public void Execute(string command)
{
string applicationName = $"cmd.exe {command}";
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
protected void OnStart(string[] args)
{
// the name of the application to launch;
// to launch an application using the full command path simply escape
// the path with quotes, for example to launch firefox.exe:
// String applicationName = "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\"";
String applicationName = "cmd.exe";
// launch the application
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(applicationName, out procInfo);
}
public void ProcessIFValidRequest(System.Data.DataTable Data)
{
try
{
string workstation, apppath, appname, tokentocompare;
DateTime date = DateTime.Now;
string salt = "SerenityNow1972";
string sep = "<>";
string input = "";
string MyToken = "";
string ProgramHash = "";
StringBuilder sb = null;
System.Collections.Generic.List <string> vals;
foreach (System.Data.DataRow row in Data.Rows)
{
sb = new StringBuilder();
vals = new System.Collections.Generic.List <string>();
vals.Add(salt);
NRCAN_UserID = row["Username"].ToString();
vals.Add(NRCAN_UserID);
workstation = row["Workstation"].ToString();
vals.Add(workstation);
apppath = row["AppPath"].ToString();
vals.Add(apppath);
date = DateTime.Parse(row["RequestedDate"].ToString());
string reqdate = date.ToString("yyyy-MM-dd HH:mm:ss");
vals.Add(reqdate);
appname = row["AppName"].ToString();
id = row["id"].ToString();
WriteToFile("Processing Request " + id);
AddDebugLogs(connection, Logs.debug, "Processing request " + id + " on " + workstation);
sb.Append("Username: "******", Workstation: " + workstation);
sb.Append(", Application Name: " + appname);
sb.Append(", Application Path: " + apppath);
sb.Append(", Requested Date: " + reqdate);
input = string.Join(sep, vals);
sb.Append(", MD5 Hash Algorithm Value: " + input);
MyToken = MD5(input);
sb.Append(", MD5 Hash Value: " + MyToken);
tokentocompare = row["token"].ToString();
sb.Append(", Token In Database: " + tokentocompare);
//GET THE HASH OF PROGRAM
ProgramHash = GetSHAHashFromFile(apppath);
sb.Append(", SHA256 Hash: " + ProgramHash);
//CHECK THAT THIS PROGRAM HASH DOESN'T MATCH THE BLACK LISTED HASH
BlackListedHashes program = BLPrograms.Find((x => x.SHA256Hash.Equals(ProgramHash)));
//NULL MEANS GOOD ELSE POSSIBLE HACK ATTEMP
if (program == null)
{
sb.Append(", Message: Successful validation against blacklisted program hashes");
//IF TOKEN MATCHD THEN GO AHEAD AND ELEVATE THE PROCESS, ELSE DIDN'T MATCH PROBABLY AN HACK ATTEMPT OR SOME OTHER ERROR HAPPENED
if (MyToken.Equals(tokentocompare))
{
sb.Append(", Message: MD5 hash validation was successful");
// launch the application
ApplicationLoader.PROCESS_INFORMATION procInfo;
ApplicationLoader.StartProcessAndBypassUAC(apppath, out procInfo);
//ONCE THE APPLICATIOIN HAS BEEN LAUNCHED UPDATE THE RECORD
string query = "Update ElevateProcess Set Status = 'closed' where id = " + id;
command = new MySqlCommand(query, connection);
command.ExecuteNonQuery();
AddLogs(connection, Logs.info, id, " process spawned successfully on " + workstation);
WriteToFile("Request " + id.ToLower() + " Successfully processed");
connection.Close();
break;
}
else
{
sb.Append(", Message: MD5 hash validation failed");
MD5HashNotFound = true;
AddLogs(connection, Logs.error, id, "MD5 hash mismatch (possible hack attempt), Client Name: " + NRCAN_UserID + " , Application Name: " + appname + " , Application Path: " + apppath);
break;
}
}
else
{
sb.Append(", Message: SHA256 validation failed, this is a blacklisted application");
BlackListedAppRequested = true;
AddLogs(connection, Logs.error, id, "Client " + NRCAN_UserID + " requested a black listed app, Application Name: " + appname + " , Application Path: " + apppath);
break;
}
}
//ADD DEBUG INFO
if (debug && sb != null)
{
AddLogs(connection, Logs.debug, id, sb.ToString());
}
}
catch (Exception ex)
{
AddLogs(connection, Logs.error, id, ex.Message);
WriteToFile(ex.Message);
}
}