string[] FindUser(List <string> computers, string username) { List <string> results = new List <string>(); Amass findUser = new Amass(); foreach (string computerHostName in computers) { List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName); foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts) { if (String.Equals(loggedInHere.wkui1_username, username, StringComparison.OrdinalIgnoreCase)) { results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}"); } } List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName); foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo) { if (String.Equals(sessInformation.sesi10_username, username, StringComparison.OrdinalIgnoreCase)) { results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}"); } } } return(results.ToArray()); }
public override string[] Execute(ParsedArgs args) { try { if (string.IsNullOrEmpty(args.ComputerName)) { throw new EDDException("ComputerName cannot be empty"); } Amass loggedInInfo = new Amass(); List <Amass.WKSTA_USER_INFO_1> loggedInAccounts = loggedInInfo.GetLoggedOnUsers(args.ComputerName); List <string> results = new List <string>(); foreach (Amass.WKSTA_USER_INFO_1 sessionInformation in loggedInAccounts) { results.Add($"Account Name: {sessionInformation.wkui1_username}"); results.Add($"Domain Used by Account: {sessionInformation.wkui1_logon_domain}"); results.Add($"Operating System Domains: {sessionInformation.wkui1_oth_domains}"); results.Add($"Logon server: {sessionInformation.wkui1_logon_server}"); } return(results.ToArray()); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { Amass forestInfo = new Amass(); Forest currentForest = forestInfo.GetForestObject(); return(new string[] { currentForest.Name }); }
public override string[] Execute(ParsedArgs args) { try { if (string.IsNullOrEmpty(args.ComputerName)) { throw new EDDException("ComputerName cannot be empty"); } Amass sessionInfo = new Amass(); List <Amass.SESSION_INFO_10> incomingSessions = sessionInfo.GetRemoteSessionInfo(args.ComputerName); List <string> results = new List <string>(); foreach (Amass.SESSION_INFO_10 sessionInformation in incomingSessions) { results.Add($"Connection From: {sessionInformation.sesi10_cname}"); results.Add($"Idle Time: {sessionInformation.sesi10_idle_time}"); results.Add($"Total Active Time: {sessionInformation.sesi10_time}"); results.Add($"Username: {sessionInformation.sesi10_username}"); } return(results.ToArray()); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { if (string.IsNullOrEmpty(args.UserName)) { Amass userInfo = new Amass(); List <string> allDomainUsers = userInfo.GetDomainUsersInfo(); return(allDomainUsers.ToArray()); } Amass singleUserInfo = new Amass(); UserObject soleUser = singleUserInfo.GetDomainUserInfo(args.UserName); List <string> domainUser = new List <string> { $"SamAccountName: {soleUser.SamAccountName}", $"Name: {soleUser.Name}", $"Description: {soleUser.Description}", $"Distinguished Name: {soleUser.DistinguishedName}", $"SID: {soleUser.SID}", }; string groups = "Domain Groups: "; foreach (string singleGroupName in soleUser.DomainGroups) { groups += $"{singleGroupName}, "; } groups = groups.TrimEnd(',', ' '); domainUser.Add(groups); return(domainUser.ToArray()); }
public override string[] Execute(ParsedArgs args) { LDAP computerQuery = new LDAP(); List <string> domainSystems = computerQuery.CaptureComputers(); Amass shareMe = new Amass(); List <string> allShares = shareMe.GetShares(domainSystems); return(allShares.ToArray()); }
public override string[] Execute(ParsedArgs args) { if (string.IsNullOrEmpty(args.ComputerName) || string.IsNullOrEmpty(args.GroupName)) { throw new EDDException("ComputerName and GroupName cannot be empty"); } Amass shepherd = new Amass(); List <string> localGroupMembers = shepherd.GetLocalGroupMembers(args.ComputerName, args.GroupName); return(localGroupMembers.ToArray()); }
public override string[] Execute(ParsedArgs args) { if (string.IsNullOrEmpty(args.UserName)) { throw new EDDException("UserName cannot be empty"); } Amass sidConverter = new Amass(); string sid = sidConverter.GetUsernameFromSID(args.UserName); return(new string[] { sid }); }
public override string[] Execute(ParsedArgs args) { if (string.IsNullOrEmpty(args.DomainName)) { throw new EDDException("DomainName cannot be empty"); } Amass domainGroupSid = new Amass(); string incomingSid = domainGroupSid.GetDomainGroupSID(args.DomainName); return(new string[] { incomingSid }); }
public override string[] Execute(ParsedArgs args) { if (string.IsNullOrEmpty(args.GroupName)) { throw new EDDException("GroupName cannot be empty"); } Amass groupMemberEnum = new Amass(); List <string> groupMembers = groupMemberEnum.GetDomainGroupMembers(args.GroupName); return(groupMembers.ToArray()); }
public override string[] Execute(ParsedArgs args) { try { Amass forestInfo = new Amass(); Forest currentForest = forestInfo.GetForestObject(); return(new string[] { currentForest.Name }); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { Amass forestDomains = new Amass(); Forest theCurrentForest = forestDomains.GetForestObject(); DomainCollection forestDomainList = theCurrentForest.Domains; List <string> result = new List <string>(); foreach (Domain internalDomain in forestDomainList) { result.Add(internalDomain.Name); } return(result.ToArray()); }
public override string[] Execute(ParsedArgs args) { try { LDAP computerQuery = new LDAP(); List <string> domainSystems = computerQuery.CaptureComputers(); Amass shareMe = new Amass(); string[] allShares = shareMe.GetShares(domainSystems, args.Threads); return(allShares); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
string[] FindMembersOfGroup(List <string> computers, string groupName) { try { List <string> results = new List <string>(); Amass findUser = new Amass(); List <string> groupList = findUser.GetDomainGroupMembers(groupName); foreach (string computerHostName in computers) { List <Amass.WKSTA_USER_INFO_1> currentLoggedInAccounts = findUser.GetLoggedOnUsers(computerHostName); foreach (string actualUser in groupList) { foreach (Amass.WKSTA_USER_INFO_1 loggedInHere in currentLoggedInAccounts) { if (String.Equals(loggedInHere.wkui1_username, actualUser, StringComparison.OrdinalIgnoreCase)) { results.Add($"{loggedInHere.wkui1_username} is currently logged into {computerHostName}"); } } } List <Amass.SESSION_INFO_10> currentSessionInfo = findUser.GetRemoteSessionInfo(computerHostName); foreach (string actualDAAgain in groupList) { foreach (Amass.SESSION_INFO_10 sessInformation in currentSessionInfo) { if (String.Equals(sessInformation.sesi10_username, actualDAAgain, StringComparison.OrdinalIgnoreCase)) { results.Add($"{sessInformation.sesi10_username} has a session on {computerHostName}"); } } } } return(results.ToArray()); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { try { if (string.IsNullOrEmpty(args.GroupName)) { throw new EDDException("GroupName cannot be empty"); } Amass groupMemberEnum = new Amass(); List <string> groupMembers = groupMemberEnum.GetDomainGroupMembers(args.GroupName); return(groupMembers.ToArray()); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { try { if (string.IsNullOrEmpty(args.ComputerName) || string.IsNullOrEmpty(args.GroupName)) { throw new EDDException("ComputerName and GroupName cannot be empty"); } Amass shepherd = new Amass(); List <string> localGroupMembers = shepherd.GetLocalGroupMembers(args.ComputerName, args.GroupName); return(localGroupMembers.ToArray()); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { try { if (string.IsNullOrEmpty(args.UserName)) { throw new EDDException("UserName cannot be empty"); } Amass sidConverter = new Amass(); string sid = sidConverter.GetUsernameFromSID(args.UserName); return(new string[] { sid }); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { try { if (string.IsNullOrEmpty(args.DomainName)) { throw new EDDException("DomainName cannot be empty"); } Amass domainGroupSid = new Amass(); string incomingSid = domainGroupSid.GetDomainGroupSID(args.DomainName); return(new string[] { incomingSid }); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { List <string> readableShares = new List <string>(); try { LDAP computerQuery = new LDAP(); List <string> domainSystems = computerQuery.CaptureComputers(); Amass shareMe = new Amass(); string[] allShares = shareMe.GetShares(domainSystems, args.Threads); foreach (string shareDir in allShares) { try { string[] subdirectoryEntries = Directory.GetDirectories(shareDir); readableShares.Add(shareDir); } catch (UnauthorizedAccessException) { // do nothing } catch (IOException) { // do nothing either } } return(readableShares.ToArray()); } catch (Exception e) { foreach (string path in readableShares) { Console.WriteLine(path); } Console.WriteLine("[X] ERROR State Occurred - Paths above are current status prior to error!"); return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { try { Amass forestDomains = new Amass(); Forest theCurrentForest = forestDomains.GetForestObject(); DomainCollection forestDomainList = theCurrentForest.Domains; List <string> result = new List <string>(); foreach (Domain internalDomain in forestDomainList) { result.Add(internalDomain.Name); } return(result.ToArray()); } catch (Exception e) { return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { List <string> successfulShareWrites = new List <string>(); try { LDAP computerQuery = new LDAP(); List <string> domainSystems = computerQuery.CaptureComputers(); Amass shareMe = new Amass(); string[] allShares = shareMe.GetShares(domainSystems, args.Threads); foreach (string sharePath in allShares) { // Get current date to have something to write string time = DateTime.Now.ToString(); // try to write directly to the root of the share try { using (StreamWriter outputFile = new StreamWriter(Path.Combine(sharePath, "testwritefile.txt"))) { outputFile.WriteLine(time); successfulShareWrites.Add(sharePath); } File.Delete(Path.Combine(sharePath, "testwritefile.txt")); if (File.Exists(Path.Combine(sharePath, "testwritefile.txt"))) { Console.WriteLine("[-] ALERT: Successfully wrote file but could not delete it at this location: " + Path.Combine(sharePath, "testwritefile.txt")); } } catch (UnauthorizedAccessException) { // do nothing } catch (IOException) { // do nothing } try { // enumerate folders in the share string[] dirNames = Directory.GetDirectories(sharePath, "*", SearchOption.TopDirectoryOnly); // try to write to the 1st level of folders foreach (string subdirPath in dirNames) { try { using (StreamWriter outputFile = new StreamWriter(Path.Combine(subdirPath, "testwritefile.txt"))) { outputFile.WriteLine(time); successfulShareWrites.Add(subdirPath); } File.Delete(Path.Combine(subdirPath, "testwritefile.txt")); if (File.Exists(Path.Combine(subdirPath, "testwritefile.txt"))) { Console.WriteLine("[-] ALERT: Successfully wrote file but could not delete it at this location: " + Path.Combine(subdirPath, "testwritefile.txt")); } } catch (UnauthorizedAccessException) { // do nothing } catch (IOException) { // do nothing } } } catch (IOException) { // ignore } catch (UnauthorizedAccessException) { // ignore } } return(successfulShareWrites.ToArray()); } catch (Exception e) { foreach (string path in successfulShareWrites) { Console.WriteLine(path); } Console.WriteLine("[X] ERROR State Occurred - Paths above are current status prior to error!"); return(new string[] { "[X] Failure to enumerate info - " + e }); } }
public override string[] Execute(ParsedArgs args) { LDAP computerQuery = new LDAP(); List <string> interestingFiles = new List <string>(); List <Regex> regexList = new List <Regex>(); string[] allShares = new string[1]; if (string.IsNullOrEmpty(args.SharePath)) { List <string> domainSystems = computerQuery.CaptureComputers(); Amass shareMe = new Amass(); allShares = shareMe.GetShares(domainSystems, args.Threads); } else { allShares[0] = args.SharePath; } // We need to convert the given wildcard string to regex and account for multiple strings foreach (var term in args.SearchTerms) { if (term.Contains("*")) { string regexText = WildcardToRegex(term); Regex regex = new Regex(regexText, RegexOptions.IgnoreCase); regexList.Add(regex); } else { Regex regex = new Regex(term, RegexOptions.IgnoreCase); regexList.Add(regex); } } // Pipe multiple search strings together into one regex string var regexString = regexList.Count() > 1 ? string.Join("|", regexList) : regexList[0].ToString(); if (allShares != null) { foreach (var share in allShares) { try { Parallel.ForEach(GetFiles(share), file => { if (Regex.IsMatch(file, regexString, RegexOptions.IgnoreCase)) { interestingFiles.Add(file); } }); } catch (UnauthorizedAccessException) { //Do nothing } } } return(interestingFiles.ToArray()); }