Esempio n. 1
0
        public static IEnumerable <GroupsXML> Get_GroupsXML(Args_Get_GroupsXML args = null)
        {
            if (args == null)
            {
                args = new Args_Get_GroupsXML();
            }
            var MappedPaths = new Dictionary <string, bool>();
            var GroupsXMLs  = new List <GroupsXML>();

            try
            {
                if (args.GroupsXMLPath.IsRegexMatch(@"\\\\.*\\.*") && args.Credential != null)
                {
                    var SysVolPath = $@"\\{new System.Uri(args.GroupsXMLPath).Host}\SYSVOL";
                    if (!MappedPaths[SysVolPath])
                    {
                        // map IPC$ to this computer if it's not already
                        AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
                            Path = new[] { SysVolPath }, Credential = args.Credential
                        });
                        MappedPaths[SysVolPath] = true;
                    }
                }

                XmlDocument GroupsXMLcontent = new XmlDocument();
                GroupsXMLcontent.Load(args.GroupsXMLPath);

                // process all group properties in the XML
                var nodes = GroupsXMLcontent.SelectNodes(@"/Groups/Group");
                foreach (XmlNode node in nodes)
                {
                    var GroupName = node["groupName"].InnerText;

                    // extract the localgroup sid for memberof
                    var GroupSID = node[@"groupSid"].InnerText;
                    if (GroupSID.IsNotNullOrEmpty())
                    {
                        if (GroupName.IsRegexMatch(@"Administrators"))
                        {
                            GroupSID = @"S-1-5-32-544";
                        }
                        else if (GroupName.IsRegexMatch(@"Remote Desktop"))
                        {
                            GroupSID = @"S-1-5-32-555";
                        }
                        else if (GroupName.IsRegexMatch(@"Guests"))
                        {
                            GroupSID = @"S-1-5-32-546";
                        }
                        else
                        {
                            if (args.Credential != null)
                            {
                                GroupSID = ConvertToSID.ConvertTo_SID(new Args_ConvertTo_SID {
                                    ObjectName = new[] { GroupName }, Credential = args.Credential
                                }).FirstOrDefault();
                            }
                            else
                            {
                                GroupSID = ConvertToSID.ConvertTo_SID(new Args_ConvertTo_SID {
                                    ObjectName = new[] { GroupName }
                                }).FirstOrDefault();
                            }
                        }
                    }

                    // extract out members added to this group
                    var Members = new List <string>();
                    foreach (XmlNode member in node["members"].SelectNodes("//Member"))
                    {
                        if (member["action"].InnerText.IsRegexMatch("ADD"))
                        {
                            if (member["sid"] != null)
                            {
                                Members.Add(member["sid"].InnerText);
                            }
                            else
                            {
                                Members.Add(member["name"].InnerText);
                            }
                        }

                        if (Members != null)
                        {
                            // extract out any/all filters...I hate you GPP
                            var Filters = new List <Filter>();

                            if (node.Attributes != null)
                            {
                                foreach (XmlAttribute filter in node.Attributes)
                                {
                                    Filters.Add(new Filter {
                                        Type = filter.LocalName, Value = filter.Name
                                    });
                                }
                            }
                            else
                            {
                                Filters = null;
                            }

                            var GroupsXML = new GroupsXML
                            {
                                GPOPath       = args.GroupsXMLPath,
                                Filters       = Filters,
                                GroupName     = GroupName,
                                GroupSID      = GroupSID,
                                GroupMemberOf = null,
                                GroupMembers  = Members
                            };
                            GroupsXMLs.Add(GroupsXML);
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Logger.Write_Verbose($@"[Get-GroupsXML] Error parsing {args.GroupsXMLPath} : {e}");
            }
            // remove the SYSVOL mappings
            foreach (var key in MappedPaths.Keys)
            {
                RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
                    Path = new[] { key }
                });
            }
            return(GroupsXMLs);
        }
Esempio n. 2
0
        public static IEnumerable <FoundFile> Find_InterestingFile(Args_Find_InterestingFile args = null)
        {
            if (args == null)
            {
                args = new Args_Find_InterestingFile();
            }

            if (args.OfficeDocs)
            {
                args.Include = new[] { ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx" };
            }
            else if (args.FreshEXEs)
            {
                // find .exe's accessed within the last 7 days
                args.LastAccessTime = DateTime.Now.Date.AddDays(-7);
                args.Include        = new[] { ".exe" };
            }

            var FoundFiles      = new List <FoundFile>();
            var MappedComputers = new Dictionary <string, bool>();

            foreach (var TargetPath in args.Path)
            {
                if ((TargetPath.IsRegexMatch(@"\\\\.*\\.*")) && (args.Credential != null))
                {
                    var HostComputer = new System.Uri(TargetPath).Host;
                    if (!MappedComputers[HostComputer])
                    {
                        // map IPC$ to this computer if it's not already
                        AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
                            ComputerName = new[] { HostComputer }, Credential = args.Credential
                        });
                        MappedComputers[HostComputer] = true;
                    }
                }

                var files = PathExtension.GetDirectoryFiles(TargetPath, args.Include, SearchOption.AllDirectories);
                //var files = Directory.EnumerateFiles(TargetPath, "*.*", SearchOption.AllDirectories)
                //                                   .Where(x => args.Include.EndsWith(x, StringComparison.OrdinalIgnoreCase));

                foreach (var file in files)
                {
                    var Continue = true;
                    // check if we're excluding hidden files
                    if (args.ExcludeHidden)
                    {
                        Continue = !File.GetAttributes(file).HasFlag(FileAttributes.Hidden);
                    }
                    // check if we're excluding folders
                    if (args.ExcludeFolders && Directory.Exists(file))
                    {
                        Logger.Write_Verbose($@"Excluding: {file}");
                        Continue = false;
                    }
                    if (args.LastAccessTime != null && (File.GetLastAccessTime(file) < args.LastAccessTime.Value))
                    {
                        Continue = false;
                    }
                    if (args.LastWriteTime != null && (File.GetLastWriteTime(file) < args.LastWriteTime.Value))
                    {
                        Continue = false;
                    }
                    if (args.CreationTime != null && (File.GetCreationTime(file) < args.CreationTime.Value))
                    {
                        Continue = false;
                    }
                    if (args.CheckWriteAccess && !Test_Write(file))
                    {
                        Continue = false;
                    }
                    if (Continue)
                    {
                        String owner;
                        try
                        {
                            owner = File.GetAccessControl(file).GetOwner(typeof(SecurityIdentifier)).Translate(typeof(System.Security.Principal.NTAccount)).Value;
                        }
                        catch {
                            owner = "Access was Denied";
                        }

                        DateTime lastAccessTime;
                        try
                        {
                            lastAccessTime = File.GetLastAccessTime(file);
                        }
                        catch { lastAccessTime = new DateTime(); }

                        DateTime lastWriteTime;
                        try
                        {
                            lastWriteTime = File.GetLastWriteTime(file);
                        } catch { lastWriteTime = new DateTime(); }

                        DateTime creationTime;
                        try
                        {
                            creationTime = File.GetCreationTime(file);
                        } catch { creationTime = new DateTime(); }

                        long length;
                        try
                        {
                            length = new FileInfo(file).Length;
                        }catch { length = 0; }


                        var FoundFile = new FoundFile
                        {
                            Path           = file,
                            Owner          = owner,
                            LastAccessTime = lastAccessTime,
                            LastWriteTime  = lastWriteTime,
                            CreationTime   = creationTime,
                            Length         = length
                        };
                        FoundFiles.Add(FoundFile);
                    }
                }
            }

            // remove the IPC$ mappings
            foreach (var key in MappedComputers.Keys)
            {
                RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
                    ComputerName = new[] { key }
                });
            }
            return(FoundFiles);
        }
Esempio n. 3
0
        public static IEnumerable <FileACL> Get_PathAcl(Args_Get_PathAcl args = null)
        {
            if (args == null)
            {
                args = new Args_Get_PathAcl();
            }

            var ConvertArguments = new Args_ConvertFrom_SID
            {
                Credential = args.Credential
            };
            var MappedComputers = new Dictionary <string, bool>();

            var FileACLs = new List <FileACL>();

            foreach (var TargetPath in args.Path)
            {
                try
                {
                    if (TargetPath.IsRegexMatch(@"\\\\.*\\.*") && args.Credential != null)
                    {
                        var HostComputer = new System.Uri(TargetPath).Host;
                        if (!MappedComputers[HostComputer])
                        {
                            // map IPC$ to this computer if it's not already
                            AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
                                ComputerName = new string[] { HostComputer }, Credential = args.Credential
                            });
                            MappedComputers[HostComputer] = true;
                        }
                    }

                    FileSystemSecurity ACL;
                    var attr = File.GetAttributes(TargetPath);
                    if (attr.HasFlag(FileAttributes.Directory))
                    {
                        ACL = Directory.GetAccessControl(TargetPath);
                    }
                    else
                    {
                        ACL = File.GetAccessControl(TargetPath);
                    }

                    var arc = ACL.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
                    foreach (FileSystemAccessRule ar in arc)
                    {
                        var SID = ar.IdentityReference.Value;
                        ConvertArguments.ObjectSID = new string[] { SID };
                        var Name = ConvertFromSID.ConvertFrom_SID(ConvertArguments);

                        var Out = new FileACL
                        {
                            Path              = TargetPath,
                            FileSystemRights  = Convert_FileRight((uint)ar.FileSystemRights),
                            IdentityReference = Name,
                            IdentitySID       = SID,
                            AccessControlType = ar.AccessControlType
                        };
                        FileACLs.Add(Out);
                    }
                }
                catch (Exception e)
                {
                    Logger.Write_Verbose($@"[Get-PathAcl] error: {e}");
                }
            }

            // remove the IPC$ mappings
            RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
                ComputerName = MappedComputers.Keys.ToArray()
            });
            return(FileACLs);
        }