public void Dispose()
{
if (mostRecentMscFilename is not null)
{
File.Delete(mostRecentMscFilename);
mostRecentMscFilename = null;
}
cimSession.Close();
cimSession.Dispose();
}
public PowerManagement()
{
try {
if (_cimSession != null)
{
_cimSession.Close();
}
var sessionOptions = new DComSessionOptions();
sessionOptions.Timeout = new TimeSpan(0, 2, 0);
_cimSession = CimSession.Create(@".", sessionOptions);
} catch (CimException e) {
Console.WriteLine(e);
throw;
}
UpdateCimInstance();
}
public static void Main()
{
bool hasComputerNameChanged = true;
CimSession cimSession = null;
string className = null;
string computerName = GetName("ComputerName");
if (String.IsNullOrEmpty(computerName))
{
computerName = null;
}
string namespaceName = GetName("Namespace");
CurrentOperation currentOperation = GetCurrentOption(true);
while (true)
{
if (currentOperation == CurrentOperation.OperationQuit)
{
if (cimSession != null)
{
cimSession.Close();
cimSession = null;
}
return;
}
if (ClassNeeded(currentOperation))
{
className = GetName("ClassName");
}
try
{
// Create local CIM session
if (hasComputerNameChanged)
{
if (cimSession != null)
{
cimSession.Close();
}
WMIDCOMCimSessionOptions sessionOptions = new WMIDCOMCimSessionOptions();
cimSession = CimSession.Create(computerName, sessionOptions);
hasComputerNameChanged = false;
}
switch (currentOperation)
{
case CurrentOperation.EnumerateAsync:
SampleCimOperation.EnumerateASync(cimSession, namespaceName, className);
break;
case CurrentOperation.EnumerateSync:
SampleCimOperation.EnumerateSync(cimSession, namespaceName, className);
break;
case CurrentOperation.GetInstanceSync:
SampleCimOperation.GetInstanceSync(cimSession, namespaceName, className);
break;
case CurrentOperation.GetInstanceAsync:
SampleCimOperation.GetInstanceASync(cimSession, namespaceName, className);
break;
case CurrentOperation.CreateInstanceAsync:
SampleCimOperation.CreateInstanceASync(cimSession, namespaceName, className);
break;
case CurrentOperation.CreateInstanceSync:
SampleCimOperation.CreateInstanceSync(cimSession, namespaceName, className);
break;
case CurrentOperation.DeleteInstanceAsync:
SampleCimOperation.DeleteInstanceASync(cimSession, namespaceName, className);
break;
case CurrentOperation.DeleteInstanceSync:
SampleCimOperation.DeleteInstanceSync(cimSession, namespaceName, className);
break;
case CurrentOperation.ModifyInstanceAsync:
SampleCimOperation.ModifyInstanceASync(cimSession, namespaceName, className);
break;
case CurrentOperation.ModifyInstanceSync:
SampleCimOperation.ModifyInstanceSync(cimSession, namespaceName, className);
break;
case CurrentOperation.QueryInstanceAsync:
SampleCimOperation.QueryInstanceASync(cimSession, namespaceName);
break;
case CurrentOperation.QueryInstanceSync:
SampleCimOperation.QueryInstanceSync(cimSession, namespaceName);
break;
case CurrentOperation.QueryAssociationSync:
SampleCimOperation.EnumerateAssociatedInstanceSync(cimSession, namespaceName, className);
break;
case CurrentOperation.QueryAssociationAsync:
SampleCimOperation.EnumerateAssociatedInstanceASync(cimSession, namespaceName, className);
break;
case CurrentOperation.InvokeMethodSync:
SampleCimOperation.InvokeMethodSync(cimSession, namespaceName, className);
break;
case CurrentOperation.InvokeMethodAsync:
SampleCimOperation.InvokeMethodASync(cimSession, namespaceName, className);
break;
case CurrentOperation.SubscribeSync:
SampleCimOperation.SubscribeSync(cimSession, namespaceName);
break;
case CurrentOperation.SubscribeAsync:
SampleCimOperation.SubscribeASync(cimSession, namespaceName);
break;
case CurrentOperation.OperationComputerName:
computerName = GetName("ComputerName");
if (String.IsNullOrEmpty(computerName))
{
computerName = null;
}
hasComputerNameChanged = true;
break;
case CurrentOperation.OperationNamespaceName:
namespaceName = GetName("Namespace");
break;
default:
break;
}
}
catch (CimException ex)
{
Console.WriteLine(ex.Message);
}
currentOperation = GetCurrentOption(false);
}
}
static void wmiConnect(string target, DComSessionOptions SessionOptions, string mode)
{
CimSession Session = CimSession.Create(target, SessionOptions);
try
{
if (mode.ToLower() == "all" || mode.ToLower() == "services")
{
var allServices = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT * FROM Win32_Service where NOT startname like '%LocalSystem%' AND NOT startname like '%NT AUTHORITY%'");
foreach (CimInstance service in allServices)
{
if (service.CimInstanceProperties["StartName"].ToString() != "StartName")
{
Console.WriteLine($"[+]Non-default service account found on {target}: {service.CimInstanceProperties["StartName"].Value.ToString()}");
}
}
}
if (mode.ToLower() == "all" || mode.ToLower() == "sessions")
{
var allSessions = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT * FROM Win32_LoggedOnUser");
var allProcesses = Session.QueryInstances(@"root\cimv2", "WQL", "SELECT * FROM Win32_SessionProcess");
//gets us the sessionID associated with each running process on the system, done in order to avoid showing false positives tied to stale sessions
List <int> processSessions = new List <int>();
foreach (CimInstance proc in allProcesses)
{
processSessions.Add(Int32.Parse(proc.CimInstanceProperties["antecedent"].Value.ToString().Split('"')[1]));
}
IEnumerable <int> uniqueProcessSessions = processSessions.Distinct();
//gets us a list of all sessions on the remote system. This will include a variety of false positives / unwanted system sessions that we have to filter out. Results are added to a keyed dictionary for lookups against running processes.
List <String> sessions = new List <String>();
var ses2 = new Dictionary <int, string>();
foreach (CimInstance session in allSessions)
{
String antecedent = session.CimInstanceProperties["antecedent"].Value.ToString();
String dependent = session.CimInstanceProperties["dependent"].Value.ToString();
String[] userDomain = antecedent.Split('"');
int dependentKey = Int32.Parse(dependent.Split('"')[1]);
if ((!userDomain[1].ToLower().Contains("dwm-")) && (!userDomain[1].ToLower().Contains("umfd-")) && (!userDomain[1].ToLower().Contains("anonymous logon")) && (!userDomain[1].ToLower().Contains("local service")) && (!userDomain[1].ToLower().Contains("network service")) && (!userDomain[1].ToLower().Equals("system")))
{
sessions.Add($"{userDomain[3]}\\{userDomain[1]}");
ses2.Add(dependentKey, $"{userDomain[3]}\\{userDomain[1]}");
}
}
//Now that we have a list of sessions and a list of all logonSessionIDs with currently active processes we can compare the two in order to get an accurate list of active sessions
foreach (int procSession in uniqueProcessSessions)
{
if (ses2.ContainsKey(procSession))
{
Console.WriteLine($"[+]Session found on {target}: {ses2[procSession]}");
}
}
}
}
catch (CimException e)
{
if (e.MessageId.Contains("40004"))
{
Console.WriteLine($"[-]The following host was unreachable: {target}");
return;
}
else if (e.MessageId.Contains("70005"))
{
Console.WriteLine($"[-]Insufficient privileges / invalid credentials on the following host: {target}");
return;
}
else if (e.MessageId.Contains("800706"))
{
Console.WriteLine($"[-]No route to the following host: {target}");
return;
}
else
{
Console.WriteLine($"[-]Error - undefined error on the following host: {target} errorID: {e.MessageId}");
return;
}
}
Session.Close();
}
/// <summary>
/// Close the connection
/// </summary>
public void Close()
{
_connection?.Close();
}
