mirror of
https://github.com/MichaelGrafnetter/DSInternals
synced 2025-04-23 07:26:15 +00:00
100 lines
2.8 KiB
C#
100 lines
2.8 KiB
C#
namespace DSInternals.PowerShell.Commands
|
|
{
|
|
using DSInternals.Common.Data;
|
|
using System;
|
|
using System.Linq;
|
|
using System.Management.Automation;
|
|
|
|
[Cmdlet(VerbsData.Save, "DPAPIBlob")]
|
|
// TODO: Export None as resource.
|
|
[OutputType("None")]
|
|
public class SaveDPAPIBlobCmdlet : PSCmdletEx
|
|
{
|
|
private const string VerboseMessageFormat = "Creating DPAPI file {0}.";
|
|
private const string AccountParameterSet = "FromAccount";
|
|
private const string ObjectParameterSet = "FromObject";
|
|
|
|
[Parameter(
|
|
Mandatory = true,
|
|
ValueFromPipeline = true,
|
|
ParameterSetName = ObjectParameterSet
|
|
)]
|
|
[ValidateNotNullOrEmpty]
|
|
[Alias("DPAPIBlob", "Object", "Blob", "BackupKey")]
|
|
public DPAPIObject DPAPIObject
|
|
{
|
|
get;
|
|
set;
|
|
}
|
|
|
|
[Parameter(
|
|
Mandatory = true,
|
|
ValueFromPipeline = true,
|
|
ParameterSetName = AccountParameterSet
|
|
)]
|
|
[ValidateNotNullOrEmpty]
|
|
public DSAccount Account
|
|
{
|
|
get;
|
|
set;
|
|
}
|
|
|
|
[Parameter(
|
|
Mandatory = true,
|
|
Position = 0
|
|
)]
|
|
[ValidateNotNullOrEmpty]
|
|
[Alias("Path", "OutputPath")]
|
|
public string DirectoryPath
|
|
{
|
|
get;
|
|
set;
|
|
}
|
|
|
|
private string AbsoluteDirectoryPath
|
|
{
|
|
get;
|
|
set;
|
|
}
|
|
|
|
protected override void BeginProcessing()
|
|
{
|
|
this.AbsoluteDirectoryPath = this.ResolveDirectoryPath(this.DirectoryPath);
|
|
}
|
|
|
|
protected override void ProcessRecord()
|
|
{
|
|
switch(this.ParameterSetName)
|
|
{
|
|
case ObjectParameterSet:
|
|
this.ProcessSingleObject(this.DPAPIObject);
|
|
break;
|
|
case AccountParameterSet:
|
|
// Extract all roamed credentials from an account
|
|
foreach(var blob in this.Account.RoamedCredentials ?? Enumerable.Empty<DPAPIObject>())
|
|
{
|
|
this.ProcessSingleObject(blob);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
private void ProcessSingleObject(DPAPIObject blob)
|
|
{
|
|
string filePath = blob.FilePath;
|
|
if (String.IsNullOrEmpty(filePath))
|
|
{
|
|
// There is nothing to save
|
|
return;
|
|
}
|
|
|
|
// Save the blob
|
|
string verboseMessage = String.Format(VerboseMessageFormat, filePath);
|
|
this.WriteVerbose(verboseMessage);
|
|
blob.Save(this.AbsoluteDirectoryPath);
|
|
|
|
// Append the Mimikatz command to a script file
|
|
blob.SaveKiwiCommand(this.AbsoluteDirectoryPath);
|
|
}
|
|
}
|
|
} |