//From SharpView
public static void FindLocalAdminAccess(Computer computer)
{
var Handle = WinAPI.OpenSCManagerW($@"\\" + computer.Fqdn, "ServicesActive", 0xF003F);
var errorCode = Marshal.GetLastWin32Error();
if (Handle != IntPtr.Zero)
{
WinAPI.CloseServiceHandle(Handle);
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] {2} is a local admin on {3}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), Environment.UserName, computer.Fqdn);
}
else
{
DateTime dtime = DateTime.Now;
if (errorCode == 5)
{
Console.WriteLine("{0}[{1}] {2} is not a local admin on {3}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), Environment.UserName, computer.Fqdn);
}
else
{
Console.WriteLine("{0}[{1}] Could not confirm if {2} is local admin on {3}. Error Code:{4}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), Environment.UserName, computer.Fqdn, errorCode);
}
}
}
public static void CreateServiceApi(string log, Lib.Logger logger, bool cleanup)
{
var scmHandle = WinAPI.OpenSCManager(null, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
if (scmHandle == IntPtr.Zero)
{
DateTime dtime = DateTime.Now;
int err = Marshal.GetLastWin32Error();
//Console.WriteLine("{0}[{1}] Could not obtain a handle to SCM on {2}. Not an admin ?", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
return;
}
string servicePath = @"C:\Windows\Temp\superlegit.exe"; // A path to some running service now
string serviceName = "UpdaterService";
string serviceDispName = "Super Legit Update Service";
IntPtr svcHandleCreated = IntPtr.Zero;
int createdErr = 0;
bool created = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
if (created)
{
//DateTime dtime = DateTime.Now;
logger.TimestampInfo(String.Format("Successfully created Service: {0} ImagePath: {1} using CreateService", serviceName, servicePath));
//Console.WriteLine("{0}[{1}] Successfully created a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
if (cleanup)
{
IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
bool deletedService = WinAPI.DeleteService(svcHandleOpened);
logger.TimestampInfo(String.Format("Deleted Service: {0} ImagePath: {1} with DeleteService", serviceName, servicePath));
WinAPI.CloseServiceHandle(svcHandleOpened);
}
else
{
logger.TimestampInfo(String.Format("The created Service: {0} ImagePath: {1} was not deleted as part of the simulation", serviceName, servicePath));
}
}
else
{
logger.TimestampInfo("Could not create Service. Error Code: " + createdErr);
}
/*
* if (!created)
* {
* if (createdErr == 1073)
* {
* // Error: "The specified service already exists"
*
* IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
*
* if (svcHandleOpened != IntPtr.Zero)
* {
* bool deletedService = WinAPI.DeleteService(svcHandleOpened);
* WinAPI.CloseServiceHandle(svcHandleOpened);
*
* if (deletedService)
* {
* // Try to create it again:
* bool created2 = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
* if (created2)
* {
* DateTime dtime = DateTime.Now;
* Console.WriteLine("{0}[{1}] Successfully deleted and recreated a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
* //throw new Win32Exception(createdErr);
*
* if (cleanup)
* {
* IntPtr svcHandleOpened2 = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
* bool deletedService2 = WinAPI.DeleteService(svcHandleOpened2);
* WinAPI.CloseServiceHandle(svcHandleOpened2);
*
* }
*
* }
* }
* else
* {
* DateTime dtime = DateTime.Now;
* Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
*
* // Service was successfully opened, but unable to delete the service
* }
* }
* else
* {
* // Unable to open that service name w/ All Access
* DateTime dtime = DateTime.Now;
* Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
* int openErr = Marshal.GetLastWin32Error();
* //throw new Win32Exception(openErr);
* }
*
* }
* else
* {
* // Some other serice creation error than it already existing
* DateTime dtime = DateTime.Now;
* Console.WriteLine("{0}[{1}] Failed to create service on {2}. ", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
* //throw new Win32Exception(createdErr);
* }
* }
*/
}
public static void CreateRemoteServiceApi(Computer computer, PlaybookTask playbook_task, Logger logger)
{
var scmHandle = IntPtr.Zero;
int createdErr = 0;
if (!computer.Fqdn.Equals(""))
{
scmHandle = WinAPI.OpenSCManager(computer.Fqdn, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
}
else if (!computer.ComputerName.Equals(""))
{
scmHandle = WinAPI.OpenSCManager(computer.ComputerName, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
}
else
{
scmHandle = WinAPI.OpenSCManager(computer.IPv4, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
}
if (scmHandle == IntPtr.Zero)
{
createdErr = Marshal.GetLastWin32Error();
logger.TimestampInfo(String.Format("Could not obtain a handle to the Service Control Manager on {0}.", computer.Fqdn));
throw new Win32Exception(createdErr);
}
IntPtr svcHandleCreated = IntPtr.Zero;
bool created = CreateService(scmHandle, playbook_task.servicePath, playbook_task.serviceName, playbook_task.serviceName, out svcHandleCreated, out createdErr);;
if (created)
{
logger.TimestampInfo(String.Format("Created service '{0}' on {1} with 'CreateService' Win32 API", playbook_task.serviceName, computer.ComputerName));
WinAPI.StartService(svcHandleCreated, 0, null);
logger.TimestampInfo(String.Format("Service '{0}' started on {1} with 'StartService' Win32 API", playbook_task.serviceName, computer.ComputerName));
if (playbook_task.cleanup)
{
IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, playbook_task.serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
bool deletedService = WinAPI.DeleteService(svcHandleOpened);
logger.TimestampInfo(String.Format("Deleted service '{0}' on {1} with 'DeleteService' Win32API", playbook_task.serviceName, computer.ComputerName));
WinAPI.CloseServiceHandle(svcHandleOpened);
}
else
{
logger.TimestampInfo(String.Format("The created Service: {0} was not deleted on {1} as part of the simulation", playbook_task.serviceName, computer.ComputerName));
}
}
else
{
// service was not created
if (createdErr == 1073)
{
// Error: "The specified service already exists"
logger.TimestampInfo(String.Format("Failed to create service {0} on {1}. Service already exists", playbook_task.serviceName, computer.ComputerName));
}
else
{
// Some other serice creation error
logger.TimestampInfo(String.Format("Failed to create service {0} on {1}.", playbook_task.serviceName, computer.ComputerName));
throw new Win32Exception(createdErr);
}
}
WinAPI.CloseServiceHandle(svcHandleCreated);
WinAPI.CloseServiceHandle(scmHandle);
}
// From https://stackoverflow.com/questions/23481394/programmatically-install-windows-service-on-remote-machine
// and https://stackoverflow.com/questions/37983453/how-to-deploy-windows-service-on-remote-system-using-c-sharp-programatically
public static void CreateRemoteServiceApi_Old(Computer computer, bool cleanup, Lib.Logger logger)
{
//var scmHandle = WinAPI.OpenSCManager(computer.Fqdn, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
var scmHandle = WinAPI.OpenSCManager(computer.ComputerName, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
if (scmHandle == IntPtr.Zero)
{
DateTime dtime = DateTime.Now;
int err = Marshal.GetLastWin32Error();
logger.TimestampInfo(String.Format("Could not obtain a handle to the Service Control Manager on {0}.", computer.Fqdn));
throw new Exception();
}
string servicePath = @"C:\Windows\Temp\superlegit.exe"; // A path to some running service now
string serviceName = "UpdaterService";
string serviceDispName = "Super Legit Update Service";
IntPtr svcHandleCreated = IntPtr.Zero;
int createdErr = 0;
bool created = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
if (created)
{
DateTime dtime = DateTime.Now;
logger.TimestampInfo(String.Format("Created service '{0}' on {1} with 'CreateService' Win32 API", serviceName, computer.ComputerName));
if (cleanup)
{
IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
bool deletedService = WinAPI.DeleteService(svcHandleOpened);
logger.TimestampInfo(String.Format("Deleted service '{0}' on {1} with 'DeleteService' Win32API", serviceName, computer.ComputerName));
WinAPI.CloseServiceHandle(svcHandleOpened);
}
else
{
logger.TimestampInfo(String.Format("The created Service: {0} was not deleted on {1} as part of the simulation", serviceName, computer.ComputerName));
}
}
else
{
// service was not created
if (createdErr == 1073)
{
// Error: "The specified service already exists"
IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
if (svcHandleOpened != IntPtr.Zero)
{
bool deletedService = WinAPI.DeleteService(svcHandleOpened);
WinAPI.CloseServiceHandle(svcHandleOpened);
if (deletedService)
{
// Try to create it again:
bool created2 = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
if (created2)
{
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Successfully deleted and recreated a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
//throw new Win32Exception(createdErr);
if (cleanup)
{
IntPtr svcHandleOpened2 = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
bool deletedService2 = WinAPI.DeleteService(svcHandleOpened2);
WinAPI.CloseServiceHandle(svcHandleOpened2);
}
}
}
else
{
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
// Service was successfully opened, but unable to delete the service
}
}
else
{
// Unable to open that service name w/ All Access
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
int openErr = Marshal.GetLastWin32Error();
//throw new Win32Exception(openErr);
}
}
else
{
// Some other serice creation error than it already existing
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Failed to create service on {2}. ", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
//throw new Win32Exception(createdErr);
}
}
WinAPI.StartService(svcHandleCreated, 0, null);
WinAPI.CloseServiceHandle(svcHandleCreated);
WinAPI.CloseServiceHandle(scmHandle);
}
// From https://stackoverflow.com/questions/23481394/programmatically-install-windows-service-on-remote-machine
public static void CreateRemoteService(Computer computer, bool cleanup)
{
var scmHandle = WinAPI.OpenSCManager(computer.Fqdn, null, Structs.SCM_ACCESS.SC_MANAGER_CREATE_SERVICE);
if (scmHandle == IntPtr.Zero)
{
DateTime dtime = DateTime.Now;
int err = Marshal.GetLastWin32Error();
Console.WriteLine("{0}[{1}] Could not obtain a handle to SCM on {2}. Not an admin ?", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
return;
}
string servicePath = @"C:\Windows\Temp\superlegit.exe"; // A path to some running service now
string serviceName = "UpdaterService";
string serviceDispName = "Super Legit Update Service";
IntPtr svcHandleCreated = IntPtr.Zero;
int createdErr = 0;
bool created = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
if (created)
{
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Successfully created a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
if (cleanup)
{
IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
bool deletedService = WinAPI.DeleteService(svcHandleOpened);
WinAPI.CloseServiceHandle(svcHandleOpened);
}
}
if (!created)
{
if (createdErr == 1073)
{
// Error: "The specified service already exists"
IntPtr svcHandleOpened = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
if (svcHandleOpened != IntPtr.Zero)
{
bool deletedService = WinAPI.DeleteService(svcHandleOpened);
WinAPI.CloseServiceHandle(svcHandleOpened);
if (deletedService)
{
// Try to create it again:
bool created2 = CreateService(scmHandle, servicePath, serviceName, serviceDispName, out svcHandleCreated, out createdErr);
if (created2)
{
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Successfully deleted and recreated a service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
//throw new Win32Exception(createdErr);
if (cleanup)
{
IntPtr svcHandleOpened2 = WinAPI.OpenService(scmHandle, serviceName, Structs.SERVICE_ACCESS.SERVICE_ALL_ACCESS);
bool deletedService2 = WinAPI.DeleteService(svcHandleOpened2);
WinAPI.CloseServiceHandle(svcHandleOpened2);
}
}
}
else
{
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
// Service was successfully opened, but unable to delete the service
}
}
else
{
// Unable to open that service name w/ All Access
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Failed to create service on {2}", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
int openErr = Marshal.GetLastWin32Error();
//throw new Win32Exception(openErr);
}
}
else
{
// Some other serice creation error than it already existing
DateTime dtime = DateTime.Now;
Console.WriteLine("{0}[{1}] Failed to create service on {2}. ", "".PadLeft(4), dtime.ToString("MM/dd/yyyy HH:mm:ss"), computer.Fqdn);
//throw new Win32Exception(createdErr);
}
}
WinAPI.StartService(svcHandleCreated, 0, null);
WinAPI.CloseServiceHandle(svcHandleCreated);
WinAPI.CloseServiceHandle(scmHandle);
}