private async void SocketOnMessageReceived(DatagramSocket sender, DatagramSocketMessageReceivedEventArgs args)
{
var result = args.GetDataStream();
var resultStream = result.AsStreamForRead(1024);
using (var reader = new StreamReader(resultStream))
{
var text = await reader.ReadToEndAsync();
Deployment.Current.Dispatcher.BeginInvoke(() =>
{
Log.Info("UDP response received");
var parts = text.Split('|');
var fullAddress = parts[1].Split(':');
FoundServers.Add(new Server {
IpAddress = fullAddress[0], PortNo = fullAddress[1]
});
});
}
}
public override void analyzeFile()
{
try
{
using (var sr = new StreamReader(this.stm))
{
string line;
while ((line = sr.ReadLine()) != null)
{
var parametro = string.Empty;
var tipo = string.Empty;
var valor = string.Empty;
try
{
parametro = line.Split(new char[] { ':' })[0];
tipo = line.Split(new char[] { ':' })[1];
int entryPoint = parametro.Length + 1 + tipo.Length + 1;
valor = line.Substring(entryPoint, line.Length - entryPoint);
}
catch
{
return;
}
if (string.IsNullOrEmpty(valor))
{
continue;
}
switch (parametro.ToLower())
{
case "shell working directory":
case "remoteapplicationprogram":
case "remoteapplicationname":
case "remoteapplicationcmdline":
FoundPaths.AddUniqueItem(valor, true);
break;
case "full address":
FoundServers.AddUniqueItem(new ServersItem(valor, "RDP file Analysis"));
break;
case "gatewayhostname":
FoundServers.AddUniqueItem(new ServersItem(valor.Split(new char[] { ':' })[0],
"RDP file Analysis"));
break;
case "alternate shell":
FoundPaths.AddUniqueItem(valor, true);
var softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor);
FoundMetaData.Applications.AddUniqueItem(!string.IsNullOrEmpty(softName)
? new ApplicationsItem(softName)
: new ApplicationsItem(valor));
break;
case "username":
FoundUsers.AddUniqueItem(valor, true);
break;
case "domain":
break;
case "password":
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "RDP Password"));
break;
case "password 51":
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "RDP Password (Type 51)"));
break;;
}
}
}
}
catch (Exception e)
{
System.Diagnostics.Debug.WriteLine(e.ToString());
}
}
public override void analyzeFile()
{
try
{
StreamReader sr = new StreamReader(this.stm);
string line = string.Empty;
while ((line = sr.ReadLine()) != null)
{
string parametro = string.Empty;
string valor = string.Empty;
try
{
parametro = line.Split(new char[] { '=' })[0];
int entryPoint = parametro.Length + 1;
valor = line.Substring(entryPoint, line.Length - entryPoint);
}
catch
{
continue;
}
if (string.IsNullOrEmpty(valor))
{
continue;
}
if (parametro.ToString().ToLower().StartsWith("Address".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
else if (parametro.ToString().ToLower().StartsWith("HttpBrowserAddress".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
else if (parametro.ToString().ToLower().StartsWith("TcpBrowserAddress".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
else if (parametro.ToString().ToLower().StartsWith("Username".ToLower()))
{
FoundUsers.AddUniqueItem(valor, true);
}
else if (parametro.ToString().ToLower().StartsWith("ClearPassword".ToLower()))
{
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "ICA Clear password"));
}
else if (parametro.ToString().ToLower().StartsWith("Password".ToLower()))
{
FoundPasswords.AddUniqueItem(new PasswordsItem(valor, "ICA password"));
}
else if ((parametro.ToString().ToLower().StartsWith("PersistentCachePath".ToLower())) ||
(parametro.ToString().ToLower().StartsWith("WorkDirectory".ToLower())) ||
(parametro.ToString().ToLower().StartsWith("InitialProgram".ToLower()))
)
{
FoundPaths.AddUniqueItem(valor, true);
string user = PathAnalysis.ExtractUserFromPath(valor);
if (user != string.Empty)
{
FoundUsers.AddUniqueItem(user, true);
}
string softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor);
if (!string.IsNullOrEmpty(valor))
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(softName));
}
else
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(valor));
}
}
else if (parametro.ToString().ToLower().StartsWith("IconPath".ToLower()))
{
FoundPaths.AddUniqueItem(valor, true);
string user = PathAnalysis.ExtractUserFromPath(valor);
if (user != string.Empty)
{
FoundUsers.AddUniqueItem(user, true);
}
string softName = Analysis.ApplicationAnalysis.GetApplicationsFromString(valor);
if (!string.IsNullOrEmpty(valor))
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(softName));
}
else
{
FoundMetaData.Applications.AddUniqueItem(new ApplicationsItem(valor));
}
}
else if (parametro.ToString().ToLower().StartsWith("SSLProxyHost".ToLower()))
{
string ipOrHost = valor.Split(new char[] { ':' })[0];
if (ipOrHost != "*")
{
FoundServers.AddUniqueItem(new ServersItem(ipOrHost, "ICA file Analysis"));
}
}
}
}
catch (Exception e)
{
System.Diagnostics.Debug.WriteLine(e.ToString());
}
}