;
}
foreach (KeyValuePair <string, string> mySID in SIDs)
{
// If the rule is interesting, check if any of my SIDs is in the rule
if (rule.IdentityReference.Value.ToLower() == mySID.Key.ToLower())
{
string SID_name = string.IsNullOrEmpty(mySID.Value) ? mySID.Key : mySID.Value;
if (container.ContainsKey(SID_name))
{
if (!container[SID_name].Contains(current_perm_str))
{
container[SID_name] += " " + current_perm_str;
}
}
else
{
container[SID_name] = current_perm_str;
}
string to_add = string.Format("{0} [{1}]", SID_name, current_perm_str);
}
}
}
foreach (KeyValuePair <string, string> SID_input in container)
{
string to_add = string.Format("{0} [{1}]", SID_input.Key, SID_input.Value);
results.Add(to_add);
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
return(results);
}
public static void DisplayMemoryStats()
{
using (Process process = Process.GetCurrentProcess())
{
if (!process.HasExited)
{
process.Refresh();
string memoryStats = $"{process.ProcessName} - Memory Stats\n" +
$"-------------------------------------\n" +
$" Physical memory usage : {MyUtils.ConvertBytesToHumanReadable(process.WorkingSet64)}\n" +
$" Paged system memory size : {MyUtils.ConvertBytesToHumanReadable(process.PagedSystemMemorySize64)}\n" +
$" Paged memory size : {MyUtils.ConvertBytesToHumanReadable(process.PagedMemorySize64)}\n";
Beaprint.PrintDebugLine(memoryStats);
}
}
}
public static void Run(Action action, bool isDebug, string description = null)
{
if (!isDebug)
{
action();
}
else
{
var timer = new Stopwatch();
timer.Start();
action();
timer.Stop();
TimeSpan timeTaken = timer.Elapsed;
string descriptionText = string.IsNullOrEmpty(description) ? string.Empty : $"[{description}] ";
string log = $"{descriptionText}Execution took : {timeTaken.Minutes:00}m:{timeTaken.Seconds:00}s:{timeTaken.Milliseconds:000}";
Beaprint.PrintDebugLine(log);
}
}
private static string IsDomainJoinedWmi()
{
// returns Compuer Domain if the system is inside an AD (an nothing if it is not)
try
{
using (var searcher = new System.Management.ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
return((string)item["Domain"]);
}
}
}
}
catch (Exception ex)
{
Beaprint.PrintException(ex.Message);
}
//By default local
return("");
}
public static string PermInt2Str(int current_perm, PermissionType permissionType = PermissionType.DEFAULT)
{
Dictionary <string, int> interesting_perms = new Dictionary <string, int>();
if (permissionType == PermissionType.DEFAULT)
{
interesting_perms = new Dictionary <string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData },
{ "Modify", (int)FileSystemRights.Modify },
{ "Write", (int)FileSystemRights.Write },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "Delete", (int)FileSystemRights.Delete },
{ "DeleteSubdirectoriesAndFiles", (int)FileSystemRights.DeleteSubdirectoriesAndFiles },
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
}
else if (permissionType == PermissionType.READABLE_OR_WRITABLE)
{
interesting_perms = new Dictionary <string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData },
{ "Modify", (int)FileSystemRights.Modify },
{ "Write", (int)FileSystemRights.Write },
{ "Read", (int)FileSystemRights.Read },
{ "ReadData", (int)FileSystemRights.ReadData },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "Delete", (int)FileSystemRights.Delete },
{ "DeleteSubdirectoriesAndFiles", (int)FileSystemRights.DeleteSubdirectoriesAndFiles },
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
}
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT)
{
interesting_perms = new Dictionary <string, int>()
{
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl }, //0x1f01ff - 2032127
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership }, //0x80000 - 524288
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData }, //0x2
{ "Modify", (int)FileSystemRights.Modify }, //0x301bf - 197055
{ "Write", (int)FileSystemRights.Write }, //0x116 - 278
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions }, //0x40000 - 262144
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData }, //4
};
}
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT_REG)
{
interesting_perms = new Dictionary <string, int>()
{
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)RegistryRights.FullControl }, //983103
{ "TakeOwnership", (int)RegistryRights.TakeOwnership }, //524288
{ "GenericWrite", 0x40000000 },
{ "WriteKey", (int)RegistryRights.WriteKey }, //131078
{ "SetValue", (int)RegistryRights.SetValue }, //2
{ "ChangePermissions", (int)RegistryRights.ChangePermissions }, //262144
{ "CreateSubKey", (int)RegistryRights.CreateSubKey }, //4
};
}
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT_SVC)
{
interesting_perms = new Dictionary <string, int>()
{
{ "AllAccess", 0xf01ff },
//{"QueryConfig" , 1}, //Grants permission to query the service's configuration.
//{"ChangeConfig" , 2}, //Grants permission to change the service's permission.
//{"QueryStatus" , 4}, //Grants permission to query the service's status.
//{"EnumerateDependents" , 8}, //Grants permissionto enumerate the service's dependent services.
//{"PauseContinue" , 64}, //Grants permission to pause/continue the service.
//{"Interrogate" , 128}, //Grants permission to interrogate the service (i.e. ask it to report its status immediately).
//{"UserDefinedControl" , 256}, //Grants permission to run the service's user-defined control.
//{"Delete" , 65536}, //Grants permission to delete the service.
//{"ReadControl" , 131072}, //Grants permission to query the service's security descriptor.
{ "WriteDac", 262144 }, //Grants permission to set the service's discretionary access list.
{ "WriteOwner", 524288 }, //Grants permission to modify the group and owner of a service.
//{"Synchronize" , 1048576},
{ "AccessSystemSecurity", 16777216 }, //The right to get or set the SACL in the object security descriptor.
{ "GenericAll", 268435456 },
{ "GenericWrite", 1073741824 },
{ "GenericExecute", 536870912 },
{ "Start", 16 }, //Grants permission to start the service.
{ "Stop", 32 }, //Grants permission to stop the service.
//{"GenericRead" , 2147483648}
};
}
try
{
foreach (KeyValuePair <string, int> entry in interesting_perms)
{
if ((entry.Value & current_perm) == entry.Value)
{
return(entry.Key);
}
}
}
catch (Exception ex)
{
Beaprint.GrayPrint("Error in PermInt2Str: " + ex);
}
return("");
}
public static string PermInt2Str(int current_perm, PermissionType permissionType = PermissionType.DEFAULT)
{
Dictionary <string, int> interesting_perms = new Dictionary <string, int>();
if (permissionType == PermissionType.DEFAULT)
{
interesting_perms = new Dictionary <string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData },
{ "Modify", (int)FileSystemRights.Modify },
{ "Write", (int)FileSystemRights.Write },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "Delete", (int)FileSystemRights.Delete },
{ "DeleteSubdirectoriesAndFiles", (int)FileSystemRights.DeleteSubdirectoriesAndFiles },
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
}
else if (permissionType == PermissionType.READABLE_OR_WRITABLE)
{
interesting_perms = new Dictionary <string, int>()
{
// This isn't an exhaustive list of possible permissions. Just the interesting ones.
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl },
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership },
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData },
{ "Modify", (int)FileSystemRights.Modify },
{ "Write", (int)FileSystemRights.Write },
{ "Read", (int)FileSystemRights.Read },
{ "ReadData", (int)FileSystemRights.ReadData },
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions },
{ "Delete", (int)FileSystemRights.Delete },
{ "DeleteSubdirectoriesAndFiles", (int)FileSystemRights.DeleteSubdirectoriesAndFiles },
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData },
{ "WriteAttributes", (int)FileSystemRights.WriteAttributes },
{ "WriteExtendedAttributes", (int)FileSystemRights.WriteExtendedAttributes },
};
}
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT)
{
interesting_perms = new Dictionary <string, int>()
{
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)FileSystemRights.FullControl }, //0x1f01ff - 2032127
{ "TakeOwnership", (int)FileSystemRights.TakeOwnership }, //0x80000 - 524288
{ "GenericWrite", 0x40000000 },
{ "WriteData/CreateFiles", (int)FileSystemRights.WriteData }, //0x2
{ "Modify", (int)FileSystemRights.Modify }, //0x301bf - 197055
{ "Write", (int)FileSystemRights.Write }, //0x116 - 278
{ "ChangePermissions", (int)FileSystemRights.ChangePermissions }, //0x40000 - 262144
{ "AppendData/CreateDirectories", (int)FileSystemRights.AppendData }, //4
};
}
else if (permissionType == PermissionType.WRITEABLE_OR_EQUIVALENT_SVC)
{
interesting_perms = new Dictionary <string, int>()
{
{ "AllAccess", 0xf01ff },
{ "GenericAll", 0x10000000 },
{ "FullControl", (int)RegistryRights.FullControl }, //983103
{ "TakeOwnership", (int)RegistryRights.TakeOwnership }, //524288
{ "GenericWrite", 0x40000000 },
{ "WriteKey", (int)RegistryRights.WriteKey }, //131078
{ "SetValue", (int)RegistryRights.SetValue }, //2
{ "ChangePermissions", (int)RegistryRights.ChangePermissions }, //262144
{ "CreateSubKey", (int)RegistryRights.CreateSubKey }, //4
{ "Start", 0x00000010 },
{ "Stop", 0x00000020 },
};
}
try
{
foreach (KeyValuePair <string, int> entry in interesting_perms)
{
if ((entry.Value & current_perm) == entry.Value)
{
return(entry.Key);
}
}
}
catch (Exception ex)
{
Beaprint.GrayPrint("Error in PermInt2Str: " + ex);
}
return("");
}
