internal void AddRegistryRemote(String[] keys, UInt32 hive)
{
using (WMI wmi = new WMI())
{
if (!wmi.Connect())
{
Console.WriteLine("[-] Connection failed");
return;
}
foreach (String key in keys)
{
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, key });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, key, "", registryDefault });
String keyValue2 = String.Format(@"{0}\InprocServer32", key);
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "", registryDefault });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "Assembly", registryAssembly });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "Class", registryClass });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "RuntimeVersion", registryRuntimeVersion });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "ThreadingModel", "Both" });
String keyValue3 = String.Format(@"{0}\InprocServer32\{1}", key, "3.5.0.0");
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue3, "Assembly", registryAssembly });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue3, "Class", registryClass });
wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue3, "RuntimeVersion", registryRuntimeVersion });
}
}
}
public static void WMIMethod(String system, String username, String password, String wmiClass, String wmiMethod, String args, String deliminator)
{
using (WMI wmi = new WMI(system))
{
if (!String.IsNullOrEmpty(username) && String.IsNullOrEmpty(password))
{
wmi.Connect(username, password);
}
else
{
wmi.Connect();
}
wmi.ExecuteMethod(wmiClass, wmiMethod, (Object[])args.Split(new String[] { deliminator }, StringSplitOptions.None));
}
}
internal void SetPermissions(String sid)
{
WMI wmi = new WMI();
ManagementObject trusteeInstance = wmi.CreateInstance("Win32_Trustee");
trusteeInstance["SidString"] = sid;
ManagementObject aceInstance = wmi.CreateInstance("Win32_ACE");
aceInstance["AceFlags"] = (uint)WMI.AceFlags.CONTAINER_INHERIT_ACE_FLAG + (uint)WMI.AceFlags.OBJECT_INHERIT_ACE_FLAG;
aceInstance["AccessMask"] = WMI.AccessMask.WBEM_METHOD_EXECUTE;
aceInstance["AceType"] = WMI.AceType.ACCESS_ALLOWED_ACE_TYPE;
aceInstance["Trustee"] = trusteeInstance;
ManagementBaseObject aclInstance = (ManagementBaseObject)wmi.ExecuteMethod2("__SystemSecurity", "GetSecurityDescriptor", new Object[] { });
ManagementBaseObject descriptor = aclInstance.Properties["Descriptor"].Value as ManagementBaseObject;
ManagementBaseObject[] dacl = descriptor["DACL"] as ManagementBaseObject[];
Array.Resize(ref dacl, dacl.Length + 1);
dacl[dacl.Length - 1] = aceInstance;
descriptor["DACL"] = dacl;
wmi.ExecuteMethod("__SystemSecurity", "SetSecurityDescriptor", new Object[] { descriptor });
}
