API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 23rd, 2017
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 9.61 KB | None | 0 0
raw download clone embed print report
  1. class DemoClass
  2. {
  3.   uint                Index;
  4.   ConnectionClass     Conn;
  5.   String              Output_Folder,
  6.                       Input_Folder;
  7.  
  8.   DemoClass(ConnectionClass Conn, const String &input_folder, const String &output_folder) :
  9.     Conn = Conn,
  10.     Input_Folder = input_folder,
  11.     Output_Folder = output_folder
  12.   {
  13.  
  14.   }
  15.  
  16.   void Recurse()
  17.   {
  18.     Recurse(Input_Folder);
  19.   }
  20.  
  21.   void Recurse(const String &path)
  22.   {
  23.     DirRootClass droot(Conn);
  24.     DirectoryClass root();
  25.     if (droot.GetListing(path, root))
  26.     {
  27.       foreach (DirectoryClass child in root)
  28.       {
  29.         String child_path = String::Format("{0}\\{1}", path, child.Name());
  30.         if (child.Extension().Compare("evtx") == 0)
  31.         {
  32.           if (child.LogicalSize())
  33.           {
  34.             Console.WriteLine("Processing '{0}'", child_path);
  35.             String error_message;
  36.             if (Extract(child.Name(), child_path, Conn, error_message))
  37.             {
  38.               Console.WriteLine("Successfully extracted '{0}' to '{1}'.", child.Name(), error_message);
  39.             }
  40.             else
  41.             {
  42.               Console.WriteLine("Unable to extract '{0}'.", child_path);
  43.             }
  44.           }
  45.         }
  46.         else if (child.IsFolder())
  47.         {
  48.           Recurse(child_path);
  49.         }
  50.       }
  51.     }
  52.   }
  53.  
  54.   bool Extract(const String &name, const String &path, ConnectionClass Conn, String &error_message)
  55.   {
  56.     bool retval;
  57.     HostFileClass input(Conn);
  58.     if (input.Open(path))
  59.     {
  60.       String output_path = String::Format("{0}\\{1} - {2}", Output_Folder, String::FormatInt(Index++, int::DECIMAL, 0, 6), name);
  61.       LocalFileClass output();
  62.       if (output.Open(output_path, WRITE))
  63.       {
  64.         output.WriteBuffer(input);
  65.         error_message = output_path;
  66.         retval = true;
  67.       }
  68.       else
  69.       {
  70.         error_message = String::Format("Can't open output_path at {0}.", output_path);
  71.       }
  72.     }
  73.     else
  74.     {
  75.       error_message = String::Format("Can't open file-data for '{0}'.", path);
  76.     }
  77.     return retval;
  78.   }
  79. }
  80.  
  81. class MainClass {
  82.  
  83.   static const String Input_Folder = "C:\\Windows\\System32\\winevt\\Logs";
  84.  
  85.   SafeClass Safe;
  86.   RoleClass RoleRoot,
  87.             Role;
  88.   NetworkClass SweepNet;
  89.   String NetText,
  90.          ClientReturnAddress,
  91.          StatusBarName,
  92.          OutputFolder;
  93.   int NumConnections,
  94.      ConnectOptions;
  95.   uint HostIndex;
  96.  
  97.  
  98.   MainClass() :
  99.     Safe(),
  100.     RoleRoot(),
  101.     Role(),
  102.     SweepNet(),
  103.     NumConnections = 1,
  104.     ConnectOptions = ConnectionClass::CLIENTNODESAFE,
  105.     StatusBarName = "Enterprise Example - Using Snapshot Data"
  106.   {
  107.   }
  108.  
  109.   /**
  110.   Entry point of the Enscript
  111.   **/
  112.   void Main() {
  113.     SystemClass::ClearConsole();
  114.     if (SystemClass::FolderDialog(OutputFolder, "Choose base output folder"))
  115.     {
  116.     if (Safe.Logon(null) && ShowDiag() == SystemClass::OK) {
  117.         Sweep();
  118.         SystemClass::Message(0, "Success", String::Format("{0}: Completed Successfully!", StatusBarName));
  119.       }
  120.     }
  121.   }
  122.  
  123.   /**
  124.   This method contains the logic we want to apply to each node on the network
  125.   **/
  126.   void Process(ConnectionClass conn, SnapshotClass snap) {
  127.     Console.WriteLine("Connected To Servlet On {0} Snapshot State = {1}", snap.Name(), SnapshotClass::States::SourceText(snap.State()));
  128.     String host_output_folder = String::Format("{0}\\{1} - {2}", OutputFolder, String::FormatInt(HostIndex++, int::DECIMAL, 0, 6), snap.Name());
  129.     if (LocalMachine.CreateFolder(host_output_folder))
  130.     {
  131.       DemoClass demo(conn, Input_Folder, host_output_folder);
  132.       demo.Recurse();
  133.     }
  134.   }
  135.  
  136.   /**
  137.    Display dialogs
  138.   **/
  139.   int ShowDiag() {
  140.     RoleRoot = Safe.RoleRoot();
  141.     DialogClass diag();
  142.     new NetTextDialogClass(diag, this);
  143.     return diag.Wizard();
  144.   }
  145.  
  146.   /**
  147.     Code that gets connection and snapshot
  148.   **/
  149.   void ReadNetwork(BatchClass batch, SnapshotClass root) {
  150.     String message,
  151.            name;
  152.     DateClass d();
  153.     do {
  154.       ConnectionClass conn;
  155.       SnapshotClass ss(null);
  156.       message = "";
  157.       BatchClass::ConnectionTypes reply = batch.GetConnection(conn, ss, name, message, 0);
  158.       if (reply == BatchClass::BATCHCONNECT) { //successfully connected to remote node
  159.         Process(conn, ss);
  160.         SystemClass::StatusInc(1);
  161.         root.Insert(ss);
  162.       }
  163.       else if (reply == BatchClass::BATCHERROR) { //could not connect to remote node. ss object will have the state of the node
  164.         d.Now();
  165.         Console.WriteLine("Could Not Connect To {0} SAFE Error Message: ", name, message);
  166.         SystemClass::StatusInc(1);
  167.         root.Insert(ss);
  168.       }
  169.       else if (reply == BatchClass::BATCHWAIT)
  170.         SystemClass::Sleep(100);
  171.       else if (reply == BatchClass::BATCHFATAL) {
  172.         String err = SystemClass::LastError();
  173.         Console.WriteLine("The SAFE is not responding: {0}. This Enscript will terminate.", err);
  174.         return;
  175.       }
  176.     } while (reply != BatchClass::BATCHDONE);
  177.   }
  178.  
  179.   /** Code that creates a batchclass
  180.   **/
  181.   void Sweep() {
  182.     DateClass now;
  183.     SnapshotClass newSnaps = new SnapshotClass(null, "Snapshot");
  184.     BatchClass batch(Safe, Role, NumConnections, ConnectionClass::SNAPALL);
  185.     if (batch.Add(SweepNet)) {
  186.       batch.SetMode(ConnectionClass::Options::Convert(ConnectOptions), ClientReturnAddress);
  187.       if (batch.Start()) {
  188.         uint machines = batch.TotalMachines();
  189.         Console.WriteLine("Scanning {0} using {1}", Plural("node", machines), Plural("connection", batch.ConnectionsUsed()));
  190.         SystemClass::StatusRange(StatusBarName, machines);
  191.         uint start;
  192.         now.Now();
  193.         start = now.GetUnix();
  194.         ReadNetwork(batch, newSnaps);
  195.         now.Now();
  196.         Console.WriteLine("Scan completed in {0} seconds", (now.GetUnix() - start));
  197.       }
  198.       else {
  199.         SystemClass::Message(0, "BatchClass error", SystemClass::LastError());
  200.       }
  201.     }
  202.     else {
  203.       SystemClass::Message(0, "BatchClass Error", "Unable to add any IPs to the sweep");
  204.     }
  205.   }
  206.  
  207.   String Plural(const String &str, uint n) {
  208.     return String::Format("{0} {1}{2}", n, str, n == 1 ? "" : "s");
  209.   }
  210.  
  211.   /**
  212.    Turn a string of text into networkclass objects
  213.   **/
  214.   bool ParseText(String t) {
  215.     SweepNet.Close();
  216.     bool ret = false;
  217.     while (t) {
  218.       ret = true;
  219.       int    end  = t.Find("\n");
  220.       String line = end < 0 ? t : t.SubString(0, end);
  221.       int    dash = line.Find("-");
  222.       if (dash >= 0) {
  223.         IPClass ip1(ExtractIP(line.SubString(0, dash))),
  224.                 ip2(ExtractIP(line.SubString(dash+1, -1)));
  225.         if (ip1 && ip2) {
  226.           NetworkClass n(SweepNet, "IP Range", NodeClass::SELECTED);
  227.           n.SetStart(ip1);
  228.           n.SetStop(ip2);
  229.         }
  230.         else
  231.           NetworkClass n(SweepNet, line, NodeClass::SELECTED);
  232.       }
  233.       else if (line != "")  {
  234.         NetworkClass n(SweepNet, line, NodeClass::SELECTED);
  235.       }
  236.       if (end >= 0)
  237.         t.Delete(0, end+1);
  238.       else
  239.         break;
  240.     }
  241.     return ret;
  242.   }
  243.  
  244.   /**
  245.    Check for IPs in nettext
  246.   **/
  247.   String ExtractIP(const String &s) {
  248.     String ret = s;
  249.     ret.Trim(" ", String::TRIMSTART | String::TRIMEND);
  250.     return ret.IsValidIPAddress() ? ret : "";
  251.   }
  252. }
  253.  
  254. /**
  255.  Dialog to choose a role and enter nodes to sweep
  256. **/
  257. class NetTextDialogClass: DialogClass {
  258.  
  259.   MainClass Data;
  260.   StaticTextClass SafeTextEdit;
  261.   TreeEditClass Tree;
  262.   StaticTextClass Help;
  263.   StringEditClass NetTextEdit;
  264.  
  265.   NetTextDialogClass(DialogClass diag, MainClass d) :
  266.     DialogClass(diag, String::Format("{0} Options", d.StatusBarName)),
  267.     Data = d,
  268.     SafeTextEdit(this, "", START, 15, 200, 100, 0),
  269.     Tree(this, "Choose The Role You Want To Assume", NEXT, START, 200, 100, 0, d.RoleRoot, 0),
  270.     Help(this, "Enter IP addresses or machine names on separate\n"
  271.                  "lines. Enter ranges on separate lines and delimit\n"
  272.                  "the start and stop address with a dash (\"-\").\n\n"
  273.                  "Example:\n\n"
  274.                  "\tlocalhost\n"
  275.                  "\t192.168.5.5\n"
  276.                  "\t192.168.0.16-192.168.0.64\n"
  277.                  "\t192.168.1.1-192.168.3.255\n"
  278.                  "\tfd00:0:1000:20:0:0:0:100\n",
  279.                  START, NEXT, 200, 100, REQUIRED),
  280.     NetTextEdit(this, "", NEXT, SAME, 200, 100, AUTOVSCROLL | MULTILINE | WANTRETURN, d.NetText, 9999, 0)
  281.   {
  282.  
  283.   }
  284.  
  285.   virtual void Setup() {
  286.     DialogClass::Setup();
  287.     SafeTextEdit.SetText("SAFE:\t\t\t\t" + Data.Safe.Name() +
  288.                          "\nUser:\t\t\t\t" + Data.Safe.UserName() +
  289.                           "\n\nTotal Connections:\t\t" + Data.Safe.TotalConnections() +
  290.                           "\nActive Connections:\t\t" + Data.Safe.ActiveConnections() +
  291.                           "\nConnections To Use:\t\t" + Data.NumConnections +
  292.                           "\n\nRemediation Allowed:\t\t" + (Data.Safe.RemediationAllowed() ? "Yes" : "No") +
  293.                           "\nSnapshot Allowed:\t\t" + (Data.Safe.SnapshotAllowed() ? "Yes" : "No") +
  294.                           "\n\nSAFE Version:\t\t\t" + Data.Safe.Version()
  295.                           );
  296.   }
  297.  
  298.   virtual void CheckControls() {
  299.     DialogClass::CheckControls();
  300.     EnableClose(Tree.GetValue().Parent());
  301.   }
  302.  
  303.   virtual bool CanClose() {
  304.     Output();
  305.     bool ret = false;
  306.     if (DialogClass::CanClose()) {
  307.       Data.Role = RoleClass::TypeCast(Tree.GetValue());
  308.       ret = Data.ParseText(Data.NetText);
  309.       if (!ret)
  310.         ErrorMessage("Please Enter a value in the IP List Text Area.");
  311.     }
  312.     return ret;
  313.   }
  314. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!