public static IEnumerable <GroupsXML> Get_GroupsXML(Args_Get_GroupsXML args = null)
{
if (args == null)
{
args = new Args_Get_GroupsXML();
}
var MappedPaths = new Dictionary <string, bool>();
var GroupsXMLs = new List <GroupsXML>();
try
{
if (args.GroupsXMLPath.IsRegexMatch(@"\\\\.*\\.*") && args.Credential != null)
{
var SysVolPath = $@"\\{new System.Uri(args.GroupsXMLPath).Host}\SYSVOL";
if (!MappedPaths[SysVolPath])
{
// map IPC$ to this computer if it's not already
AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
Path = new[] { SysVolPath }, Credential = args.Credential
});
MappedPaths[SysVolPath] = true;
}
}
XmlDocument GroupsXMLcontent = new XmlDocument();
GroupsXMLcontent.Load(args.GroupsXMLPath);
// process all group properties in the XML
var nodes = GroupsXMLcontent.SelectNodes(@"/Groups/Group");
foreach (XmlNode node in nodes)
{
var GroupName = node["groupName"].InnerText;
// extract the localgroup sid for memberof
var GroupSID = node[@"groupSid"].InnerText;
if (GroupSID.IsNotNullOrEmpty())
{
if (GroupName.IsRegexMatch(@"Administrators"))
{
GroupSID = @"S-1-5-32-544";
}
else if (GroupName.IsRegexMatch(@"Remote Desktop"))
{
GroupSID = @"S-1-5-32-555";
}
else if (GroupName.IsRegexMatch(@"Guests"))
{
GroupSID = @"S-1-5-32-546";
}
else
{
if (args.Credential != null)
{
GroupSID = ConvertToSID.ConvertTo_SID(new Args_ConvertTo_SID {
ObjectName = new[] { GroupName }, Credential = args.Credential
}).FirstOrDefault();
}
else
{
GroupSID = ConvertToSID.ConvertTo_SID(new Args_ConvertTo_SID {
ObjectName = new[] { GroupName }
}).FirstOrDefault();
}
}
}
// extract out members added to this group
var Members = new List <string>();
foreach (XmlNode member in node["members"].SelectNodes("//Member"))
{
if (member["action"].InnerText.IsRegexMatch("ADD"))
{
if (member["sid"] != null)
{
Members.Add(member["sid"].InnerText);
}
else
{
Members.Add(member["name"].InnerText);
}
}
if (Members != null)
{
// extract out any/all filters...I hate you GPP
var Filters = new List <Filter>();
if (node.Attributes != null)
{
foreach (XmlAttribute filter in node.Attributes)
{
Filters.Add(new Filter {
Type = filter.LocalName, Value = filter.Name
});
}
}
else
{
Filters = null;
}
var GroupsXML = new GroupsXML
{
GPOPath = args.GroupsXMLPath,
Filters = Filters,
GroupName = GroupName,
GroupSID = GroupSID,
GroupMemberOf = null,
GroupMembers = Members
};
GroupsXMLs.Add(GroupsXML);
}
}
}
}
catch (Exception e)
{
Logger.Write_Verbose($@"[Get-GroupsXML] Error parsing {args.GroupsXMLPath} : {e}");
}
// remove the SYSVOL mappings
foreach (var key in MappedPaths.Keys)
{
RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
Path = new[] { key }
});
}
return(GroupsXMLs);
}
public static IEnumerable <FoundFile> Find_InterestingFile(Args_Find_InterestingFile args = null)
{
if (args == null)
{
args = new Args_Find_InterestingFile();
}
if (args.OfficeDocs)
{
args.Include = new[] { ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx" };
}
else if (args.FreshEXEs)
{
// find .exe's accessed within the last 7 days
args.LastAccessTime = DateTime.Now.Date.AddDays(-7);
args.Include = new[] { ".exe" };
}
var FoundFiles = new List <FoundFile>();
var MappedComputers = new Dictionary <string, bool>();
foreach (var TargetPath in args.Path)
{
if ((TargetPath.IsRegexMatch(@"\\\\.*\\.*")) && (args.Credential != null))
{
var HostComputer = new System.Uri(TargetPath).Host;
if (!MappedComputers[HostComputer])
{
// map IPC$ to this computer if it's not already
AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
ComputerName = new[] { HostComputer }, Credential = args.Credential
});
MappedComputers[HostComputer] = true;
}
}
var files = PathExtension.GetDirectoryFiles(TargetPath, args.Include, SearchOption.AllDirectories);
//var files = Directory.EnumerateFiles(TargetPath, "*.*", SearchOption.AllDirectories)
// .Where(x => args.Include.EndsWith(x, StringComparison.OrdinalIgnoreCase));
foreach (var file in files)
{
var Continue = true;
// check if we're excluding hidden files
if (args.ExcludeHidden)
{
Continue = !File.GetAttributes(file).HasFlag(FileAttributes.Hidden);
}
// check if we're excluding folders
if (args.ExcludeFolders && Directory.Exists(file))
{
Logger.Write_Verbose($@"Excluding: {file}");
Continue = false;
}
if (args.LastAccessTime != null && (File.GetLastAccessTime(file) < args.LastAccessTime.Value))
{
Continue = false;
}
if (args.LastWriteTime != null && (File.GetLastWriteTime(file) < args.LastWriteTime.Value))
{
Continue = false;
}
if (args.CreationTime != null && (File.GetCreationTime(file) < args.CreationTime.Value))
{
Continue = false;
}
if (args.CheckWriteAccess && !Test_Write(file))
{
Continue = false;
}
if (Continue)
{
String owner;
try
{
owner = File.GetAccessControl(file).GetOwner(typeof(SecurityIdentifier)).Translate(typeof(System.Security.Principal.NTAccount)).Value;
}
catch {
owner = "Access was Denied";
}
DateTime lastAccessTime;
try
{
lastAccessTime = File.GetLastAccessTime(file);
}
catch { lastAccessTime = new DateTime(); }
DateTime lastWriteTime;
try
{
lastWriteTime = File.GetLastWriteTime(file);
} catch { lastWriteTime = new DateTime(); }
DateTime creationTime;
try
{
creationTime = File.GetCreationTime(file);
} catch { creationTime = new DateTime(); }
long length;
try
{
length = new FileInfo(file).Length;
}catch { length = 0; }
var FoundFile = new FoundFile
{
Path = file,
Owner = owner,
LastAccessTime = lastAccessTime,
LastWriteTime = lastWriteTime,
CreationTime = creationTime,
Length = length
};
FoundFiles.Add(FoundFile);
}
}
}
// remove the IPC$ mappings
foreach (var key in MappedComputers.Keys)
{
RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
ComputerName = new[] { key }
});
}
return(FoundFiles);
}
public static IEnumerable <FileACL> Get_PathAcl(Args_Get_PathAcl args = null)
{
if (args == null)
{
args = new Args_Get_PathAcl();
}
var ConvertArguments = new Args_ConvertFrom_SID
{
Credential = args.Credential
};
var MappedComputers = new Dictionary <string, bool>();
var FileACLs = new List <FileACL>();
foreach (var TargetPath in args.Path)
{
try
{
if (TargetPath.IsRegexMatch(@"\\\\.*\\.*") && args.Credential != null)
{
var HostComputer = new System.Uri(TargetPath).Host;
if (!MappedComputers[HostComputer])
{
// map IPC$ to this computer if it's not already
AddRemoteConnection.Add_RemoteConnection(new Args_Add_RemoteConnection {
ComputerName = new string[] { HostComputer }, Credential = args.Credential
});
MappedComputers[HostComputer] = true;
}
}
FileSystemSecurity ACL;
var attr = File.GetAttributes(TargetPath);
if (attr.HasFlag(FileAttributes.Directory))
{
ACL = Directory.GetAccessControl(TargetPath);
}
else
{
ACL = File.GetAccessControl(TargetPath);
}
var arc = ACL.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (FileSystemAccessRule ar in arc)
{
var SID = ar.IdentityReference.Value;
ConvertArguments.ObjectSID = new string[] { SID };
var Name = ConvertFromSID.ConvertFrom_SID(ConvertArguments);
var Out = new FileACL
{
Path = TargetPath,
FileSystemRights = Convert_FileRight((uint)ar.FileSystemRights),
IdentityReference = Name,
IdentitySID = SID,
AccessControlType = ar.AccessControlType
};
FileACLs.Add(Out);
}
}
catch (Exception e)
{
Logger.Write_Verbose($@"[Get-PathAcl] error: {e}");
}
}
// remove the IPC$ mappings
RemoveRemoteConnection.Remove_RemoteConnection(new Args_Remove_RemoteConnection {
ComputerName = MappedComputers.Keys.ToArray()
});
return(FileACLs);
}
