string[] FindUser(List <string> computers, string username)
{
List <string> results = new List <string>();
Amass findUser = new Amass();
foreach (string computerHostName in computers)
{
List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName);
foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts)
{
if (String.Equals(loggedInHere.wkui1_username, username, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}");
}
}
List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName);
foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo)
{
if (String.Equals(sessInformation.sesi10_username, username, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}");
}
}
}
return(results.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.ComputerName))
{
throw new EDDException("ComputerName cannot be empty");
}
Amass loggedInInfo = new Amass();
List <Amass.WKSTA_USER_INFO_1> loggedInAccounts = loggedInInfo.GetLoggedOnUsers(args.ComputerName);
List <string> results = new List <string>();
foreach (Amass.WKSTA_USER_INFO_1 sessionInformation in loggedInAccounts)
{
results.Add($"Account Name: {sessionInformation.wkui1_username}");
results.Add($"Domain Used by Account: {sessionInformation.wkui1_logon_domain}");
results.Add($"Operating System Domains: {sessionInformation.wkui1_oth_domains}");
results.Add($"Logon server: {sessionInformation.wkui1_logon_server}");
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
Amass forestInfo = new Amass();
Forest currentForest = forestInfo.GetForestObject();
return(new string[] { currentForest.Name });
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.ComputerName))
{
throw new EDDException("ComputerName cannot be empty");
}
Amass sessionInfo = new Amass();
List <Amass.SESSION_INFO_10> incomingSessions = sessionInfo.GetRemoteSessionInfo(args.ComputerName);
List <string> results = new List <string>();
foreach (Amass.SESSION_INFO_10 sessionInformation in incomingSessions)
{
results.Add($"Connection From: {sessionInformation.sesi10_cname}");
results.Add($"Idle Time: {sessionInformation.sesi10_idle_time}");
results.Add($"Total Active Time: {sessionInformation.sesi10_time}");
results.Add($"Username: {sessionInformation.sesi10_username}");
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
if (string.IsNullOrEmpty(args.UserName))
{
Amass userInfo = new Amass();
List <string> allDomainUsers = userInfo.GetDomainUsersInfo();
return(allDomainUsers.ToArray());
}
Amass singleUserInfo = new Amass();
UserObject soleUser = singleUserInfo.GetDomainUserInfo(args.UserName);
List <string> domainUser = new List <string>
{
$"SamAccountName: {soleUser.SamAccountName}",
$"Name: {soleUser.Name}",
$"Description: {soleUser.Description}",
$"Distinguished Name: {soleUser.DistinguishedName}",
$"SID: {soleUser.SID}",
};
string groups = "Domain Groups: ";
foreach (string singleGroupName in soleUser.DomainGroups)
{
groups += $"{singleGroupName}, ";
}
groups = groups.TrimEnd(',', ' ');
domainUser.Add(groups);
return(domainUser.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
LDAP computerQuery = new LDAP();
List <string> domainSystems = computerQuery.CaptureComputers();
Amass shareMe = new Amass();
List <string> allShares = shareMe.GetShares(domainSystems);
return(allShares.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
if (string.IsNullOrEmpty(args.ComputerName) || string.IsNullOrEmpty(args.GroupName))
{
throw new EDDException("ComputerName and GroupName cannot be empty");
}
Amass shepherd = new Amass();
List <string> localGroupMembers = shepherd.GetLocalGroupMembers(args.ComputerName, args.GroupName);
return(localGroupMembers.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
if (string.IsNullOrEmpty(args.UserName))
{
throw new EDDException("UserName cannot be empty");
}
Amass sidConverter = new Amass();
string sid = sidConverter.GetUsernameFromSID(args.UserName);
return(new string[] { sid });
}
public override string[] Execute(ParsedArgs args)
{
if (string.IsNullOrEmpty(args.DomainName))
{
throw new EDDException("DomainName cannot be empty");
}
Amass domainGroupSid = new Amass();
string incomingSid = domainGroupSid.GetDomainGroupSID(args.DomainName);
return(new string[] { incomingSid });
}
public override string[] Execute(ParsedArgs args)
{
if (string.IsNullOrEmpty(args.GroupName))
{
throw new EDDException("GroupName cannot be empty");
}
Amass groupMemberEnum = new Amass();
List <string> groupMembers = groupMemberEnum.GetDomainGroupMembers(args.GroupName);
return(groupMembers.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
try
{
Amass forestInfo = new Amass();
Forest currentForest = forestInfo.GetForestObject();
return(new string[] { currentForest.Name });
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
Amass forestDomains = new Amass();
Forest theCurrentForest = forestDomains.GetForestObject();
DomainCollection forestDomainList = theCurrentForest.Domains;
List <string> result = new List <string>();
foreach (Domain internalDomain in forestDomainList)
{
result.Add(internalDomain.Name);
}
return(result.ToArray());
}
public override string[] Execute(ParsedArgs args)
{
try
{
LDAP computerQuery = new LDAP();
List <string> domainSystems = computerQuery.CaptureComputers();
Amass shareMe = new Amass();
string[] allShares = shareMe.GetShares(domainSystems, args.Threads);
return(allShares);
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
string[] FindMembersOfGroup(List <string> computers, string groupName)
{
try
{
List <string> results = new List <string>();
Amass findUser = new Amass();
List <string> groupList = findUser.GetDomainGroupMembers(groupName);
foreach (string computerHostName in computers)
{
List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName);
foreach (string actualUser in groupList)
{
foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts)
{
if (String.Equals(loggedInHere.wkui1_username, actualUser, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}");
}
}
}
List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName);
foreach (string actualDAAgain in groupList)
{
foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo)
{
if (String.Equals(sessInformation.sesi10_username, actualDAAgain, StringComparison.OrdinalIgnoreCase))
{
results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}");
}
}
}
}
return(results.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.GroupName))
{
throw new EDDException("GroupName cannot be empty");
}
Amass groupMemberEnum = new Amass();
List <string> groupMembers = groupMemberEnum.GetDomainGroupMembers(args.GroupName);
return(groupMembers.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.ComputerName) || string.IsNullOrEmpty(args.GroupName))
{
throw new EDDException("ComputerName and GroupName cannot be empty");
}
Amass shepherd = new Amass();
List <string> localGroupMembers = shepherd.GetLocalGroupMembers(args.ComputerName, args.GroupName);
return(localGroupMembers.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.UserName))
{
throw new EDDException("UserName cannot be empty");
}
Amass sidConverter = new Amass();
string sid = sidConverter.GetUsernameFromSID(args.UserName);
return(new string[] { sid });
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
try
{
if (string.IsNullOrEmpty(args.DomainName))
{
throw new EDDException("DomainName cannot be empty");
}
Amass domainGroupSid = new Amass();
string incomingSid = domainGroupSid.GetDomainGroupSID(args.DomainName);
return(new string[] { incomingSid });
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
List <string> readableShares = new List <string>();
try
{
LDAP computerQuery = new LDAP();
List <string> domainSystems = computerQuery.CaptureComputers();
Amass shareMe = new Amass();
string[] allShares = shareMe.GetShares(domainSystems, args.Threads);
foreach (string shareDir in allShares)
{
try
{
string[] subdirectoryEntries = Directory.GetDirectories(shareDir);
readableShares.Add(shareDir);
}
catch (UnauthorizedAccessException)
{
// do nothing
}
catch (IOException)
{
// do nothing either
}
}
return(readableShares.ToArray());
}
catch (Exception e)
{
foreach (string path in readableShares)
{
Console.WriteLine(path);
}
Console.WriteLine("[X] ERROR State Occurred - Paths above are current status prior to error!");
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
try
{
Amass forestDomains = new Amass();
Forest theCurrentForest = forestDomains.GetForestObject();
DomainCollection forestDomainList = theCurrentForest.Domains;
List <string> result = new List <string>();
foreach (Domain internalDomain in forestDomainList)
{
result.Add(internalDomain.Name);
}
return(result.ToArray());
}
catch (Exception e)
{
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
List <string> successfulShareWrites = new List <string>();
try
{
LDAP computerQuery = new LDAP();
List <string> domainSystems = computerQuery.CaptureComputers();
Amass shareMe = new Amass();
string[] allShares = shareMe.GetShares(domainSystems, args.Threads);
foreach (string sharePath in allShares)
{
// Get current date to have something to write
string time = DateTime.Now.ToString();
// try to write directly to the root of the share
try
{
using (StreamWriter outputFile = new StreamWriter(Path.Combine(sharePath, "testwritefile.txt")))
{
outputFile.WriteLine(time);
successfulShareWrites.Add(sharePath);
}
File.Delete(Path.Combine(sharePath, "testwritefile.txt"));
if (File.Exists(Path.Combine(sharePath, "testwritefile.txt")))
{
Console.WriteLine("[-] ALERT: Successfully wrote file but could not delete it at this location: " + Path.Combine(sharePath, "testwritefile.txt"));
}
}
catch (UnauthorizedAccessException)
{
// do nothing
}
catch (IOException)
{
// do nothing
}
try
{
// enumerate folders in the share
string[] dirNames = Directory.GetDirectories(sharePath, "*", SearchOption.TopDirectoryOnly);
// try to write to the 1st level of folders
foreach (string subdirPath in dirNames)
{
try
{
using (StreamWriter outputFile =
new StreamWriter(Path.Combine(subdirPath, "testwritefile.txt")))
{
outputFile.WriteLine(time);
successfulShareWrites.Add(subdirPath);
}
File.Delete(Path.Combine(subdirPath, "testwritefile.txt"));
if (File.Exists(Path.Combine(subdirPath, "testwritefile.txt")))
{
Console.WriteLine("[-] ALERT: Successfully wrote file but could not delete it at this location: " + Path.Combine(subdirPath, "testwritefile.txt"));
}
}
catch (UnauthorizedAccessException)
{
// do nothing
}
catch (IOException)
{
// do nothing
}
}
}
catch (IOException)
{
// ignore
}
catch (UnauthorizedAccessException)
{
// ignore
}
}
return(successfulShareWrites.ToArray());
}
catch (Exception e)
{
foreach (string path in successfulShareWrites)
{
Console.WriteLine(path);
}
Console.WriteLine("[X] ERROR State Occurred - Paths above are current status prior to error!");
return(new string[] { "[X] Failure to enumerate info - " + e });
}
}
public override string[] Execute(ParsedArgs args)
{
LDAP computerQuery = new LDAP();
List <string> interestingFiles = new List <string>();
List <Regex> regexList = new List <Regex>();
string[] allShares = new string[1];
if (string.IsNullOrEmpty(args.SharePath))
{
List <string> domainSystems = computerQuery.CaptureComputers();
Amass shareMe = new Amass();
allShares = shareMe.GetShares(domainSystems, args.Threads);
}
else
{
allShares[0] = args.SharePath;
}
// We need to convert the given wildcard string to regex and account for multiple strings
foreach (var term in args.SearchTerms)
{
if (term.Contains("*"))
{
string regexText = WildcardToRegex(term);
Regex regex = new Regex(regexText, RegexOptions.IgnoreCase);
regexList.Add(regex);
}
else
{
Regex regex = new Regex(term, RegexOptions.IgnoreCase);
regexList.Add(regex);
}
}
// Pipe multiple search strings together into one regex string
var regexString = regexList.Count() > 1 ? string.Join("|", regexList) : regexList[0].ToString();
if (allShares != null)
{
foreach (var share in allShares)
{
try
{
Parallel.ForEach(GetFiles(share), file =>
{
if (Regex.IsMatch(file, regexString, RegexOptions.IgnoreCase))
{
interestingFiles.Add(file);
}
});
}
catch (UnauthorizedAccessException)
{
//Do nothing
}
}
}
return(interestingFiles.ToArray());
}
