예제 #1
0
        //From SharpView
        public static void FindLocalAdminAccess(Computer computer)
        {
            var Handle = WinAPI.OpenSCManagerW($@"\\" + computer.Fqdn, "ServicesActive", 0xF003F);


            var errorCode = Marshal.GetLastWin32Error();

            if (Handle != IntPtr.Zero)
            {
                WinAPI.CloseServiceHandle(Handle);
                DateTime dtime = DateTime.Now;
                Console.WriteLine("{0}[{1}] {2} is a local admin on {3}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), Environment.UserName, computer.Fqdn);
            }
            else
            {
                DateTime dtime = DateTime.Now;
                if (errorCode == 5)
                {
                    Console.WriteLine("{0}[{1}] {2} is not a local admin on {3}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), Environment.UserName, computer.Fqdn);
                }
                else
                {
                    Console.WriteLine("{0}[{1}] Could not confirm if {2} is local admin on {3}. Error Code:{4}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), Environment.UserName, computer.Fqdn, errorCode);
                }
            }
        }
예제 #2
0
        public static void CreateServiceApi(string log, Lib.Logger logger, bool cleanup)
        {
            var scmHandle = WinAPI.OpenSCManager(null, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);

            if (scmHandle == IntPtr.Zero)
            {
                DateTime dtime = DateTime.Now;
                int      err   = Marshal.GetLastWin32Error();
                //Console.WriteLine("{0}[{1}] Could not obtain a handle to SCM on {2}. Not an admin ?", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                return;
            }
            string servicePath     = @"C:\Windows\Temp\superlegit.exe";  // A path to some running service now
            string serviceName     = "UpdaterService";
            string serviceDispName = "Super Legit Update Service";

            IntPtr svcHandleCreated = IntPtr.Zero;
            int    createdErr       = 0;
            bool   created          = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);

            if (created)
            {
                //DateTime dtime = DateTime.Now;
                logger.TimestampInfo(String.Format("Successfully created Service: {0} ImagePath: {1} using CreateService", serviceName, servicePath));
                //Console.WriteLine("{0}[{1}] Successfully created a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);

                if (cleanup)
                {
                    IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
                    bool   deletedService  = WinAPI.DeleteService(svcHandleOpened);
                    logger.TimestampInfo(String.Format("Deleted Service: {0} ImagePath: {1} with DeleteService", serviceName, servicePath));
                    WinAPI.CloseServiceHandle(svcHandleOpened);
                }
                else
                {
                    logger.TimestampInfo(String.Format("The created Service: {0} ImagePath: {1} was not deleted as part of the simulation", serviceName, servicePath));
                }
            }
            else
            {
                logger.TimestampInfo("Could not create Service. Error Code: " + createdErr);
            }

            /*
             * if (!created)
             * {
             *  if (createdErr == 1073)
             *  {
             *      // Error: "The specified service already exists"
             *
             *      IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
             *
             *      if (svcHandleOpened != IntPtr.Zero)
             *      {
             *          bool deletedService = WinAPI.DeleteService(svcHandleOpened);
             *          WinAPI.CloseServiceHandle(svcHandleOpened);
             *
             *          if (deletedService)
             *          {
             *              // Try to create it again:
             *              bool created2 = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
             *              if (created2)
             *              {
             *                  DateTime dtime = DateTime.Now;
             *                  Console.WriteLine("{0}[{1}] Successfully deleted and recreated a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
             *                  //throw new Win32Exception(createdErr);
             *
             *                  if (cleanup)
             *                  {
             *                      IntPtr svcHandleOpened2 = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
             *                      bool deletedService2 = WinAPI.DeleteService(svcHandleOpened2);
             *                      WinAPI.CloseServiceHandle(svcHandleOpened2);
             *
             *                  }
             *
             *              }
             *          }
             *          else
             *          {
             *              DateTime dtime = DateTime.Now;
             *              Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
             *
             *              // Service was successfully opened, but unable to delete the service
             *          }
             *      }
             *      else
             *      {
             *          // Unable to open that service name w/ All Access
             *          DateTime dtime = DateTime.Now;
             *          Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
             *          int openErr = Marshal.GetLastWin32Error();
             *          //throw new Win32Exception(openErr);
             *      }
             *
             *  }
             *  else
             *  {
             *      // Some other serice creation error than it already existing
             *      DateTime dtime = DateTime.Now;
             *      Console.WriteLine("{0}[{1}] Failed to create service on {2}. ", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
             *      //throw new Win32Exception(createdErr);
             *  }
             * }
             */
        }
예제 #3
0
        public static void CreateRemoteServiceApi(Computer computer, PlaybookTask playbook_task, Logger logger)
        {
            var scmHandle  = IntPtr.Zero;
            int createdErr = 0;

            if (!computer.Fqdn.Equals(""))
            {
                scmHandle = WinAPI.OpenSCManager(computer.Fqdn, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
            }
            else if (!computer.ComputerName.Equals(""))
            {
                scmHandle = WinAPI.OpenSCManager(computer.ComputerName, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
            }
            else
            {
                scmHandle = WinAPI.OpenSCManager(computer.IPv4, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
            }

            if (scmHandle == IntPtr.Zero)
            {
                createdErr = Marshal.GetLastWin32Error();
                logger.TimestampInfo(String.Format("Could not obtain a handle to the Service Control Manager on {0}.", computer.Fqdn));
                throw new Win32Exception(createdErr);
            }

            IntPtr svcHandleCreated = IntPtr.Zero;
            bool   created          = CreateService(scmHandle, playbook_task.servicePath, playbook_task.serviceName, playbook_task.serviceName, out svcHandleCreated, out createdErr);;

            if (created)
            {
                logger.TimestampInfo(String.Format("Created service '{0}' on {1} with 'CreateService' Win32 API", playbook_task.serviceName, computer.ComputerName));

                WinAPI.StartService(svcHandleCreated, 0, null);
                logger.TimestampInfo(String.Format("Service '{0}' started on {1} with 'StartService' Win32 API", playbook_task.serviceName, computer.ComputerName));

                if (playbook_task.cleanup)
                {
                    IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, playbook_task.serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
                    bool   deletedService  = WinAPI.DeleteService(svcHandleOpened);
                    logger.TimestampInfo(String.Format("Deleted service '{0}' on {1} with 'DeleteService' Win32API", playbook_task.serviceName, computer.ComputerName));
                    WinAPI.CloseServiceHandle(svcHandleOpened);
                }
                else
                {
                    logger.TimestampInfo(String.Format("The created Service: {0} was not deleted on {1} as part of the simulation", playbook_task.serviceName, computer.ComputerName));
                }
            }

            else
            {
                // service was not created

                if (createdErr == 1073)
                {
                    // Error: "The specified service already exists"
                    logger.TimestampInfo(String.Format("Failed to create service {0} on {1}. Service already exists", playbook_task.serviceName, computer.ComputerName));
                }
                else
                {
                    // Some other serice creation error
                    logger.TimestampInfo(String.Format("Failed to create service {0} on {1}.", playbook_task.serviceName, computer.ComputerName));
                    throw new Win32Exception(createdErr);
                }
            }
            WinAPI.CloseServiceHandle(svcHandleCreated);
            WinAPI.CloseServiceHandle(scmHandle);
        }
예제 #4
0
        // From https://stackoverflow.com/questions/23481394/programmatically-install-windows-service-on-remote-machine
        // and https://stackoverflow.com/questions/37983453/how-to-deploy-windows-service-on-remote-system-using-c-sharp-programatically
        public static void CreateRemoteServiceApi_Old(Computer computer, bool cleanup, Lib.Logger logger)
        {
            //var scmHandle = WinAPI.OpenSCManager(computer.Fqdn, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
            var scmHandle = WinAPI.OpenSCManager(computer.ComputerName, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);

            if (scmHandle == IntPtr.Zero)
            {
                DateTime dtime = DateTime.Now;
                int      err   = Marshal.GetLastWin32Error();
                logger.TimestampInfo(String.Format("Could not obtain a handle to the Service Control Manager on {0}.", computer.Fqdn));
                throw new Exception();
            }
            string servicePath     = @"C:\Windows\Temp\superlegit.exe";  // A path to some running service now
            string serviceName     = "UpdaterService";
            string serviceDispName = "Super Legit Update Service";

            IntPtr svcHandleCreated = IntPtr.Zero;
            int    createdErr       = 0;
            bool   created          = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);

            if (created)
            {
                DateTime dtime = DateTime.Now;
                logger.TimestampInfo(String.Format("Created service '{0}' on {1} with 'CreateService' Win32 API", serviceName, computer.ComputerName));

                if (cleanup)
                {
                    IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
                    bool   deletedService  = WinAPI.DeleteService(svcHandleOpened);
                    logger.TimestampInfo(String.Format("Deleted service '{0}' on {1} with 'DeleteService' Win32API", serviceName, computer.ComputerName));
                    WinAPI.CloseServiceHandle(svcHandleOpened);
                }
                else
                {
                    logger.TimestampInfo(String.Format("The created Service: {0} was not deleted on {1} as part of the simulation", serviceName, computer.ComputerName));
                }
            }

            else
            {
                // service was not created
                if (createdErr == 1073)
                {
                    // Error: "The specified service already exists"

                    IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);

                    if (svcHandleOpened != IntPtr.Zero)
                    {
                        bool deletedService = WinAPI.DeleteService(svcHandleOpened);
                        WinAPI.CloseServiceHandle(svcHandleOpened);

                        if (deletedService)
                        {
                            // Try to create it again:
                            bool created2 = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
                            if (created2)
                            {
                                DateTime dtime = DateTime.Now;
                                Console.WriteLine("{0}[{1}] Successfully deleted and recreated a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                                //throw new Win32Exception(createdErr);

                                if (cleanup)
                                {
                                    IntPtr svcHandleOpened2 = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
                                    bool   deletedService2  = WinAPI.DeleteService(svcHandleOpened2);
                                    WinAPI.CloseServiceHandle(svcHandleOpened2);
                                }
                            }
                        }
                        else
                        {
                            DateTime dtime = DateTime.Now;
                            Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);

                            // Service was successfully opened, but unable to delete the service
                        }
                    }
                    else
                    {
                        // Unable to open that service name w/ All Access
                        DateTime dtime = DateTime.Now;
                        Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                        int openErr = Marshal.GetLastWin32Error();
                        //throw new Win32Exception(openErr);
                    }
                }
                else
                {
                    // Some other serice creation error than it already existing
                    DateTime dtime = DateTime.Now;
                    Console.WriteLine("{0}[{1}] Failed to create service on {2}. ", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                    //throw new Win32Exception(createdErr);
                }
            }


            WinAPI.StartService(svcHandleCreated, 0, null);


            WinAPI.CloseServiceHandle(svcHandleCreated);
            WinAPI.CloseServiceHandle(scmHandle);
        }
예제 #5
0
        // From https://stackoverflow.com/questions/23481394/programmatically-install-windows-service-on-remote-machine
        public static void CreateRemoteService(Computer computer, bool cleanup)
        {
            var scmHandle = WinAPI.OpenSCManager(computer.Fqdn, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);

            if (scmHandle == IntPtr.Zero)
            {
                DateTime dtime = DateTime.Now;
                int      err   = Marshal.GetLastWin32Error();
                Console.WriteLine("{0}[{1}] Could not obtain a handle to SCM on {2}. Not an admin ?", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                return;
            }
            string servicePath     = @"C:\Windows\Temp\superlegit.exe";  // A path to some running service now
            string serviceName     = "UpdaterService";
            string serviceDispName = "Super Legit Update Service";

            IntPtr svcHandleCreated = IntPtr.Zero;
            int    createdErr       = 0;
            bool   created          = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);

            if (created)
            {
                DateTime dtime = DateTime.Now;
                Console.WriteLine("{0}[{1}] Successfully created a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);

                if (cleanup)
                {
                    IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
                    bool   deletedService  = WinAPI.DeleteService(svcHandleOpened);
                    WinAPI.CloseServiceHandle(svcHandleOpened);
                }
            }

            if (!created)
            {
                if (createdErr == 1073)
                {
                    // Error: "The specified service already exists"

                    IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);

                    if (svcHandleOpened != IntPtr.Zero)
                    {
                        bool deletedService = WinAPI.DeleteService(svcHandleOpened);
                        WinAPI.CloseServiceHandle(svcHandleOpened);

                        if (deletedService)
                        {
                            // Try to create it again:
                            bool created2 = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
                            if (created2)
                            {
                                DateTime dtime = DateTime.Now;
                                Console.WriteLine("{0}[{1}] Successfully deleted and recreated a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                                //throw new Win32Exception(createdErr);

                                if (cleanup)
                                {
                                    IntPtr svcHandleOpened2 = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
                                    bool   deletedService2  = WinAPI.DeleteService(svcHandleOpened2);
                                    WinAPI.CloseServiceHandle(svcHandleOpened2);
                                }
                            }
                        }
                        else
                        {
                            DateTime dtime = DateTime.Now;
                            Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);

                            // Service was successfully opened, but unable to delete the service
                        }
                    }
                    else
                    {
                        // Unable to open that service name w/ All Access
                        DateTime dtime = DateTime.Now;
                        Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                        int openErr = Marshal.GetLastWin32Error();
                        //throw new Win32Exception(openErr);
                    }
                }
                else
                {
                    // Some other serice creation error than it already existing
                    DateTime dtime = DateTime.Now;
                    Console.WriteLine("{0}[{1}] Failed to create service on {2}. ", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
                    //throw new Win32Exception(createdErr);
                }
            }


            WinAPI.StartService(svcHandleCreated, 0, null);


            WinAPI.CloseServiceHandle(svcHandleCreated);
            WinAPI.CloseServiceHandle(scmHandle);
        }