From ead6b98d51856f6505c136bd153bc977065fad09 Mon Sep 17 00:00:00 2001 From: Ceramicskate0 Date: Mon, 6 Apr 2020 18:41:25 -0400 Subject: [PATCH] Add files via upload --- AutoUpdateSysmon/Program.cs | 84 ++++++++++++++++++++++++++----------- 1 file changed, 59 insertions(+), 25 deletions(-) diff --git a/AutoUpdateSysmon/Program.cs b/AutoUpdateSysmon/Program.cs index eabae2b..afd0281 100644 --- a/AutoUpdateSysmon/Program.cs +++ b/AutoUpdateSysmon/Program.cs @@ -1,9 +1,10 @@ -using System; +using System; using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; using System.Net; +using System.Security.Principal; using System.Text; using System.Threading; using System.Threading.Tasks; @@ -16,43 +17,49 @@ class Program static void Main(string[] args) { - try + if (IsUserAdministrator()) { - if (args.Length <= 0) - { - RunUpdate(); - } - else + try { - if (args[0] == "-h" || args[0] == "h" || args[0] == "help" || args[0] == "-help" || args[0] == "/h" || args[0] == "/help") + if (args.Length <= 0) { - Console.WriteLine(@"Args must be in this fomat: + RunUpdate(); + } + else + { + if (args[0] == "-h" || args[0] == "h" || args[0] == "help" || args[0] == "-help" || args[0] == "/h" || args[0] == "/help") + { + Console.WriteLine(@"Args must be in this fomat: AutoUpdateSysmon.exe 'URL of Sysmon Config' 'Host Computer File Path of Sysmon xml file' Example: ./AutoUpdateSysmon.exe 'https://raw.githubusercontent.com/ceramicskate0/sysmon-config/master/sysmonconfig-export.xml' 'C:\Windows\sysmonconfig-export.xml'"); + } + else + { + RunUpdate(args[0], args[1]); + Console.WriteLine("[*] Update Status: Complete no issues."); + } } - else + } + catch (Exception e) + { + Console.WriteLine("[!] App ERROR: Error: " + e.Message.ToString() + " " + e.InnerException.ToString()); + try + { + RunUpdate(); + } + catch (Exception r) { - RunUpdate(args[0], args[1]); - Console.WriteLine("[*] Update Status: Complete no issues."); + Console.WriteLine("[!] Update Status: " + r.Message.ToString()); } } } - catch (Exception e) + else { - Console.WriteLine("[!] App ERROR: Error: " + e.Message.ToString()); - try - { - RunUpdate(); - } - catch(Exception r) - { - Console.WriteLine("[!] Update Status: " + r.Message.ToString()); - Environment.Exit(1); - } + Console.WriteLine("[!] App ERROR: Error: NOT RUNNING ELEVATED!"); } - Thread.Sleep(3000); + Thread.Sleep(5000); } private static void RunUpdate(string URL= @"https://raw.githubusercontent.com/ceramicskate0/sysmon-config/master/sysmonconfig-export.xml", string HostLocation= @"C:\Windows\sysmonconfig-export.xml") { @@ -70,6 +77,33 @@ private static void RunUpdate(string URL= @"https://raw.githubusercontent.com/ce string output = process.StandardOutput.ReadToEnd(); Console.WriteLine("[*] Process Output:" + output); } + + internal static bool IsUserAdministrator() + { + bool isAdmin; + WindowsIdentity user = null; + try + { + user = WindowsIdentity.GetCurrent(); + WindowsPrincipal principal = new WindowsPrincipal(user); + isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator); + } + catch (UnauthorizedAccessException ex) + { + isAdmin = false; + } + catch (Exception ex) + { + isAdmin = false; + } + finally + { + if (user != null) + user.Dispose(); + } + return isAdmin; + } + } internal class CustomWebClient : WebClient { @@ -77,7 +111,7 @@ protected override WebRequest GetWebRequest(Uri uri) { WebRequest w = base.GetWebRequest(uri); w.UseDefaultCredentials = true; - w.Timeout = 1000; + w.Timeout = 5000; return w; } }