/// <summary>
/// Get the primaryGroupID attribute of the user DirectoryEntry in string format
/// </summary>
/// <param name="userentry"></param>
/// <returns></returns>
public static string GetPrimaryGroupSid(DirectoryEntry userentry)
{
string primaryGroupID = userentry.Properties["primaryGroupID"].Value.ToString();
byte[] objectSidByteArray = (byte[])userentry.Properties["objectSid"].Value;
string sid = new SecurityIdentifier(objectSidByteArray, 0).ToString();
StringBuilder builder = new StringBuilder();
string[] splitsid = sid.Split('-');
int i = 0;
while (i < splitsid.Count() - 1)
{
if (i == 0)
{
builder.Append(splitsid[i]);
}
else
{
builder.Append("-" + splitsid[i]);
}
i++;
}
builder.Append("-" + primaryGroupID);
return(builder.ToString());
}
static PerformanceMonitorUsersInstaller()
{
builtinPerformanceMonitoringUsersName = new SecurityIdentifier(WellKnownSidType.BuiltinPerformanceMonitoringUsersSid, null).Translate(typeof(NTAccount)).ToString();
var parts = builtinPerformanceMonitoringUsersName.Split('\\');
if (parts.Length == 2)
{
builtinPerformanceMonitoringUsersName = parts[1];
}
}
public void ConnectionToRemoteComputer()
{
string result = "";
List <string> users = new List <string>();
try
{
ConnectionOptions options = new ConnectionOptions();
//options.Username = "******";
//options.Password = "******";
ManagementScope scope = new ManagementScope("\\\\" + pc_combobox.Text + "\\root\\cimv2", options);
scope.Connect();
ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_UserProfile Where Special = False");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
foreach (ManagementObject queryObj in searcher.Get())
{
try
{
var profileSID = queryObj["SID"].ToString();
string full_account = new SecurityIdentifier(profileSID).Translate(typeof(NTAccount)).ToString();
if (!full_account.Contains("admin"))
{
string[] account = full_account.Split(new char[] { '\\' });
users.Add(account[1]);
userD.Add(profileSID, account[1]);
//users_combobox.Items.Add(account[1]);
}
button_connect.Background = Brushes.LightGreen;
button_connect.Content = "Подключено";
}
catch
{
}
}
users.Sort();
users_combobox.ItemsSource = users;
//query = new ObjectQuery("SELECT Caption FROM Win32_OperatingSystem");
query = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");
searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
result = m["Caption"].ToString() + "\n" + m["OSArchitecture"].ToString();
}
os_info.Content = "ОC на ПК: " + pc_combobox.Text + "\n" + result;
string softwareRegLoc = @"Software\Microsoft\Windows\CurrentVersion\Uninstall";
ManagementClass registry = new ManagementClass(scope, new ManagementPath("StdRegProv"), null);
ManagementBaseObject inParams_reg = registry.GetMethodParameters("EnumKey");
inParams_reg["hDefKey"] = 0x80000002;//HKEY_LOCAL_MACHINE
inParams_reg["sSubKeyName"] = softwareRegLoc;
// Read Registry Key Names
ManagementBaseObject outParams_reg = registry.InvokeMethod("EnumKey", inParams_reg, null);
string[] programGuids = outParams_reg["sNames"] as string[];
foreach (string subKeyName in programGuids)
{
inParams_reg = registry.GetMethodParameters("GetStringValue");
inParams_reg["sSubKeyName"] = softwareRegLoc + @"\" + subKeyName;
inParams_reg["sValueName"] = "DisplayName";
// Read Registry Value
outParams_reg = registry.InvokeMethod("GetStringValue", inParams_reg, null);
if (outParams_reg.Properties["sValue"].Value != null)
{
string softwareName = outParams_reg.Properties["sValue"].Value.ToString();
programs.Add(softwareName);
}
}
if (programs.Any(sublist => sublist.Contains("Microsoft Dynamics AX 2009")))
{
Programms.Content = "Axapta" + " установлена";
}
else
{
Programms.Content = "Axapta" + " не установлена";
}
if (programs.Any(sublist => sublist.Contains("DIRECTUM 5.7")))
{
Programms.Content += "\n" + "DIRECTUM 5.7" + " установлен";
}
else
{
Programms.Content += "\n" + "DIRECTUM 5.7" + " не установлен";
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
public static string Dig(bool isHighIntegrity)
{
string findings = "";
if (isHighIntegrity)
{
foreach (string sid in Registry.Users.GetSubKeyNames())
{
Regex regex = new Regex(@"^S-1-5-21-[\d\-]+$");
if (regex.IsMatch(sid))
{
RegistryKey sessions = Registry.Users.OpenSubKey(sid + @"\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions");
if (sessions != null)
{
if (sessions.SubKeyCount > 0)
{
string user = new SecurityIdentifier(sid).Translate(typeof(NTAccount)).ToString();
object useMasterPassword = Registry.Users.OpenSubKey(sid + @"\SOFTWARE\Martin Prikryl\WinSCP 2\Configuration\Security").GetValue("UseMasterPassword");
findings += string.Format("\n# ---- WinSCP sessions of user {0} ---- #\n", user.Split('\\')[1]);
foreach (string session in sessions.GetSubKeyNames())
{
object hostname = sessions.OpenSubKey(session).GetValue("HostName");
if (hostname != null)
{
object port = sessions.OpenSubKey(session).GetValue("PortNumber");
if (port != null)
{
findings += string.Format("|\n| Server : {0}:{1}\n", hostname.ToString(), Convert.ToInt32(port));
}
else
{
findings += string.Format("|\n| Server : {0}\n", hostname.ToString());
}
object username = sessions.OpenSubKey(session).GetValue("UserName");
if (username != null)
{
findings += string.Format("| Username : {0}\n", username.ToString());
}
object password = sessions.OpenSubKey(session).GetValue("Password");
if (password != null)
{
if (Convert.ToInt32(useMasterPassword) == 0)
{
findings += string.Format("| Password : {0}\n", Decrypt(hostname.ToString(), username.ToString(), password.ToString()));
}
else
{
findings += "| Password : Saved in session, but master password prevents plaintext recovery\n";
}
}
}
}
findings += "|\n# ---- #\n";
}
}
}
}
}
else
{
RegistryKey sessions = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Martin Prikryl\WinSCP 2\Sessions");
if (sessions != null)
{
if (sessions.SubKeyCount > 0)
{
findings += "\n# ---- WinSCP sessions ---- #\n";
object useMasterPassword = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Martin Prikryl\WinSCP 2\Configuration\Security").GetValue("UseMasterPassword");
foreach (string session in sessions.GetSubKeyNames())
{
object hostname = sessions.OpenSubKey(session).GetValue("HostName");
if (hostname != null)
{
object port = sessions.OpenSubKey(session).GetValue("PortNumber");
if (port != null)
{
findings += string.Format("|\n| Server : {0}:{1}\n", hostname.ToString(), Convert.ToInt32(port));
}
else
{
findings += string.Format("|\n| Server : {0}\n", hostname.ToString());
}
object username = sessions.OpenSubKey(session).GetValue("UserName");
if (username != null)
{
findings += string.Format("| Username : {0}\n", username.ToString());
}
object password = sessions.OpenSubKey(session).GetValue("Password");
if (password != null)
{
if (Convert.ToInt32(useMasterPassword) == 0)
{
findings += string.Format("| Password : {0}\n", Decrypt(hostname.ToString(), username.ToString(), password.ToString()));
}
else
{
findings += "| Password : Saved in session, but master password prevents plaintext recovery\n";
}
}
}
}
findings += "|\n# ---- #\n";
}
}
}
return(findings);
}
public static string Dig(bool isHighIntegrity)
{
string findings = "";
if (isHighIntegrity)
{
foreach (string sid in Registry.Users.GetSubKeyNames())
{
Regex regex = new Regex(@"^S-1-5-21-[\d\-]+$");
if (regex.IsMatch(sid))
{
RegistryKey sessions = Registry.Users.OpenSubKey(sid + @"\SOFTWARE\SimonTatham\PuTTY\Sessions");
if (sessions != null)
{
if (sessions.SubKeyCount > 0)
{
string user = new SecurityIdentifier(sid).Translate(typeof(NTAccount)).ToString();
findings += string.Format("\n# ---- PuTTY sessions of user {0} ---- #\n", user.Split('\\')[1]);
foreach (string sessionName in sessions.GetSubKeyNames())
{
findings += string.Format("|\n| Session : {0}\n", Uri.UnescapeDataString(sessionName));
RegistryKey session = sessions.OpenSubKey(sessionName);
string hostname = session.GetValue("HostName").ToString();
object port = session.GetValue("PortNumber");
if (hostname.Contains("@"))
{
findings += string.Format("| Server : {0}:{1}\n", hostname.Split('@')[1], Convert.ToInt32(port));
findings += string.Format("| Username : {0}\n", hostname.Split('@')[0]);
}
else
{
findings += string.Format("| Server : {0}:{1}\n", hostname, Convert.ToInt32(port));
string username = session.GetValue("UserName").ToString();
if (!string.IsNullOrEmpty(username))
{
findings += string.Format("| Username : {0}\n", username);
}
}
}
findings += "|\n# ---- #\n";
}
}
}
}
}
else
{
RegistryKey sessions = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\SimonTatham\PuTTY\Sessions");
if (sessions != null)
{
if (sessions.SubKeyCount > 0)
{
findings += "\n# ---- PuTTY sessions ---- #\n";
foreach (string sessionName in sessions.GetSubKeyNames())
{
findings += string.Format("|\n| Session : {0}\n", Uri.UnescapeDataString(sessionName));
RegistryKey session = sessions.OpenSubKey(sessionName);
string hostname = session.GetValue("HostName").ToString();
object port = session.GetValue("PortNumber");
if (hostname.Contains("@"))
{
findings += string.Format("| Server : {0}:{1}\n", hostname.Split('@')[1], Convert.ToInt32(port));
findings += string.Format("| Username : {0}\n", hostname.Split('@')[0]);
}
else
{
findings += string.Format("| Server : {0}:{1}\n", hostname, Convert.ToInt32(port));
string username = session.GetValue("UserName").ToString();
if (!string.IsNullOrEmpty(username))
{
findings += string.Format("| Username : {0}\n", username);
}
}
}
findings += "|\n# ---- #\n";
}
}
}
return(findings);
}
public static string Dig(bool isHighIntegrity)
{
string findings = "";
if (isHighIntegrity)
{
foreach (string sid in Registry.Users.GetSubKeyNames())
{
Regex regex = new Regex(@"^S-1-5-21-[\d\-]+$");
if (regex.IsMatch(sid))
{
RegistryKey servers = Registry.Users.OpenSubKey(sid + @"\SOFTWARE\Microsoft\Terminal Server Client\Servers");
if (servers != null)
{
if (servers.SubKeyCount > 0)
{
string user = new SecurityIdentifier(sid).Translate(typeof(NTAccount)).ToString();
findings += string.Format("\n# ---- RDP sessions of user {0} ---- #\n", user.Split('\\')[1]);
foreach (string server in servers.GetSubKeyNames())
{
findings += string.Format("|\n| Server : {0}\n", server);
findings += string.Format("| Username : {0}\n", servers.OpenSubKey(server).GetValue("UsernameHint").ToString());
}
findings += "|\n# ---- #\n";
}
}
}
}
}
else
{
RegistryKey servers = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Microsoft\Terminal Server Client\Servers");
if (servers != null)
{
if (servers.SubKeyCount > 0)
{
findings += "\n# ---- RDP sessions ---- #\n";
foreach (string server in servers.GetSubKeyNames())
{
findings += string.Format("|\n| Server : {0}\n", server);
findings += string.Format("| Username : {0}\n", servers.OpenSubKey(server).GetValue("UsernameHint").ToString());
}
findings += "|\n# ---- #\n";
}
}
}
return(findings);
}
