public static void Main(string[] args)
{
if (args.Length < 1)
{
Console.WriteLine("No Args");
System.Environment.Exit(1);
}
else
{
Console.WriteLine(args[0]);
}
RegistryKey key = Registry.LocalMachine.OpenSubKey(args[0]);
RegistrySecurity security = key.GetAccessControl();
foreach (RegistryAccessRule rule in security.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
if (rule.InheritanceFlags.ToString() == "None")
{
Console.WriteLine(" User: {0}", rule.IdentityReference);
Console.WriteLine(" Type: {0}", rule.AccessControlType);
Console.WriteLine(" Rights: {0}", rule.RegistryRights);
//Console.WriteLine(" Inheritance: {0}", rule.InheritanceFlags);
//Console.WriteLine(" Propagation: {0}", rule.PropagationFlags);
//Console.WriteLine(" Inherited? {0}", rule.IsInherited);
Console.WriteLine();
}
}
}
static void Modify()
{
try
{
//Registry.LocalMachine.CreateSubKey( @"SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryOptions.None,
RegistryKey regKey = Registry.LocalMachine.OpenSubKey(@"SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", false);
RegistrySecurity resSec = regKey.GetAccessControl();
AuthorizationRuleCollection authRules = resSec.GetAccessRules(true, true, typeof(NTAccount));
foreach (RegistryAccessRule rule in authRules)
{
if (rule.IdentityReference.Value == "TW\\0007989")
{
if (rule.RegistryRights != RegistryRights.FullControl)
{
// Set full
RegistryAccessRule newRule = new RegistryAccessRule(rule.IdentityReference, RegistryRights.FullControl, AccessControlType.Allow);
bool isModified = false;
if (resSec.ModifyAccessRule(AccessControlModification.Add, newRule, out isModified) == false)
{
Console.WriteLine("Modify access rule failed");
}
}
}
}
regKey.Close();
}
catch (Exception exp)
{
string s = exp.ToString();
}
}
/// <summary>
/// Class constructor. if extra = false, builds the base config. if extra = true, builds the extra certificate config.
/// </summary>
public RegistryConfig(bool extra = false)
{
try
{
if (Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("WinCertes") == null)
{
Registry.LocalMachine.OpenSubKey("SOFTWARE", true).CreateSubKey("WinCertes", true);
}
if (extra)
{
if (Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("WinCertes").OpenSubKey("extra") == null)
{
_logger.Debug("Creating SubKey 'extra'");
Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("WinCertes", true).CreateSubKey("extra", true);
}
_registryKey += @"\extra";
_subKey += @"\extra";
}
RegistryKey regKey = Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("WinCertes");
RegistrySecurity regSec = regKey.GetAccessControl(AccessControlSections.All);
foreach (RegistryAccessRule rule in regSec.GetAccessRules(true, true, typeof(NTAccount)))
{
if (rule.IdentityReference.Value == @"BUILTIN\Users")
{
_logger.Debug("Users have rights on Registry entry: Need to fix rights");
fixRights();
break;
}
}
}
catch (Exception e)
{
_logger.Warn(e, $"Warning: Could not open/create registry subkey: {e.Message}. We'll try to continue anyway.");
}
}
protected override void DoExecute(IScriptExecutionEnvironment environment)
{
using (RegistryKey key = rootKey.OpenSubKey(registryKeyPath, true))
{
if (key == null)
{
throw new RunnerFailedException(
String.Format(
System.Globalization.CultureInfo.InvariantCulture,
"Registry key '{0}' does not exist.",
registryKeyPath));
}
RegistrySecurity security = key.GetAccessControl(AccessControlSections.Access);
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(NTAccount));
RegistryAccessRule accessRule = new RegistryAccessRule(
identity,
registryRights,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
accessControlType);
security.SetAccessRule(accessRule);
key.SetAccessControl(security);
}
}
public void CanDiaplayDaclForRegistryKey()
{
RegistrySecurity security = Registry.CurrentUser.GetAccessControl();
AuthorizationRuleCollection rules = security.GetAccessRules(true, true, typeof(NTAccount));
PrintRegistryAccessRights(rules);
}
/// <summary>
/// Class constructor. <code>certificateStore</code> specifies the name of the certificate being managed.
/// </summary>
/// <remarks>
/// If <code>certificateStore</code> is provided a sub key is created to store all information about this specific
/// certificate. <code>extra=true</code> provides legacy support for the "extra" certificate store sub key.
/// Registry security is enforced from the parent HKLM\Software minus Users.
/// No support is provided for any credentials like "MyDomain\Certificate Users" as it hits the *users* filter.
/// </remarks>
/// <param name="certificateStore">Name of subkey to store certificate information if more than one certificate
/// is managed by WinCertes on this computer</param>
private void Initialise(string certificateStore = null)
{
try
{
//
// HKLM WinCertes key is for Administrative access only.
// Manage access rights by using parent permissions from HKLM\Software and remove user permissions.
//
RegistryKey keySoftware = Registry.LocalMachine.OpenSubKey("SOFTWARE", true);
RegistrySecurity security = keySoftware.GetAccessControl(AccessControlSections.Access);
RegistryKey keyWinCertes = keySoftware.OpenSubKey(_keyBaseName, true);
if (keyWinCertes == null)
{
_logger.Info("Creating new Registry Key {0}", _keyBaseName);
keyWinCertes = keySoftware.CreateSubKey(_keyBaseName, RegistryKeyPermissionCheck.ReadWriteSubTree);
}
// Remove inheritance - also deletes all inherited rules
RegistrySecurity securityWinCertes = keyWinCertes.GetAccessControl(AccessControlSections.All);
securityWinCertes.SetAccessRuleProtection(true, false);
// Copy rules from parent, except user access
foreach (RegistryAccessRule rule in security.GetAccessRules(true, true, typeof(NTAccount)))
{
try
{
// Copy all relevant rules except user
if (rule.IdentityReference.Value.IndexOf("Users", StringComparison.InvariantCultureIgnoreCase) < 0)
{
securityWinCertes.AddAccessRule(rule);
}
}
catch { }
}
keyWinCertes.SetAccessControl(securityWinCertes);
#if DEBUG
//ShowSecurity(securityWinCertes);
#endif
//
// Now manage the certificate store
//
CertificateStore = certificateStore;
if (certificateStore != null)
{
if (keyWinCertes.OpenSubKey(certificateStore, true) == null)
{
_logger.Debug("Creating SubKey '{0}'", certificateStore);
keyWinCertes.CreateSubKey(certificateStore, true);
keyWinCertes.SetAccessControl(securityWinCertes);
}
FullRegistryKey += @"\" + certificateStore;
HKLMRegistryKey += @"\" + certificateStore;
HKLMCertificateParent += @"\" + _keyBaseName;
}
Initialised = true;
}
catch (Exception e)
{
_logger.Warn(e, $"Warning: Could not open/create registry subkey: {e.Message}. We'll try to continue anyway.");
}
}
private void LoadSecurity(RegistryKey regKey)
{
RegistrySecurity security = regKey.GetAccessControl();
this.Owner = security.GetOwner(typeof(NTAccount)).Value;
this.Access = RegistryControl.AccessRulesToString(security.GetAccessRules(true, false, typeof(NTAccount)));
this.Inherited = !security.AreAccessRulesProtected;
}
protected override void ProcessRecord()
{
using (RegistryKey regKey = RegistryControl.GetRegistryKey(RegistryPath, false, true))
{
bool isChange = false;
RegistrySecurity security = security = regKey.GetAccessControl();
if (All)
{
// テスト自動生成
_generator.RegistryAccess(RegistryPath, "", false);
foreach (RegistryAccessRule rule in security.GetAccessRules(true, false, typeof(NTAccount)))
{
security.RemoveAccessRule(rule);
isChange = true;
}
}
else
{
foreach (RegistryAccessRule rule in security.GetAccessRules(true, false, typeof(NTAccount)))
{
string account = rule.IdentityReference.Value;
// テスト自動生成
_generator.RegistryAccount(RegistryPath, account);
if (Account.Contains("\\") && account.Equals(Account, StringComparison.OrdinalIgnoreCase) ||
!Account.Contains("\\") && account.EndsWith("\\" + Account, StringComparison.OrdinalIgnoreCase))
{
security.RemoveAccessRule(rule);
isChange = true;
}
}
}
if (isChange)
{
regKey.SetAccessControl(security);
}
WriteObject(new RegistrySummary(regKey, true));
}
}
private static void ShowSecurity(RegistrySecurity security)
{
foreach (RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)))
{
m_logger.DebugFormat(" User: {0}", ar.IdentityReference);
m_logger.DebugFormat(" Type: {0}", ar.AccessControlType);
m_logger.DebugFormat(" Rights: {0}", ar.RegistryRights);
m_logger.DebugFormat(" Inheritance: {0}", ar.InheritanceFlags);
m_logger.DebugFormat(" Propagation: {0}", ar.PropagationFlags);
m_logger.DebugFormat(" Inherited? {0}", ar.IsInherited);
}
}
/// <summary>
/// Class constructor. if extra = false, builds the base config. if extra = true, builds the extra certificate config.
/// </summary>
public RegistryConfig(int extra = -1)
{
try
{
// First we check if WinCertes key is there
RegistryKey winCertesKey = Registry.LocalMachine.OpenSubKey("SOFTWARE", true).OpenSubKey("WinCertes", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl);
if (winCertesKey == null)
{
// and if not, we create it
Registry.LocalMachine.OpenSubKey("SOFTWARE", true).CreateSubKey("WinCertes", RegistryKeyPermissionCheck.ReadWriteSubTree);
winCertesKey = Registry.LocalMachine.OpenSubKey("SOFTWARE", true).OpenSubKey("WinCertes", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl);
}
// Let's fix the permissions
RegistrySecurity winCertesKeySec = winCertesKey.GetAccessControl(AccessControlSections.All);
// First we remove the inheritence
winCertesKeySec.SetAccessRuleProtection(true, false);
RegistrySecurity security = Registry.LocalMachine.OpenSubKey("SOFTWARE", false).GetAccessControl(AccessControlSections.Access);
// Copy rules from parent ("HKLM\Software"), except user access
foreach (RegistryAccessRule rule in security.GetAccessRules(true, true, typeof(NTAccount)))
{
try
{
// Copy all relevant rules except user
if (rule.IdentityReference.Value.IndexOf("Users", StringComparison.InvariantCultureIgnoreCase) < 0)
{
winCertesKeySec.AddAccessRule(rule);
}
}
catch { }
}
winCertesKey.SetAccessControl(winCertesKeySec);
if (extra > -1)
{
string extraIndex = "";
if (extra > 1)
{
extraIndex = extra.ToString();
}
if (Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("WinCertes").OpenSubKey("extra" + extraIndex) == null)
{
_logger.Debug("Creating SubKey 'extra" + extraIndex + "'");
Registry.LocalMachine.OpenSubKey("SOFTWARE").OpenSubKey("WinCertes", true).CreateSubKey("extra" + extraIndex, RegistryKeyPermissionCheck.ReadWriteSubTree);
}
_registryKey += @"\extra" + extraIndex;
_subKey += @"\extra" + extraIndex;
}
}
catch (Exception e)
{
_logger.Warn(e, $"Warning: Could not open/create registry subkey: {e.Message}. We'll try to continue anyway.");
}
}
// checkRegistryPermissions()
// Args: None
// Function: check if the registry keys associated with services are modifiable by the current user.
// Return: None (will print out alert if anything is found).
static void checkRegistryPermissions()
{
string myUser = Environment.UserName;
NTAccount account = new NTAccount(myUser);
List <RegistryKey> services = getServices();
List <string> groups = getGroupIdentities();
foreach (RegistryKey service in services)
{
Dictionary <string, object> config = getServiceConfig(service);
RegistrySecurity regSecurity = service.GetAccessControl();
AuthorizationRuleCollection rules = regSecurity.GetAccessRules(true, true, (account).GetType());
List <string> exploitablePerms = new List <string> {
};
foreach (RegistryAccessRule rule in rules)
{
// Some identities have the BUILTIN\ prefix; this get's rid out it if it is there,
// but also handles the situations in which it's not.
string identity = "";
try
{
identity = rule.IdentityReference.ToString().Split('\\')[1];
}
catch (Exception)
{
identity = rule.IdentityReference.ToString();
}
string right = rule.RegistryRights.ToString();
// Checks if the identity is a group; if so, check if our user is within that group.
if (groups.Contains(identity))
{
List <string> members = getGroupMembers(identity);
if (members.Contains(myUser))
{
exploitablePerms.AddRange(checkPermissions(right));
}
}
else if (identity.Equals(myUser))
{
exploitablePerms.AddRange(checkPermissions(right));
}
}
if (exploitablePerms.Count > 0)
{
string permString = string.Join(",", exploitablePerms);
printServiceModifiableAlert(service.Name, config, permString, myUser);
}
}
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach (RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine();
}
}
/// <summary>
/// Remove Permissions on a Registry key
/// </summary>
/// <param name="userName">the user name to remove permissions for</param>
/// <param name="root">the root hive</param>
/// <param name="subKey">the key</param>
public static void RemoveRegistryKeyPermission(string userName, Microsoft.Win32.RegistryKey root, string subKey)
{
RegistryKey registryKey = root.OpenSubKey(subKey);
RegistrySecurity registrySecurity = registryKey.GetAccessControl();
AuthorizationRuleCollection accessRules = registrySecurity.GetAccessRules(true, true, typeof(NTAccount));
foreach (RegistryAccessRule accessRule in accessRules)
{
if (userName.ToLowerInvariant().Equals(accessRule.IdentityReference.Value.ToLowerInvariant()))
{
registrySecurity.RemoveAccessRule(accessRule);
}
}
}
/// <summary>
/// Utility to display security rules
/// </summary>
/// <param name="security">RegistrySecurity object from the RegistryKey</param>
private static void ShowSecurity(RegistrySecurity security)
{
_logger.Info("Current access rules:");
foreach (RegistryAccessRule rule in security.GetAccessRules(true, true, typeof(NTAccount)))
{
_logger.Info(" User: {0}", rule.IdentityReference);
_logger.Info(" Type: {0}", rule.AccessControlType);
_logger.Info(" Rights: {0}", rule.RegistryRights);
_logger.Info(" Inheritance: {0}", rule.InheritanceFlags);
_logger.Info(" Propagation: {0}", rule.PropagationFlags);
_logger.Info(" Inherited? {0}", rule.IsInherited);
_logger.Info("");
}
}
protected override void ProcessRecord()
{
bool isChange = false;
using (RegistryKey regKey = RegistryControl.GetRegistryKey(Path, false, true))
{
RegistrySecurity security = regKey.GetAccessControl();
AuthorizationRuleCollection rules = security.GetAccessRules(true, false, typeof(NTAccount));
if (All)
{
// テスト自動生成
TestGenerator.RegistryAccess(Path, "", false);
foreach (RegistryAccessRule rule in rules)
{
security.RemoveAccessRule(rule);
isChange = true;
}
}
else
{
foreach (RegistryAccessRule rule in rules)
{
if (Account.Contains("\\") &&
rule.IdentityReference.Value.Equals(Account, StringComparison.OrdinalIgnoreCase))
{
// テスト自動生成
TestGenerator.RegistryAccess(Path, RegistryControl.AccessRuleToString(rule), true);
security.RemoveAccessRule(rule);
isChange = true;
}
else if (!Account.Contains("\\") &&
rule.IdentityReference.Value.EndsWith("\\" + Account, StringComparison.OrdinalIgnoreCase))
{
// テスト自動生成
TestGenerator.RegistryAccess(Path, RegistryControl.AccessRuleToString(rule), true);
security.RemoveAccessRule(rule);
isChange = true;
}
}
}
if (isChange)
{
regKey.SetAccessControl(security);
}
}
WriteObject(new RegistryKeyInfo(Path, true));
}
/// <summary>
/// apply registry security settings to user profiles
/// </summary>
/// <param name="where"></param>
/// <param name="keyname"></param>
/// <param name="username"></param>
/// <returns></returns>
public static Boolean RegSec(pInvokes.structenums.RegistryLocation where, string keyname, string username)
{
try
{
IdentityReference UserIRef = new NTAccount(String.Format("{0}\\{1}", Environment.MachineName, username));
SecurityIdentifier UserSid = (SecurityIdentifier)UserIRef.Translate(typeof(SecurityIdentifier));
using (RegistryKey key = pInvokes.GetRegistryLocation(where).OpenSubKey(keyname, true))
{
RegistrySecurity keySecurity = key.GetAccessControl(AccessControlSections.Access);
string SDDL = keySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
//LibraryLogging.Info(SDDL);
foreach (RegistryAccessRule user in keySecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
{
//LibraryLogging.Info("registry ACE user: {0} {1} {2}", key.Name, user.InheritanceFlags.ToString(), user.IdentityReference.Value);
if (user.IdentityReference.Value.StartsWith("S-1-5-21-") && !user.IdentityReference.Value.Equals(UserIRef.Value))
{
//LibraryLogging.Info("mod registry ACE:{0} from unknown user:{1} to {2} {3} {4}", key.Name, user.IdentityReference.Value, username, user.RegistryRights.ToString(), user.AccessControlType.ToString());
SDDL = SDDL.Replace(user.IdentityReference.Value, UserSid.Value);
//LibraryLogging.Info(SDDL);
keySecurity.SetSecurityDescriptorSddlForm(SDDL);
key.SetAccessControl(keySecurity);
break;
}
}
foreach (string subkey in key.GetSubKeyNames())
{
if (!RegSec(where, keyname + "\\" + subkey, username))
{
return(false);
}
}
}
}
catch (SystemException ex)
{
LibraryLogging.Warn("RegSec:{0} Warning {1}", keyname, ex.Message);
}
catch (Exception ex)
{
LibraryLogging.Error("RegSec:{0} Error:{1}", keyname, ex.Message);
return(false);
}
return(true);
}
public static void PrintRegistrySecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach (RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)))
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
/// <summary>
/// Verify that a specific user has access rights to a specific Registry Key
/// </summary>
/// <param name="userName">Name of the user to check for</param>
/// <param name="root">Root key for the registry key</param>
/// <param name="subKey">Registry key to check for</param>
/// <param name="rights">Expected access rights</param>
public static void VerifyRegistryKeyPermission(string userName, Microsoft.Win32.RegistryKey root, string subKey, RegistryRights rights)
{
RegistryKey registryKey = root.OpenSubKey(subKey);
RegistrySecurity registrySecurity = registryKey.GetAccessControl();
AuthorizationRuleCollection accessRules = registrySecurity.GetAccessRules(true, true, typeof(NTAccount));
foreach (RegistryAccessRule accessRule in accessRules)
{
if (userName.ToLowerInvariant().Equals(accessRule.IdentityReference.Value.ToLowerInvariant()))
{
if ((accessRule.RegistryRights & rights) == rights)
{
return;
}
}
}
Assert.True(false, string.Format("User '{0}' do not have the correct permessions to RegistryKey '{1}/{2}'.", userName, root.ToString(), subKey));
}
public static bool DoesUserHaveAccess(RegistryKey registryKey, string userNameOrSID, RegistryRights accessType)
{
RegistrySecurity registrySecurity = registryKey.GetAccessControl();
foreach (RegistryAccessRule registryAccessRule in registrySecurity.GetAccessRules(true, true, typeof(NTAccount)))
{
IdentityReference sidIdentityReference = registryAccessRule.IdentityReference.Translate(typeof(SecurityIdentifier));
if (
(userNameOrSID.Equals(registryAccessRule.IdentityReference.Value, StringComparison.InvariantCultureIgnoreCase) == true ||
userNameOrSID.Equals(sidIdentityReference.Value, StringComparison.InvariantCultureIgnoreCase) == true) &&
(registryAccessRule.RegistryRights & accessType) == accessType)
{
return(true);
}
}
return(false);
}
/// <summary>
/// apply registry security settings to user profiles
/// </summary>
public static bool RegSec(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation where, string keyname, SecurityIdentifier userSid)
{
try
{
using (RegistryKey key = Abstractions.WindowsApi.pInvokes.GetRegistryLocation(where).OpenSubKey(keyname, true))
{
RegistrySecurity keySecurity = key.GetAccessControl(AccessControlSections.Access);
string sddl = keySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
foreach (RegistryAccessRule user in keySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)))
{
if (user.IdentityReference.Value.StartsWith("S-1-5-21-") && !user.IdentityReference.Value.Equals(userSid.Value))
{
sddl = sddl.Replace(user.IdentityReference.Value, userSid.Value);
keySecurity.SetSecurityDescriptorSddlForm(sddl);
key.SetAccessControl(keySecurity);
break;
}
}
foreach (string subkey in key.GetSubKeyNames())
{
if (!RegSec(where, keyname + "\\" + subkey, userSid))
{
return(false);
}
}
}
}
catch (SystemException ex)
{
Log.WarnFormat("RegSec:{0} Warning {1}", keyname, ex.Message);
}
catch (Exception ex)
{
Log.ErrorFormat("RegSec:{0} Error:{1}", keyname, ex.Message);
return(false);
}
return(true);
}
public const string FirewallServiceName = @"NT SERVICE\MpsSvc"; // Windows Defender Firewall
public bool GetAccessRestriction(string keyPath)
{
try
{
RegistryKey subKey = Registry.LocalMachine.OpenSubKey(keyPath, false);
RegistrySecurity keySec = subKey.GetAccessControl(AccessControlSections.Access);
foreach (var rule in keySec.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)).Cast <AuthorizationRule>())
{
if (rule.IdentityReference.Value.Equals(FirewallServiceName, StringComparison.OrdinalIgnoreCase))
{
return(true);
}
}
}
catch (Exception err)
{
AppLog.Exception(err);
}
return(false);
}
/// <summary>
/// Grants full control on the given registry key under RegistryKey for everyone
/// </summary>
/// <param name="subKey">subkey name</param>
public static void GrantFullControlRegKey(RegistryKey baseKey, string subKey)
{
RegistryKey rKey = baseKey.OpenSubKey(subKey, true);
if (rKey == null)
{
return;
}
Console.WriteLine("Granting full control to: {0}\\{1}", baseKey, subKey);
try
{
// Create a SecurityIdentifier object for "everyone".
SecurityIdentifier everyoneSid =
new SecurityIdentifier(WellKnownSidType.WorldSid, null);
RegistrySecurity security = rKey.GetAccessControl();
RegistryAccessRule newRule =
new RegistryAccessRule(
everyoneSid,
RegistryRights.FullControl, // modify is enough for reading/writing/deleting
InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, // all subfolders and files
PropagationFlags.None,
AccessControlType.Allow);
// Check if such a rule already exists, if so skip the modifications
if (ContainsRule(security.GetAccessRules(true, true, typeof(SecurityIdentifier)), newRule))
{
Console.WriteLine("Permissions already set.");
return;
}
security.AddAccessRule(newRule);
rKey.SetAccessControl(security);
rKey.Close();
}
catch (Exception ex)
{
Console.WriteLine("Error while setting full write access to everyone for file: {0} : {1}", subKey, ex);
}
}
static void Query(string Computer, string KeyName, string ValueName, string SearchTeam)
{
try
{
RegistryKey hive;
if (Computer.ToUpper() != "LOCAL")
{
hive = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, Computer, RegistryView.Default);
}
else
{
hive = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Default);
}
var key = hive.OpenSubKey(KeyName);
if (ValueName.ToUpper() == "COUNT")
{
try
{
Console.WriteLine("\nThere are {0} subkeys under {1}.", key.SubKeyCount.ToString(), key.Name);
hive.Close();
return;
}
catch { } // Used to ignore exceptions
}
else if (ValueName.ToUpper() == "PERMS")
{
try
{
RegistrySecurity registrySecurity = key.GetAccessControl();
Console.WriteLine("\n{0}\n", key.Name);
Console.WriteLine("[*] None:\n{0}\n", registrySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.None));
Console.WriteLine("[*] Audit:\n{0}\n", registrySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.Audit));
Console.WriteLine("[*] Access:\n{0}\n", registrySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.Access));
Console.WriteLine("[*] Group:\n{0}\n", registrySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.Group));
var rules = registrySecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount));
foreach (var rule in rules.Cast <AuthorizationRule>())
{
Console.WriteLine("{0}", rule.IdentityReference.Value);
}
hive.Close();
return;
}
catch { } // Used to ignore exceptions
}
else if (ValueName.ToUpper() == "ALL")
{
Console.WriteLine();
foreach (string oVal in key.GetValueNames())
{
Console.WriteLine(" {0} REG_{1} {2}", oVal, key.GetValueKind(oVal).ToString().ToUpper(), key.GetValue(oVal).ToString());
}
Console.WriteLine();
foreach (string oSubKey in key.GetSubKeyNames())
{
Console.WriteLine("{0}\\{1}", KeyName, oSubKey);
}
hive.Close();
return;
}
else if (ValueName.ToUpper() == "RECURSE")
{
Console.WriteLine();
foreach (string oVal in key.GetValueNames())
{
Console.WriteLine(" {0} REG_{1} {2}", oVal, key.GetValueKind(oVal).ToString().ToUpper(), key.GetValue(oVal).ToString());
}
Console.WriteLine();
foreach (string oSubKey in key.GetSubKeyNames())
{
Console.WriteLine("{0}\\{1}", KeyName, oSubKey);
Console.WriteLine();
var skey = hive.OpenSubKey(KeyName + "\\" + oSubKey);
foreach (string osVal in skey.GetValueNames())
{
Console.WriteLine(" {0} REG_{1} {2}", osVal, skey.GetValueKind(osVal).ToString().ToUpper(), skey.GetValue(osVal).ToString());
}
Console.WriteLine();
}
hive.Close();
return;
}
else if (ValueName.ToUpper() == "GREP")
{
Console.WriteLine();
foreach (string oVal in key.GetValueNames())
{
if (oVal.Contains(SearchTeam))
{
try
{
Console.WriteLine(" {0} REG_{1} {2}", oVal, key.GetValueKind(oVal).ToString().ToUpper(), key.GetValue(oVal).ToString());
}
catch { } // Used to ignore exceptions
}
}
Console.WriteLine();
foreach (string oSubKey in key.GetSubKeyNames())
{
if (oSubKey.Contains(SearchTeam))
{
Console.WriteLine("{0}\\{1}", KeyName, oSubKey);
}
try
{
var skey = hive.OpenSubKey(KeyName + "\\" + oSubKey);
foreach (string osVal in skey.GetValueNames())
{
try
{
if (osVal.Contains(SearchTeam) || skey.GetValue(osVal).ToString().Contains(SearchTeam))
{
Console.WriteLine("\n{0}\\{1}", KeyName, oSubKey);
Console.WriteLine("\n {0} REG_{1} {2}", osVal, skey.GetValueKind(osVal).ToString().ToUpper(), skey.GetValue(osVal).ToString());
}
}
catch { } // Used to ignore exceptions
}
}
catch { } // Used to ignore exceptions
}
Console.WriteLine();
hive.Close();
return;
}
else
{
if (key.GetValueKind(ValueName).ToString().ToUpper() == "BINARY")
{
byte[] BinData = (byte[])key.GetValue(ValueName);
string BinString = BitConverter.ToString(BinData).Replace("-", "");;
Console.WriteLine("\n {0} REG_{1} {2}", ValueName, key.GetValueKind(ValueName).ToString().ToUpper(), BinString.ToString());
}
else if (key.GetValueKind(ValueName).ToString().ToUpper() == "MULTISTRING")
{
Console.WriteLine();
string[] tArray = (string[])key.GetValue(ValueName);
for (int i = 0; i < tArray.Length; i++)
{
Console.WriteLine(" {0} REG_{1} {2}", ValueName, key.GetValueKind(ValueName).ToString().ToUpper(), tArray[i]);
}
}
else
{
Console.WriteLine("\n {0} REG_{1} {2}", ValueName, key.GetValueKind(ValueName).ToString().ToUpper(), key.GetValue(ValueName).ToString());
}
hive.Close();
return;
}
}
catch (Exception e)
{
Console.WriteLine("\n [!] {0}: {1}", e.GetType().Name, e.Message);
return;
}
}
/// <summary>
/// Check and if required, fix permissions on HKEY_CLASSES_ROOT
/// </summary>
/// <param name="FixPermissions">True to fix missing permissions, false just to check and report permission state</param>
protected static void CheckHKCRPermissions(bool FixPermissions)
{
try
{
LogMessage("CheckHKCRPermissions", "Starting HKCR permission check, FixPermissions: " + FixPermissions.ToString());
bool FoundCreatorOwnerGenericAccess = false;
bool FoundSystemGenericAccess = false;
bool FoundSystemSpecificAccess = false;
bool FoundAdministratorGenericAccess = false;
bool FoundAdministratorSpecificAccess = false;
bool FoundUserGenericAccess = false;
bool FoundUserSpecificAccess = false;
AccessRights Rights;
RegistrySecurity HKCRAccessControl = Registry.ClassesRoot.GetAccessControl();
//Iterate over the rule set and list them for Built in users
foreach (RegistryAccessRule RegRule in HKCRAccessControl.GetAccessRules(true, true, typeof(NTAccount)))
{
Rights = (AccessRights)RegRule.RegistryRights;
LogMessage("CheckHKCRPermissions", "Found rule: " + RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + Rights.ToString() + " / " + (RegRule.IsInherited ? "Inherited" : "NotInherited") + " / " + RegRule.InheritanceFlags.ToString() + " / " + RegRule.PropagationFlags.ToString());
// Allow CREATOR OWNER GenericAll / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(CreatorOwnerSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericAll &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundCreatorOwnerGenericAccess = true;
}
// Allow NT AUTHORITY\SYSTEM GenericAll / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(NTAuthoritySystemSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericAll &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundSystemGenericAccess = true;
}
// Allow NT AUTHORITY\SYSTEM Query, SetKey, CreateSubKey, EnumSubkey, Notify, CreateLink, StandardDelete, StandardReadControl, StandardWriteDAC, StandardWriteOwner / NotInherited / None / None
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(NTAuthoritySystemSID), StringComparison.OrdinalIgnoreCase)) &
Rights == FullRights &
RegRule.InheritanceFlags == InheritanceFlags.None &
RegRule.PropagationFlags == PropagationFlags.None)
{
FoundSystemSpecificAccess = true;
}
// Allow BUILTIN\Administrators GenericAll / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInAdministratorsSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericAll &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundAdministratorGenericAccess = true;
}
// Allow BUILTIN\Administrators Query, SetKey, CreateSubKey, EnumSubkey, Notify, CreateLink, StandardDelete, StandardReadControl, StandardWriteDAC, StandardWriteOwner / NotInherited / None / None
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInAdministratorsSID), StringComparison.OrdinalIgnoreCase)) &
Rights == FullRights &
RegRule.InheritanceFlags == InheritanceFlags.None &
RegRule.PropagationFlags == PropagationFlags.None)
{
FoundAdministratorSpecificAccess = true;
}
// Allow BUILTIN\Users GenericRead / NotInherited / ContainerInherit / InheritOnly
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInUsersSID), StringComparison.OrdinalIgnoreCase)) &
Rights == AccessRights.GenericRead &
RegRule.InheritanceFlags == InheritanceFlags.ContainerInherit &
RegRule.PropagationFlags == PropagationFlags.InheritOnly)
{
FoundUserGenericAccess = true;
}
// Allow BUILTIN\Users Query, EnumSubkey, Notify, StandardReadControl / NotInherited / None / None
if ((RegRule.IdentityReference.ToString().Equals(GetLocalAccountName(BuiltInUsersSID), StringComparison.OrdinalIgnoreCase)) &
Rights == ReadRights &
RegRule.InheritanceFlags == InheritanceFlags.None &
RegRule.PropagationFlags == PropagationFlags.None)
{
FoundUserSpecificAccess = true;
}
}
LogMessage("CheckHKCRPermissions", " ");
if (FoundCreatorOwnerGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have CreatorOwnerGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have CreatorOwnerGenericAccess!");
}
if (FoundSystemGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have SystemGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have SystemGenericAccess!");
}
if (FoundSystemSpecificAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have SystemSpecificAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have SystemSpecificAccess!");
}
if (FoundAdministratorGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have AdministratorGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have AdministratorGenericAccess!");
}
if (FoundAdministratorSpecificAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have AdministratorSpecificAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have AdministratorSpecificAccess!");
}
if (FoundUserGenericAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have UserGenericAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have UserGenericAccess!");
}
if (FoundUserSpecificAccess)
{
LogMessage("CheckHKCRPermissions", "OK - HKCR\\ does have UserSpecificAccess");
}
else
{
LogError("CheckHKCRPermissions", "HKCR\\ does not have UserSpecificAccess!");
}
LogMessage("CheckHKCRPermissions", " ");
if (FixPermissions)
{
Stopwatch swLocal = null;
try
{
swLocal = Stopwatch.StartNew();
LogMessage("SetRegistryACL", "Fixing registry permissions");
//Set a security ACL on the ASCOM Profile key giving the Users group Full Control of the key
LogMessage("SetRegistryACL", "Creating security identifiers");
SecurityIdentifier DomainSid = new SecurityIdentifier("S-1-0-0"); //Create a starting point domain SID
//Create security identifiers for the various accounts to be passed to the new access rule
SecurityIdentifier BuiltinUsersIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, DomainSid);
SecurityIdentifier AdministratorsIdentifier = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, DomainSid);
SecurityIdentifier CreatorOwnerIdentifier = new SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, DomainSid);
SecurityIdentifier SystemIdentifier = new SecurityIdentifier(WellKnownSidType.LocalSystemSid, DomainSid);
LogMessage("SetRegistryACL", "Creating new ACL rules"); // Create the new access permission rules
RegistryAccessRule CreatorOwnerGenericAccessRule = new RegistryAccessRule(CreatorOwnerIdentifier,
(RegistryRights)AccessRights.GenericAll,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule SystemGenericAccessRule = new RegistryAccessRule(SystemIdentifier,
(RegistryRights)AccessRights.GenericAll,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule SystemFullAccessRule = new RegistryAccessRule(SystemIdentifier,
(RegistryRights)FullRights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
RegistryAccessRule AdministratorsGenericAccessRule = new RegistryAccessRule(AdministratorsIdentifier,
(RegistryRights)AccessRights.GenericAll,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule AdministratorsFullAccessRule = new RegistryAccessRule(AdministratorsIdentifier,
(RegistryRights)FullRights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
RegistryAccessRule BuiltinUsersGenericAccessRule = new RegistryAccessRule(BuiltinUsersIdentifier,
unchecked ((RegistryRights)AccessRights.GenericRead),
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow);
RegistryAccessRule BuiltinUsersReadAccessRule = new RegistryAccessRule(BuiltinUsersIdentifier,
(RegistryRights)ReadRights,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow);
LogMessage("SetRegistryACL", "Retrieving current ACL rule");
LogMessage("SetRegistryACL", " ");
RegistrySecurity KeySec = Registry.ClassesRoot.GetAccessControl(); // Get existing ACL rules on the key
//Iterate over the rule set and list them
foreach (RegistryAccessRule RegRule in KeySec.GetAccessRules(true, true, typeof(NTAccount)))
{
LogMessage("SetRegistryACL Before", RegRule.AccessControlType.ToString() + " " +
RegRule.IdentityReference.ToString() + " " +
((AccessRights)RegRule.RegistryRights).ToString() + " " +
RegRule.IsInherited.ToString() + " " +
RegRule.InheritanceFlags.ToString() + " " +
RegRule.PropagationFlags.ToString());
}
LogMessage("SetRegistryACL", "Adding new ACL rules");
LogMessage("SetRegistryACL", " ");
// Remove old rules
KeySec.PurgeAccessRules(CreatorOwnerIdentifier);
KeySec.PurgeAccessRules(AdministratorsIdentifier);
KeySec.PurgeAccessRules(BuiltinUsersIdentifier);
KeySec.PurgeAccessRules(SystemIdentifier);
//Add the new rules to the existing rules
KeySec.AddAccessRule(CreatorOwnerGenericAccessRule);
KeySec.AddAccessRule(SystemGenericAccessRule);
KeySec.AddAccessRule(SystemFullAccessRule);
KeySec.AddAccessRule(AdministratorsGenericAccessRule);
KeySec.AddAccessRule(AdministratorsFullAccessRule);
KeySec.AddAccessRule(BuiltinUsersGenericAccessRule);
KeySec.AddAccessRule(BuiltinUsersReadAccessRule);
//Iterate over the new rule set and list them
foreach (RegistryAccessRule RegRule in KeySec.GetAccessRules(true, true, typeof(NTAccount)))
{
LogMessage("SetRegistryACL After", RegRule.AccessControlType.ToString() + " " +
RegRule.IdentityReference.ToString() + " " +
((AccessRights)RegRule.RegistryRights).ToString() + " " +
RegRule.IsInherited.ToString() + " " +
RegRule.InheritanceFlags.ToString() + " " +
RegRule.PropagationFlags.ToString());
}
LogMessage("SetRegistryACL", "Setting new ACL rule");
Registry.ClassesRoot.SetAccessControl(KeySec); //Apply the new rules to the Profile key
LogMessage("SetRegistryACL", "Retrieving new rule set from key");
// Retrieve the new rule set and list them
foreach (RegistryAccessRule RegRule in Registry.ClassesRoot.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)))
{
LogMessage("SetRegistryACL New", RegRule.AccessControlType.ToString() + " " +
RegRule.IdentityReference.ToString() + " " +
((AccessRights)RegRule.RegistryRights).ToString() + " " +
RegRule.IsInherited.ToString() + " " +
RegRule.InheritanceFlags.ToString() + " " +
RegRule.PropagationFlags.ToString());
}
swLocal.Stop();
LogMessage("SetRegistryACL", "ElapsedTime " + swLocal.ElapsedMilliseconds + " milliseconds");
swLocal = null;
}
catch (Exception ex)
{
LogMessage("SetRegistryACLException", ex.ToString());
}
}
}
catch (NullReferenceException ex)
{
SetReturnCode(5);
LogError("CheckHKCRPermissions", "HKCR\\ does not exist. " + ex.ToString()); // Should never happen!
}
catch (SecurityException ex)
{
SetReturnCode(5);
LogError("CheckHKCRPermissions", "Security exception when accessing HKCR\\ " + ex.ToString()); // Should never happen!
}
catch (Exception ex)
{
SetReturnCode(5);
LogError("CheckHKCRPermissions", "Unexpected exception: " + ex.ToString());
}
}
static private bool UserhasFullProfileAccessRights(RegistryKey key, string subKey)
{
RegistryKey sKey;
bool foundFullAccess = false;
string builtInUsers;
try
{
builtInUsers = GetBuiltInUsers().ToUpperInvariant();
TL.LogMessage("RegistryRights", (subKey == "") ? key.Name.ToString() : key.Name.ToString() + @"\" + subKey);
if (subKey == "")
{
sKey = key;
}
else
{
sKey = key.OpenSubKey(subKey);
}
RegistrySecurity sec = sKey.GetAccessControl(); // System.Security.AccessControl.AccessControlSections.All)
foreach (RegistryAccessRule RegRule in sec.GetAccessRules(true, true, typeof(NTAccount))) // Iterate over the rule set and list them
{
try
{
TL.LogMessage("RegistryRights", RegRule.AccessControlType.ToString() + " " + RegRule.IdentityReference.ToString() + " " + RegRule.RegistryRights.ToString() + " / " + (RegRule.IsInherited ? "Inherited" : "NotInherited") + " / " + RegRule.InheritanceFlags.ToString() + " / " + RegRule.PropagationFlags.ToString());
}
catch (Exception ex1)
{
TL.LogMessageCrLf("RegistryRights", "Issue formatting registry rights: " + ex1.ToString());
}
if ((RegRule.IdentityReference.ToString().ToUpperInvariant() == builtInUsers) & (RegRule.RegistryRights == global::System.Security.AccessControl.RegistryRights.FullControl))
{
foundFullAccess = true;
}
}
if (foundFullAccess)
{
TL.BlankLine();
TL.LogMessage("RegistryRights", "OK - SubKey " + subKey + @" does have full registry access rights for BUILTIN\Users");
}
else
{
LogError("RegistryRights", "Subkey " + subKey + @" does not have full access rights for BUILTIN\Users!");
}
}
catch (NullReferenceException)
{
TL.LogMessageCrLf("RegistryRights", "The subkey: " + key.Name + @"\" + subKey + " does not exist.");
}
catch (Exception ex)
{
TL.LogMessageCrLf("RegistryRights", "Issue reading registry rights: " + ex.ToString());
}
TL.BlankLine();
return(foundFullAccess);
}
protected override void ProcessRecord()
{
using (RegistryKey regKey = RegistryControl.GetRegistryKey(RegistryPath, true, true))
{
if (regKey == null)
{
return;
}
RegistrySecurity security = null;
// Access文字列からの設定
// ""で全アクセス権設定を削除
if (Access != null)
{
if (security == null)
{
security = regKey.GetAccessControl();
}
foreach (RegistryAccessRule removeRule in security.GetAccessRules(true, false, typeof(NTAccount)))
{
security.RemoveAccessRule(removeRule);
}
// テスト自動生成
_generator.RegistryAccess(RegistryPath, Access, false);
if (Access != string.Empty) // このif文分岐が無くても同じ挙動するけれど、一応記述
{
foreach (RegistryAccessRule addRule in RegistryControl.StringToAccessRules(Access))
{
security.AddAccessRule(addRule);
}
}
}
// 上位からのアクセス権継承の設定変更
if (Inherited != Item.NONE)
{
if (security == null)
{
security = regKey.GetAccessControl();
}
// テスト自動生成
_generator.RegistryInherited(RegistryPath, Inherited == Item.ENABLE);
switch (Inherited)
{
case Item.ENABLE:
security.SetAccessRuleProtection(false, false);
break;
case Item.DISABLE:
security.SetAccessRuleProtection(true, true);
break;
case Item.REMOVE:
security.SetAccessRuleProtection(true, false);
break;
}
}
if (security != null)
{
regKey.SetAccessControl(security);
}
}
// 所有者変更
if (Owner != null)
{
string subinacl = EmbeddedResource.GetSubinacl(Item.APPLICATION_NAME);
// 管理者実行確認
Functions.CheckAdmin();
// テスト自動生成
_generator.RegistryOwner(RegistryPath, Owner);
using (Process proc = new Process())
{
proc.StartInfo.FileName = subinacl;
proc.StartInfo.Arguments = $"/subkeyreg \"{RegistryPath}\" /owner=\"{Owner}\"";
proc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
proc.Start();
proc.WaitForExit();
}
}
// レジストリ値の設定
if (Name != null)
{
// テスト自動生成
_generator.RegistryType(RegistryPath, Name, Type);
_generator.RegistryValue(RegistryPath, Name, Value);
switch (Type)
{
case Item.REG_SZ:
Registry.SetValue(RegistryPath, Name, Value, RegistryValueKind.String);
break;
case Item.REG_BINARY:
Registry.SetValue(RegistryPath, Name, RegistryControl.StringToRegBinary(Value), RegistryValueKind.Binary);
break;
case Item.REG_DWORD:
Registry.SetValue(RegistryPath, Name, int.Parse(Value), RegistryValueKind.DWord);
break;
case Item.REG_QWORD:
Registry.SetValue(RegistryPath, Name, long.Parse(Value), RegistryValueKind.QWord);
break;
case Item.REG_MULTI_SZ:
Registry.SetValue(RegistryPath, Name, Functions.SplitBQt0(Value), RegistryValueKind.MultiString);
break;
case Item.REG_EXPAND_SZ:
Registry.SetValue(RegistryPath, Name, Value, RegistryValueKind.ExpandString);
break;
case Item.REG_NONE:
Registry.SetValue(RegistryPath, Name, new byte[2] {
0, 0
}, RegistryValueKind.None);
break;
}
}
/* 実行していて結構うっとおしいので、出力しないことにします。
* using (RegistryKey regKey = RegistryControl.GetRegistryKey(Path, false, false))
* {
* WriteObject(new RegistrySummary(regKey, true));
* }
*/
}
static void Main(string[] args)
{
//Authnetication = Who are you?
//Authorization = What can you do?
//Get current Identity
WindowsIdentity curr = WindowsIdentity.GetCurrent();
//Get anonymous identity
curr = WindowsIdentity.GetAnonymous();
//curr = WindowsIdentity.Impersonate();
curr = WindowsIdentity.GetCurrent();
Console.WriteLine("Name:" + curr.Name);
Console.WriteLine("Token:" + curr.Token.ToString());
Console.WriteLine("Authentication Type:" + curr.AuthenticationType);
Console.WriteLine("Is anonymous? {0}", curr.IsAnonymous);
Console.WriteLine("Is authenticated? {0}", curr.IsAuthenticated);
Console.WriteLine("Is a guest? {0}", curr.IsGuest);
Console.WriteLine("Is System? {0}", curr.IsSystem);
//WindowsPrincipal = group info. You can retrieve this by using an identity
WindowsPrincipal wingroup = new WindowsPrincipal(curr);
//or by pulling the group info from the current thread.
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
wingroup = (WindowsPrincipal)Thread.CurrentPrincipal;
Console.WriteLine("Current user is a member of the following roles:");
Console.WriteLine("In role Administrator? {0}", wingroup.IsInRole(WindowsBuiltInRole.Administrator));
Console.WriteLine("In role AccountOperator? {0}", wingroup.IsInRole(WindowsBuiltInRole.AccountOperator));
Console.WriteLine("In role Guest? {0}", wingroup.IsInRole(WindowsBuiltInRole.Guest));
Console.WriteLine("In role PowerUser? {0}", wingroup.IsInRole(WindowsBuiltInRole.PowerUser));
Console.WriteLine(@"In role Atlas\Admin? {0}", wingroup.IsInRole(@"Atlas\Admin"));
//AdminOnly();
AlsoAdminOnly();
string r = System.Environment.MachineName + @"\VS Developers";
try
{
PrincipalPermission p = new PrincipalPermission(null, r, true);
p.Demand();
Console.WriteLine("You are in " + r);
}
catch (SecurityException ex)
{
Console.WriteLine("You are not in " + r);
}
//DACL = Restricts or grants control
//SACL = Used for logging accesses to a resource...
DirectorySecurity ds = new DirectorySecurity(@"C:\Program Files\", AccessControlSections.All);
//FileSystemRights.AppendData
//FileSystemRights.ChangePermissions
//FileSystemRights.CreateDirectories
//FileSystemRights.CreateFiles
//FileSystemRights.Delete
//FileSystemRights.DeleteSubdirectoriesAndFiles
//FileSystemRights.ExecuteFile
//FileSystemRights.FullControl
//FileSystemRights.ListDirectory
//FileSystemRights.Modify
//FileSystemRights.Read
//FileSystemRights.ReadAndExecute
//FileSystemRights.ReadAttributes
//FileSystemRights.ReadData
//FileSystemRights.ReadExtendedAttributes
// FileSystemRights.ReadPermissions
//FileSystemRights.Synchronize
//FileSystemRights.TakeOwnership
//FileSystemRights.Traverse
//FileSystemRights.Write
// FileSystemRights.WriteAttributes
//FileSystemRights.WriteData
//FileSystemRights.WriteExtendedAttributes
AuthorizationRuleCollection arc = ds.GetAccessRules(true, true, typeof(NTAccount));
foreach (FileSystemAccessRule ar in arc)
{
Console.WriteLine(ar.IdentityReference + " : " + ar.AccessControlType + " " + ar.FileSystemRights);
}
RegistrySecurity rs = Registry.LocalMachine.GetAccessControl();
arc = rs.GetAccessRules(true, true, typeof(NTAccount));
foreach (RegistryAccessRule rar in arc)
{
Console.WriteLine(rar.IdentityReference + ":" + rar.AccessControlType + " " + rar.RegistryRights);
}
//RegistryRights.ChangePermissions
//RegistryRights.CreateLink
//RegistryRights.CreateSubKey
//RegistryRights.Delete
//RegistryRights.EnumerateSubKeys;
//RegistryRights.ExecuteKey;
//RegistryRights.FullControl;
//RegistryRights.Notify;
//RegistryRights.QueryValues;
//RegistryRights.ReadKey;
//RegistryRights.ReadPermissions;
//RegistryRights.SetValue;
//RegistryRights.TakeOwnership;
//RegistryRights.WriteKey;
string dir = @"C:\logs";
ds = Directory.GetAccessControl(dir);
ds.AddAccessRule(new FileSystemAccessRule("Guest", FileSystemRights.Read, AccessControlType.Allow));
Directory.SetAccessControl(dir, ds);
//THE ABOVE IS 20X easier than anything before .net 2.0
//SYMETRIC ENCRYPTION = Encryption & decryption is done w/ the same key
string ss = "p@ssw0rd";
RijndaelManaged rj = new RijndaelManaged();
byte[] salt = Encoding.ASCII.GetBytes("This is my salt!");
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(ss, salt);
rj.Key = key.GetBytes(rj.KeySize / 8);
rj.IV = key.GetBytes(rj.BlockSize / 8);
string inFile = @"C:\boot.ini";
string outFile = @"C:\boot.ini.enc";
FileStream inFS = new FileStream(inFile, FileMode.Open, FileAccess.Read);
FileStream outFS = new FileStream(outFile, FileMode.OpenOrCreate, FileAccess.Write);
byte[] fileData = new byte[inFS.Length];
inFS.Read(fileData, 0, (int)inFS.Length);
ICryptoTransform enc = rj.CreateEncryptor();
CryptoStream encStream = new CryptoStream(outFS, enc, CryptoStreamMode.Write);
encStream.Write(fileData, 0, fileData.Length);
encStream.Close();
inFS.Close();
outFS.Close();
RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider();
RSAParameters rsaParam = myRSA.ExportParameters(true);
Console.WriteLine(myRSA.ToXmlString(true));
//How to put the keys in the key store!
CspParameters persistantCsp = new CspParameters();
persistantCsp.KeyContainerName = "AsymetricExample";
myRSA = new RSACryptoServiceProvider(persistantCsp);
myRSA.PersistKeyInCsp = true;
rsaParam = myRSA.ExportParameters(true);
foreach (byte thisbyte in rsaParam.D)
{
Console.Write(thisbyte.ToString("X2") + " ");
}
string Message = "Hello, world!";
byte[] messByte = Encoding.Unicode.GetBytes(Message);
byte[] encMess = myRSA.Encrypt(messByte, false);
byte[] decMess = myRSA.Decrypt(encMess, false);
Console.WriteLine(Encoding.Unicode.GetString(decMess));
//HASHING -non keyed
MD5 myHash = new MD5CryptoServiceProvider();
FileStream file = new FileStream(outFile, FileMode.Open, FileAccess.Read);
BinaryReader br = new BinaryReader(file);
myHash.ComputeHash(br.ReadBytes((int)file.Length));
Console.WriteLine(Convert.ToBase64String(myHash.Hash));
br.Close();
file.Close();
//HASHING keyed
byte[] saltValue = Encoding.ASCII.GetBytes("This is some good salt!");
Rfc2898DeriveBytes passwordkey = new Rfc2898DeriveBytes("p@55w0r6", saltValue);
byte[] secretkey = passwordkey.GetBytes(16);
HMACSHA1 keyhash = new HMACSHA1(secretkey);
file = new FileStream(outFile, FileMode.Open, FileAccess.Read);
br = new BinaryReader(file);
keyhash.ComputeHash(br.ReadBytes((int)file.Length));
Console.WriteLine(Convert.ToBase64String(keyhash.Hash));
}
private void button1_Click(object sender, EventArgs e)
{
bool flag = false;
string name1 = Convert.ToString(listBox1.SelectedItem);
if (textBox1.Text == "")
{
MessageBox.Show(" Субъект не выбран. Будет показан список объектов доступных для каждого субъекта.");
}
else
{
if (textBox1.Text != name1)
{
string[] s;
s = new string[listBox1.Items.Count - 1];
for (int i = 0; i < listBox1.Items.Count - 1; i++)
{
if (listBox1.Items.ToString() != "")
{
s[i] = listBox1.Items[i].ToString();
}
if (textBox1.Text == s[i])
{
flag = true;
}
}
if (flag != true || textBox1.Text != "Список групп" || textBox1.Text != "Список пользователей" || textBox1.Text != "____________")
{
MessageBox.Show(" Такого субъекта не существует.");
}
}
}
listBox2.DataSource = null;
RegistryRights WriteAndRead = RegistryRights.ReadKey | RegistryRights.SetValue | RegistryRights.CreateSubKey; //== writekey and readkey
List <RegistryKey> RKMas = new List <RegistryKey>();
List <string> list = new List <string>();
foreach (string name in RK.GetSubKeyNames())
{
try
{
RKMas.Add(RK.OpenSubKey(name));
}
catch { }
}
foreach (RegistryKey rk in RKMas)
{
RegistrySecurity rs = rk.GetAccessControl();
foreach (RegistryAccessRule ar in rs.GetAccessRules(true, true, typeof(NTAccount)))
{
string buf = ar.IdentityReference.ToString();
if (radioButton1.Checked == true)
{
if (ar.RegistryRights == RegistryRights.ReadKey | ar.RegistryRights == RegistryRights.FullControl | ar.RegistryRights == WriteAndRead && buf.Contains(textBox1.Text))
{
//listBox2.Items.Add(rk + " доступен на чтение для " + ar.IdentityReference);
list.Add(rk + " доступен для чтения " + ar.IdentityReference);
}
listBox2.DataSource = list.Distinct().ToList();
}
if (radioButton2.Checked == true)
{
if (ar.RegistryRights == RegistryRights.WriteKey | ar.RegistryRights == RegistryRights.FullControl | ar.RegistryRights == WriteAndRead && buf.Contains(textBox1.Text))
{
//listBox2.Items.Add(rk + " доступен на запись для " + ar.IdentityReference);
list.Add(rk + " доступен на запись для " + ar.IdentityReference);
}
listBox2.DataSource = list.Distinct().ToList();
}
if (radioButton3.Checked == true)
{
if (ar.RegistryRights == WriteAndRead | ar.RegistryRights == RegistryRights.FullControl && buf.Contains(textBox1.Text))
{
//listBox2.Items.Add(rk + " доступен на чтение и запись для " + ar.IdentityReference);
list.Add(rk + " доступен на чтение и запись для " + ar.IdentityReference);
}
listBox2.DataSource = list.Distinct().ToList();
}
}
}
}
