/// <summary> /// 유해 사이트 노출 점검 /// </summary> /// <param name="item"></param> public static void Diagnosis_MA_003(CheckItem item) { string output = GreyCommand.GetOutputFile("MA-002", "util1"); var reports = GreyXML.GetChormeCacheXmlOutput(output); string output2 = GreyCommand.GetOutputFile("MA-002", "util2"); var reports2 = GreyXML.GetIeCacheOutput(output2); reports.Concat(reports2); List <string> blacklist = new List <string>(); int count = 0; foreach (var elem in reports) { string host; try { host = (new Uri(elem["url"])).Host; if (blacklist.Contains(host)) { item.Proofs.Add(host, "블랙리스트 도메인 접근 확인"); count += 1; } } catch (Exception) { continue; } } if (count > 0) { item.Status = Result.Negative; } else { item.Status = Result.Fulfilled; } // 진단 시작 }
public MainWindow() { InitializeComponent(); GreyUtils.Default(); GreyCommand.Default(); InitializeCheckList(); InitTimer = new Timer(); InitTimer.Interval = 3000; InitTimer.Elapsed += DoItNow; InitTimer.AutoReset = false; InitTimer.Start(); //string value = GreyWnReg.GetRegistryValue("SOFTWARE\\Microsoft\\Internet Explorer", "svcUpdateVersion", GreyWnReg.Hive.LocalMachine); //MessageBox.Show(value); //value = GreyWnReg.GetRegistryValue("SOFTWARE\\Microsoft\\Internet Explorer", "svcKBNumber", GreyWnReg.Hive.LocalMachine); //MessageBox.Show(value); // SOFTWARE\AhnLab\ASPack\9.0\Option\AVMON\ // HKEY_LOCAL_MACHINE\SOFTWARE\AhnLab\ASPack\9.0\ServiceStatus // 레지스트리의 값이 없는 경우도 평가에 넣어야 함 //value = GreyWnReg.GetRegistryValue("SOFTWARE\\AhnLab\\ASPack\\9.0\\Option\\AVMON", "sysmonuse", GreyWnReg.Hive.LocalMachine); //MessageBox.Show(value); // 권한 상승 로직 if (IsAdministrator() == false) { //https://stackoverflow.com/questions/133379/elevating-process-privilege-programmatically // Restart program and run as admin var exeName = System.Diagnostics.Process.GetCurrentProcess().MainModule.FileName; ProcessStartInfo startInfo = new ProcessStartInfo(exeName); startInfo.Verb = "runas"; System.Diagnostics.Process.Start(startInfo); Application.Current.Shutdown(); return; } //var CheckList = ConfigurationManager.AppSettings["Title"]; //GreyUtils.Instance.ExtractExecutable("CheckList.xml"); //string[] arg = GreyCommand.GetCommandLine("util1"); //GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]); //string output = GreyCommand.GetOutputFile("util1"); //var reports = GreyXML.GetXmlOutput(output); //MessageBox.Show(reports[0]["time"]); /* * XElement root = XElement.Load("CheckList.xml"); * * IEnumerable<XElement> util = from el in root.Elements("Item") * where (string)el.Attribute("code") == "MA-001" * select el; * IEnumerable<XElement> util1 = from el in root.Descendants("util") * where (string)el.Attribute("type") == "util1" * select el; * //where (string)el.Attribute("type") == "util1" * //select el; * * foreach(XElement el in util) * { * MessageBox.Show((string)el.Attribute("title")); * MessageBox.Show((string)el.Attribute("code")); * * } * // 명령어 옵션 추출 * foreach (var el in util1) * { * MessageBox.Show(string.Join(" ", (from xl in el.Elements("param") * select (string)xl.Attribute("value")))); * } * * /* * XElement root = XElement.Load("PurchaseOrders.xml"); * IEnumerable<XElement> purchaseOrders = * from el in root.Elements("PurchaseOrder") * where * (from add in el.Elements("Address") * where * (string)add.Attribute("Type") == "Shipping" && * (string)add.Element("State") == "NY" * select add) * .Any() * select el; * foreach (XElement el in purchaseOrders) * Console.WriteLine((string)el.Attribute("PurchaseOrderNumber")); * */ //GreyUtils.Instance.ExtractExecutable("lastactivityview.exe"); //DiagnosticCheckList.ItemsSource = new List<String>{"fy","sadf" }; }
public static void Default() { GreyCommand.Instance = new GreyCommand(); }
/// <summary> /// 방화벽 예외 프로그램 등록 현황 확인 /// </summary> /// <param name="item"></param> public static void Diagnosis_MA_006(CheckItem item) { string[] arg = GreyCommand.GetCommandLine("MA-006", "util1"); GreyUtils.Instance.ExtractExecutable(arg[0]); GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]); string output = GreyCommand.GetOutputFile("MA-006", "util1"); var reports = GreyXML.GetXmlOutput(output); string[] arg2 = GreyCommand.GetCommandLine("MA-006", "util2"); GreyUtils.Instance.ExtractExecutable(arg2[0]); List <string> Dupless = new List <string>(); int count = 0; string[] extension = { "BAT", "BIN", "CMD", "COM", "CPL", "EXE", "GADGET", "INF1", "INS", "INX", "ISU", "JOB", "JSE", "LNK", "MSC", "MSI", "MSP", "MST", "PAF", "PIF", "PS1", "REG", "RGS", "SCR", "SCT", "SHB", "SHS", "U3P", "VB", "VBE", "VBS", "VBSCRIPT", "WS", "WSF", "WSH" }; foreach (var elem in reports) { string filePath = elem["path"]; if (!Dupless.Contains(filePath)) { Dupless.Add(filePath); if (extension.Where(x => filePath.ToLower().EndsWith(x.ToLower())).Count() > 0) { if (File.Exists(filePath)) { if (IsSigned(filePath) == -2146762496) { count += 1; string hash = ""; try { using (var sha256 = SHA256.Create()) { using (var stream = File.OpenRead(filePath)) { byte[] hashValue = sha256.ComputeHash(stream); hash = BitConverter.ToString(hashValue).Replace("-", String.Empty); } } } catch (Exception) { } try { item.Proofs.Add(hash, filePath); } catch (Exception) { } } } } } } if (count > 0) { item.Status = Result.Negative; } else { item.Status = Result.Fulfilled; } }
/// <summary> /// 말버타이징 위험 노출 점검 /// </summary> /// <param name="item"></param> public static void Diagnosis_MA_002(CheckItem item) { // Code 를 통해서 우선 검토 string[] arg = GreyCommand.GetCommandLine("MA-002", "util1"); GreyUtils.Instance.ExtractExecutable(arg[0]); GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg[0], arg[1]); string output = GreyCommand.GetOutputFile("MA-002", "util1"); var reports = GreyXML.GetChormeCacheXmlOutput(output); string[] arg2 = GreyCommand.GetCommandLine("MA-002", "util2"); GreyUtils.Instance.ExtractExecutable(arg2[0]); GreyCommand.ExecutedCallback(Directory.GetCurrentDirectory(), arg2[0], arg2[1]); string output2 = GreyCommand.GetOutputFile("MA-002", "util2"); var reports2 = GreyXML.GetIeCacheOutput(output2); reports.Concat(reports2); int count = 0; int progress = 0; int total = reports.Count; List <string> DuplessHost = new List <string>(); foreach (var elem in reports) { string host; try { host = (new Uri(elem["url"])).Host; progress += 1; item.Progress = "(" + ((int)((float)progress / (float)total * 100)).ToString() + " %) "; } catch (Exception) { continue; } finally { } if (DuplessHost.Contains(host)) { continue; } else { DuplessHost.Add(host); } try { IPHostEntry ip = Dns.GetHostEntry(host); try { item.Proofs[host] = "유효한 도메인 입니다."; } catch (Exception) { } } catch (Exception) { try { item.Proofs[host] = "유효한 도메인이 아닙니다."; count++; } catch (Exception) { } } } item.Progress = ""; if (count > 0) { item.Status = Result.Negative; } else { item.Status = Result.Fulfilled; } }