// the host enumeration block we're using to enumerate all servers private static IEnumerable <UserLocation> _Find_DomainUserLocation(string[] ComputerName, string[] TargetUsers, string CurrentUser, bool Stealth, bool CheckAccess, IntPtr TokenHandle) { var LogonToken = IntPtr.Zero; if (TokenHandle != IntPtr.Zero) { // impersonate the the token produced by LogonUser()/Invoke-UserImpersonation LogonToken = InvokeUserImpersonation.Invoke_UserImpersonation(new Args_Invoke_UserImpersonation { TokenHandle = TokenHandle, Quiet = true }); } var UserLocations = new List <UserLocation>(); foreach (var TargetComputer in ComputerName) { var Up = TestConnection.Ping(TargetComputer, 1); if (Up) { var Sessions = GetNetSession.Get_NetSession(new Args_Get_NetSession { ComputerName = new[] { TargetComputer } }); foreach (var Session in Sessions) { var UserName = Session.UserName; var CName = Session.CName; if (!CName.IsNullOrEmpty() && CName.StartsWith(@"\\")) { CName = CName.TrimStart('\\'); } // make sure we have a result, and ignore computer$ sessions if ((UserName != null) && (UserName.Trim() != "") && (!UserName.IsRegexMatch(CurrentUser)) && (!UserName.IsRegexMatch(@"\$$"))) { if ((TargetUsers == null) || (TargetUsers.Contains(UserName))) { var UserLocation = new UserLocation { UserDomain = null, UserName = UserName, ComputerName = TargetComputer, SessionFrom = CName }; // try to resolve the DNS hostname of $Cname try { var CNameDNSName = System.Net.Dns.GetHostEntry(CName).HostName; UserLocation.SessionFromName = CNameDNSName; } catch { UserLocation.SessionFromName = null; } // see if we're checking to see if we have local admin access on this machine if (CheckAccess) { var Admin = TestAdminAccess.Test_AdminAccess(new Args_Test_AdminAccess { ComputerName = new[] { CName } }).FirstOrDefault(); UserLocation.LocalAdmin = Admin != null ? Admin.IsAdmin : false; } else { UserLocation.LocalAdmin = false; } UserLocations.Add(UserLocation); } } } if (!Stealth) { // if we're not 'stealthy', enumerate loggedon users as well var LoggedOn = GetNetLoggedon.Get_NetLoggedon(new Args_Get_NetLoggedon { ComputerName = new[] { TargetComputer } }); foreach (var User in LoggedOn) { var UserName = User.UserName; var UserDomain = User.LogonDomain; // make sure wet have a result if ((UserName != null) && (UserName.Trim() != "")) { if ((TargetUsers == null) || (TargetUsers.Contains(UserName)) && (!UserName.IsRegexMatch(@"\$$"))) { var IPAddress = ResolveIPAddress.Resolve_IPAddress(new Args_Resolve_IPAddress { ComputerName = new[] { TargetComputer } }).FirstOrDefault()?.IPAddress; var UserLocation = new UserLocation { UserDomain = UserDomain, UserName = UserName, ComputerName = TargetComputer, IPAddress = IPAddress, SessionFrom = null, SessionFromName = null }; // see if we're checking to see if we have local admin access on this machine if (CheckAccess) { var Admin = TestAdminAccess.Test_AdminAccess(new Args_Test_AdminAccess { ComputerName = new[] { TargetComputer } }).FirstOrDefault(); UserLocation.LocalAdmin = Admin.IsAdmin; } else { UserLocation.LocalAdmin = false; } UserLocations.Add(UserLocation); } } } } } } if (TokenHandle != IntPtr.Zero) { InvokeRevertToSelf.Invoke_RevertToSelf(LogonToken); } return(UserLocations); }
public static IEnumerable <ComputerIPAddress> Get_IPAddress(Args_Resolve_IPAddress args = null) { return(ResolveIPAddress.Resolve_IPAddress(args)); }
public static IEnumerable <ComputerSite> Get_NetComputerSiteName(Args_Get_NetComputerSiteName args = null) { if (args == null) { args = new Args_Get_NetComputerSiteName(); } var LogonToken = IntPtr.Zero; if (args.Credential != null) { LogonToken = InvokeUserImpersonation.Invoke_UserImpersonation(new Args_Invoke_UserImpersonation { Credential = args.Credential }); } var ComputerSites = new List <ComputerSite>(); foreach (var item in args.ComputerName) { string IPAddress; var Computer = item; //if we get an IP address, try to resolve the IP to a hostname if (Computer.IsRegexMatch(@"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")) { IPAddress = Computer; Computer = System.Net.Dns.GetHostEntry(Computer).HostName; } else { IPAddress = ResolveIPAddress.Resolve_IPAddress(new Args_Resolve_IPAddress { ComputerName = new[] { Computer } }).First().IPAddress; } var PtrInfo = IntPtr.Zero; var Result = NativeMethods.DsGetSiteName(Computer, out PtrInfo); var ComputerSite = new ComputerSite { ComputerName = Computer, IPAddress = IPAddress }; if (Result == 0) { var Sitename = System.Runtime.InteropServices.Marshal.PtrToStringAuto(PtrInfo); ComputerSite.SiteName = Sitename; } else { Logger.Write_Verbose($@"[Get-NetComputerSiteName] Error: {new System.ComponentModel.Win32Exception((int)Result).Message}"); ComputerSite.SiteName = @""; } // free up the result buffer NativeMethods.NetApiBufferFree(PtrInfo); ComputerSites.Add(ComputerSite); } if (LogonToken != IntPtr.Zero) { InvokeRevertToSelf.Invoke_RevertToSelf(LogonToken); } return(ComputerSites); }