public static IEnumerable <FoundFile> Find_InterestingFile(Args_Find_InterestingFile args = null)
{
if (args == null)
{
args = new Args_Find_InterestingFile();
}
if (args.OfficeDocs)
{
args.Include = new[] { ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx" };
}
else if (args.FreshEXEs)
{
// find .exe's accessed within the last 7 days
args.LastAccessTime = DateTime.Now.Date.AddDays(-7);
args.Include = new[] { ".exe" };
}
var FoundFiles = new List <FoundFile>();
var MappedComputers = new Dictionary <string, bool>();
foreach (var TargetPath in args.Path)
{
if ((TargetPath.IsRegexMatch(@"\\\\.*\\.*")) && (args.Credential != null))
{
var HostComputer = new System.Uri(TargetPath).Host;
if (!MappedComputers[HostComputer])
{
// map IPC$ to this computer if it's not already
AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
ComputerName = new[] { HostComputer }, Credential = args.Credential
});
MappedComputers[HostComputer] = true;
}
}
var files = PathExtension.GetDirectoryFiles(TargetPath, args.Include, SearchOption.AllDirectories);
//var files = Directory.EnumerateFiles(TargetPath, "*.*", SearchOption.AllDirectories)
// .Where(x => args.Include.EndsWith(x, StringComparison.OrdinalIgnoreCase));
foreach (var file in files)
{
var Continue = true;
// check if we're excluding hidden files
if (args.ExcludeHidden)
{
Continue = !File.GetAttributes(file).HasFlag(FileAttributes.Hidden);
}
// check if we're excluding folders
if (args.ExcludeFolders && Directory.Exists(file))
{
Logger.Write_Verbose($@"Excluding: {file}");
Continue = false;
}
if (args.LastAccessTime != null && (File.GetLastAccessTime(file) < args.LastAccessTime.Value))
{
Continue = false;
}
if (args.LastWriteTime != null && (File.GetLastWriteTime(file) < args.LastWriteTime.Value))
{
Continue = false;
}
if (args.CreationTime != null && (File.GetCreationTime(file) < args.CreationTime.Value))
{
Continue = false;
}
if (args.CheckWriteAccess && !Test_Write(file))
{
Continue = false;
}
if (Continue)
{
String owner;
try
{
owner = File.GetAccessControl(file).GetOwner(typeof(SecurityIdentifier)).Translate(typeof(System.Security.Principal.NTAccount)).Value;
}
catch {
owner = "Access was Denied";
}
DateTime lastAccessTime;
try
{
lastAccessTime = File.GetLastAccessTime(file);
}
catch { lastAccessTime = new DateTime(); }
DateTime lastWriteTime;
try
{
lastWriteTime = File.GetLastWriteTime(file);
} catch { lastWriteTime = new DateTime(); }
DateTime creationTime;
try
{
creationTime = File.GetCreationTime(file);
} catch { creationTime = new DateTime(); }
long length;
try
{
length = new FileInfo(file).Length;
}catch { length = 0; }
var FoundFile = new FoundFile
{
Path = file,
Owner = owner,
LastAccessTime = lastAccessTime,
LastWriteTime = lastWriteTime,
CreationTime = creationTime,
Length = length
};
FoundFiles.Add(FoundFile);
}
}
}
// remove the IPC$ mappings
foreach (var key in MappedComputers.Keys)
{
RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
ComputerName = new[] { key }
});
}
return(FoundFiles);
}
public static IEnumerable <FileACL> Get_PathAcl(Args_Get_PathAcl args = null)
{
if (args == null)
{
args = new Args_Get_PathAcl();
}
var ConvertArguments = new Args_ConvertFrom_SID
{
Credential = args.Credential
};
var MappedComputers = new Dictionary <string, bool>();
var FileACLs = new List <FileACL>();
foreach (var TargetPath in args.Path)
{
try
{
if (TargetPath.IsRegexMatch(@"\\\\.*\\.*") && args.Credential != null)
{
var HostComputer = new System.Uri(TargetPath).Host;
if (!MappedComputers[HostComputer])
{
// map IPC$ to this computer if it's not already
AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
ComputerName = new string[] { HostComputer }, Credential = args.Credential
});
MappedComputers[HostComputer] = true;
}
}
FileSystemSecurity ACL;
var attr = File.GetAttributes(TargetPath);
if (attr.HasFlag(FileAttributes.Directory))
{
ACL = Directory.GetAccessControl(TargetPath);
}
else
{
ACL = File.GetAccessControl(TargetPath);
}
var arc = ACL.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (FileSystemAccessRule ar in arc)
{
var SID = ar.IdentityReference.Value;
ConvertArguments.ObjectSID = new string[] { SID };
var Name = ConvertFromSID.ConvertFrom_SID(ConvertArguments);
var Out = new FileACL
{
Path = TargetPath,
FileSystemRights = Convert_FileRight((uint)ar.FileSystemRights),
IdentityReference = Name,
IdentitySID = SID,
AccessControlType = ar.AccessControlType
};
FileACLs.Add(Out);
}
}
catch (Exception e)
{
Logger.Write_Verbose($@"[Get-PathAcl] error: {e}");
}
}
// remove the IPC$ mappings
RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
ComputerName = MappedComputers.Keys.ToArray()
});
return(FileACLs);
}
