public ActionResult Invoke(FileExtractionViewModel viewModel) { if (ModelState.IsValid) { try { string protocol = "\"http://"; if (Request.IsSecureConnection) { protocol = "\"https://"; } string url = protocol + Request.Headers["Host"] + "/forensics/file-extraction/receiver\""; PSRemoting ps = new PSRemoting(viewModel.ComputerName, config.FALCON_FORENSICS_USERNAME, config.FALCON_FORENSICS_PASSWORD, config.FALCON_FORENSICS_DOMAIN); FileExtraction extraction = new FileExtraction(ps); Dictionary <string, string> mapper = new Dictionary <string, string>(); mapper.Add("{{FilePath}}", "\"" + viewModel.FilePath + "\""); mapper.Add("{{URL}}", url); var model = GetFileMetadata(mapper, extraction); this.UploadFile(mapper, extraction); ViewBag.FileName = viewModel.FilePath.Split('\\').Last(); return(PartialView("~/Areas/Forensics/Views/FileExtraction/_DownloadLink.cshtml", model)); } catch (Exception e) { ModelState.AddModelError(String.Empty, e.Message); } } List <string> errors = ModelState.Where(x => x.Value.Errors.Count > 0).SelectMany(x => x.Value.Errors).Select(x => x.ErrorMessage).ToList(); return(PartialView("_ValidationError", errors)); }
public ActionResult InvokeFromDetection(string computerName, string filePath) { try { string protocol = "\"http://"; if (Request.IsSecureConnection) { protocol = "\"https://"; } string url = protocol + Request.Headers["Host"] + "/forensics/file-extraction/receiver\""; PSRemoting ps = new PSRemoting(computerName, config.FALCON_FORENSICS_USERNAME, config.FALCON_FORENSICS_PASSWORD, config.FALCON_FORENSICS_DOMAIN); FileExtraction extraction = new FileExtraction(ps); ////When submitted from a detection edit view, you need to convert the full device path to the appropriate drive letter first string command = System.IO.File.ReadAllText(Server.MapPath("~/App_Data/Scripts/Get-DevicePath.ps1")); Dictionary <string, string> map = extraction.GetDevicePaths(command); string driveLetter = map[string.Join("\\", filePath.Split('\\').Take(3).ToArray())]; string path = driveLetter + "\\" + string.Join("\\", filePath.Split('\\').Skip(3).ToArray()); Dictionary <string, string> mapper = new Dictionary <string, string>(); mapper.Add("{{FilePath}}", "\"" + path + "\""); mapper.Add("{{URL}}", url); this.UploadFile(mapper, extraction); return(new EmptyResult()); } catch (Exception e) { ModelState.AddModelError(String.Empty, e.Message); List <string> errors = ModelState.Where(x => x.Value.Errors.Count > 0).SelectMany(x => x.Value.Errors).Select(x => x.ErrorMessage).ToList(); return(PartialView("_ValidationError", errors)); } }
private FileMetadata GetFileMetadata(Dictionary <string, string> mapping, FileExtraction extraction) { string command = System.IO.File.ReadAllText(Server.MapPath("~/App_Data/Scripts/Get-FileAttributes.ps1")); command = PSRemoting.CommandMapping(command, mapping); return(extraction.GetFileMetadata(command)); }
private void UploadFile(Dictionary <string, string> mapping, FileExtraction extraction) { string command = System.IO.File.ReadAllText(Server.MapPath("~/App_Data/Scripts/Get-RemoteFile.ps1")); command = PSRemoting.CommandMapping(command, mapping); extraction.UploadFile(command); }
public ActionResult InvokeFromBrowser(string computerName, string filePath) { try { string protocol = "\"http://"; if (Request.IsSecureConnection) { protocol = "\"https://"; } string url = protocol + Request.Headers["Host"] + "/forensics/file-extraction/receiver\""; PSRemoting ps = new PSRemoting(computerName, config.FALCON_FORENSICS_USERNAME, config.FALCON_FORENSICS_PASSWORD, config.FALCON_FORENSICS_DOMAIN); FileExtraction extraction = new FileExtraction(ps); Dictionary <string, string> mapper = new Dictionary <string, string>(); mapper.Add("{{FilePath}}", "\"" + filePath + "\""); mapper.Add("{{URL}}", url); this.UploadFile(mapper, extraction); return(new EmptyResult()); } catch (Exception e) { ModelState.AddModelError(String.Empty, e.Message); List <string> errors = ModelState.Where(x => x.Value.Errors.Count > 0).SelectMany(x => x.Value.Errors).Select(x => x.ErrorMessage).ToList(); return(PartialView("_ValidationError", errors)); } }
private void WriteToFileCsv(StreamWriter writer) { if (this is FileNode file) { var info = file.FileInformation; if (info.region) { for (int i = 0; i < 14; i++) { info = new FileInformation(file.ArcPath, i); writer.WriteLine($"{FileExtraction.GetRegionalPath(FullPath)},{info.ArcOffset},{info.CompressedSize:X},{info.DecompressedSize:X}"); } } else { writer.WriteLine($"{FullPath},{info.ArcOffset},{info.CompressedSize:X},{info.DecompressedSize:X}"); } } if (GetType() == typeof(FolderNode)) { foreach (var s in SubNodes) { s.WriteToFileCsv(writer); } } }
private void ExtractFileInformation() { int index = 1; foreach (var file in toExtract) { string path = file.FullPath.Replace(":", ""); Directory.CreateDirectory(Path.GetDirectoryName(path) + "\\"); bool regional = MainForm.ArcFile.IsRegional(file.ArcPath); if (regional && MainForm.SelectedRegion == 14) { FileExtraction.ExtractAllRegions(path, file.ArcPath, DecompressFiles, UseOffsetName); } else { if (regional) { path = path.Replace(Path.GetExtension(path), FileExtraction.RegionTags[MainForm.SelectedRegion] + Path.GetExtension(path)); } FileExtraction.SaveFile(path, file.ArcPath, MainForm.SelectedRegion, DecompressFiles, UseOffsetName); } UpdateProgress(GetPercentage(index, toExtract.Length), path); index++; } UpdateProgress(100, "Done"); // Make sure the completion message stays on screen long enough to be read. Thread.Sleep(500); UpdateProgress(101, "Done"); }