예제 #1
0
        internal static bool CHECK_File_Encrypted(string FilePath)
        {
            try
            {
                FileInfo fi    = new FileInfo(FilePath);
                string   Check = File.ReadAllText(FilePath);

                if ((Check.Any(s => Crypto_Operation.Common_Encrypted_Chars.Contains(s)) && Check.Any(s => s >= 128)) && fi.Attributes.HasFlag(FileAttributes.Encrypted))
                {
                    return(true);//File Encrypted
                }
                else
                {
                    if ((Check.Any(s => Crypto_Operation.Common_Encrypted_Chars.Contains(s)) && Check.Any(s => s >= 128)) && fi.Attributes.HasFlag(FileAttributes.Encrypted) == false)
                    {
                        File.Encrypt(FilePath);
                        return(true);//File needed encrypted attrib and was encrypted
                    }
                    else
                    {
                        return(false);//File not encrypted
                    }
                }
            }
            catch (Exception e)
            {
                bool FileExists = File_Operation.CHECK_if_File_Exists(FilePath);
                if (FileExists == true && e.Message.Contains("Access to the path") && e.Message.Contains("denied"))
                {
                    File_Operation.DELETE_File(FilePath);
                }
                Error_Operation.Log_Error("CHECK_File_Encrypted()", e.Message.ToString() + ". Is file on disk check=" + FileExists.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose);
                return(false);//File NOT Encrypted
            }
        }
예제 #2
0
        internal static string Decrypt_File_Contents(string InputEncryptedFilePath, bool ReWriteDecryptedFile = true)
        {
            string       plaintext = null;
            CryptoStream csDecrypt = null;

            try
            {
                using (Aes AES = Aes.Create())
                {
                    AES.KeySize   = AES256KeySize;
                    AES.BlockSize = 128;
                    AES.Padding   = PaddingMode.PKCS7;

                    var key = new Rfc2898DeriveBytes(CONVERT_To_UTF8_Bytes(GET_Password()), CONVERT_To_UTF8_Bytes(SALT), 50000);
                    AES.Key = key.GetBytes(AES.KeySize / 8);
                    AES.IV  = key.GetBytes(AES.BlockSize / 8);

                    ICryptoTransform decryptor = AES.CreateDecryptor(AES.Key, AES.IV);

                    using (MemoryStream msDecrypt = new MemoryStream(File.ReadAllBytes(InputEncryptedFilePath)))
                    {
                        using (csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                        {
                            using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                            {
                                try
                                {
                                    plaintext = srDecrypt.ReadToEnd();
                                }
                                catch (Exception e)
                                {
                                    File_Operation.DELETE_File(InputEncryptedFilePath);
                                    File_Operation.WRITE_Default_Critical_Files();
                                }
                            }
                            csDecrypt = null;
                        }
                    }
                }
                if (ReWriteDecryptedFile)
                {
                    File_Operation.Turnicate_File(InputEncryptedFilePath);
                }
            }
            finally
            {
                if (csDecrypt != null)
                {
                    csDecrypt.Dispose();
                }
            }
            return(plaintext);
        }
예제 #3
0
 internal static void UPDATE_Local_Config_With_Central_Config(string WebPath, string LocalPath, string FileName)
 {
     if (string.IsNullOrEmpty(Central_Config_File_Web_Cache))
     {
         File_Operation.DELETE_File(LocalPath);    //remove old config file
         Wclient.DownloadFile(WebPath, LocalPath); //if match read local files
     }
     else
     {
         File_Operation.DELETE_File(LocalPath);//remove old config file
         File_Operation.APPEND_AllTXT(LocalPath, Central_Config_File_Web_Cache);
     }
     Error_Operation.Log_Error("GET_Central_Config_File()", "Updated " + FileName + " from " + WebPath + ". It was downloaded to " + LocalPath, "", Error_Operation.LogSeverity.Verbose, Error_Operation.EventID.SWELF_Central_Config_Changed);//log change
     if (File_Operation.CHECK_File_Encrypted(LocalPath) == false)
     {
         Crypto_Operation.Secure_File(LocalPath);
     }
 }
예제 #4
0
파일: Settings.cs 프로젝트: Gh0st0ne/SWELF
 private static void RUN_Thread_Whitelist_SearchFile()
 {
     if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents))//use reg
     {
         READ_WhiteList_Search_Terms_File(Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents));
     }
     else if (File_Operation.CHECK_if_File_Exists(GET_WhiteList_SearchTermsFile_Path))//no reg, look for file
     {
         READ_WhiteList_Search_Terms_File(File_Operation.READ_AllText(GET_WhiteList_SearchTermsFile_Path));
         File_Operation.DELETE_File(GET_WhiteList_SearchTermsFile_Path);
     }
     else//no file, no reg, Create Default then load it into the reg to use later
     {
         File_Operation.VERIFY_Search_Default_Files_Ready();
         READ_WhiteList_Search_Terms_File(File_Operation.READ_AllText(GET_WhiteList_SearchTermsFile_Path));
         Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents, File_Operation.READ_AllText(GET_WhiteList_SearchTermsFile_Path));
     }
     ++ThreadsDone_Setup;
 }
예제 #5
0
파일: Settings.cs 프로젝트: Gh0st0ne/SWELF
 private static void RUN_Thread_Plugins()
 {
     if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents))//use reg
     {
         READ_Powershell_SearchTerms(Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents));
     }
     else if (File_Operation.CHECK_if_File_Exists(Settings.GET_SearchTermsFile_PLUGIN_Path))//no reg, look for file
     {
         READ_Powershell_SearchTerms(File_Operation.READ_AllText(GET_SearchTermsFile_PLUGIN_Path));
         File_Operation.DELETE_File(GET_SearchTermsFile_PLUGIN_Path);
     }
     else//no file, no reg, Create Default then load it into the reg to use later
     {
         File_Operation.VERIFY_Search_Default_Files_Ready();
         File_Operation.GET_Plugin_Scripts_Ready();
         READ_Powershell_SearchTerms(File_Operation.READ_AllText(GET_SearchTermsFile_PLUGIN_Path));
         Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents, File_Operation.READ_AllText(GET_SearchTermsFile_PLUGIN_Path));
     }
     ++ThreadsDone_Setup;
 }
예제 #6
0
        internal static void SEND_Errors_To_Central_Location()
        {
            try
            {
                string[] Errors = File.ReadAllLines(Settings.GET_ErrorLog_Location);

                if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false)
                {
                    for (int x = 0; x < Errors.Length; ++x)
                    {
                        Settings.Logs_Sent_to_ALL_Collectors = Log_Network_Forwarder.SEND_Logs(Errors[x], Settings.GET_ErrorLog_Location, true);
                    }
                    if (Settings.Logs_Sent_to_ALL_Collectors && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) || Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15]))
                    {
                        File_Operation.DELETE_File(Settings.GET_ErrorLog_Location);
                        File.Create(Settings.GET_ErrorLog_Location).Close();
                    }
                }
            }
            catch (Exception e)
            {
                Settings.Log_Storage_Location_Unavailable("SEND_Errors_To_Central_Location() " + e.Message.ToString());
            }
        }
예제 #7
0
파일: Settings.cs 프로젝트: Gh0st0ne/SWELF
        private static void RUN_Setup_AppConfig()
        {
            if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents))//use reg
            {
                READ_and_Parse_Console_App_Config_Contents(Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents));
            }
            else if (File_Operation.CHECK_if_File_Exists(GET_AppConfigFile_Path))//no reg, look for file
            {
                READ_and_Parse_Console_App_Config_Contents(File_Operation.READ_AllText(GET_AppConfigFile_Path));
                File_Operation.DELETE_File(GET_AppConfigFile_Path);
            }
            else//no file, no reg, Create Default then load it into the reg to use later
            {
                File_Operation.VERIFY_AppConfig_Default_Files_Ready();
                READ_and_Parse_Console_App_Config_Contents(File_Operation.READ_AllText(GET_AppConfigFile_Path));
                Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, File_Operation.READ_AllText(GET_AppConfigFile_Path));
            }

            //Check for CENTRAL CONFIG's, if yes check for update, update if needed.
            //Appconfig
            if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[7]))//arg for central app config
            {
                if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents) == false)
                {
                    Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, "");
                }
                if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[7]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents)) == false)
                {
                    if (Web_Operation.Connection_Successful)
                    {
                        Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[7]].ToString()));
                        Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config ConsoleAppConfig_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
                    }
                }
            }
            //Searchterms
            if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[6]))//arg for central search config
            {
                if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.SearchTerms_File_Contents) == false)
                {
                    Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.SearchTerms_File_Contents, "");
                }
                if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[6]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.SearchTerms_File_Contents)) == false)
                {
                    if (Web_Operation.Connection_Successful)
                    {
                        Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.SearchTerms_File_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[6]].ToString()));
                        Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config SearchTerms_File_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
                    }
                }
            }
            //Whitelist
            if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[9]))//arg for central search config
            {
                if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents) == false)
                {
                    Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents, "");
                }
                if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[9]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents)) == false)
                {
                    if (Web_Operation.Connection_Successful)
                    {
                        Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[9]].ToString()));
                        Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config WhiteList_SearchTerms_File_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
                    }
                }
            }
            //Powershell plugin
            if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[8]))//arg for central search config
            {
                if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents) == false)
                {
                    Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents, "");
                }
                if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[8]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents)) == false)
                {
                    if (Web_Operation.Connection_Successful)
                    {
                        Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[8]].ToString()));
                        Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config PLUGIN_SearchTerms_File_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
                    }
                }
            }
            Log_Forwarders_HostNames = GET_LogCollector_Locations();//GatherLog Collector Locations
            ++ThreadsDone_Setup;
            if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[16]))
            {
                Logging_Level_To_Report = "verbose";
            }
        }