def Start(self): """Redirect to start on the workers and not in the UI.""" # Figure out which paths we are going to check. client = aff4.FACTORY.Open(self.client_id, token=self.token) system = client.Get(client.Schema.SYSTEM) paths = BROWSER_PATHS.get(system) self.state.Register("all_paths", []) if self.args.check_chrome: self.state.all_paths += paths.get("Chrome", []) if self.args.check_ie: self.state.all_paths += paths.get("IE", []) if self.args.check_firefox: self.state.all_paths += paths.get("Firefox", []) if not self.state.all_paths: raise flow.FlowError("Unsupported system %s for CacheGrep" % system) self.state.Register("users", []) for user in self.args.grep_users: user_info = flow_utils.GetUserInfo(client, user) if not user_info: raise flow.FlowError("No such user %s" % user) self.state.users.append(user_info) self.CallState(next_state="StartRequests")
def GuessHistoryPaths(self, username): """Take a user and return guessed full paths to History files. Args: username: Username as string. Returns: A list of strings containing paths to look for history files in. Raises: OSError: On invalid system in the Schema """ fd = aff4.FACTORY.Open(self.client_id, token=self.token) system = fd.Get(fd.Schema.SYSTEM) user_info = flow_utils.GetUserInfo(fd, username) if not user_info: self.Error("Could not find homedir for user {0}".format(username)) return paths = [] if system == "Windows": path = "{app_data}\\Mozilla\\Firefox\\Profiles/" paths.append(path.format( app_data=user_info.special_folders.app_data)) elif system == "Linux": path = "hotexamples_com/.mozilla/firefox/" paths.append(path.format(homedir=user_info.homedir)) elif system == "Darwin": path = ("hotexamples_com/Library/Application Support/" "Firefox/Profiles/") paths.append(path.format(homedir=user_info.homedir)) else: raise OSError("Invalid OS for Chrome History") return paths
def GuessExtensionPaths(self, user): """Take a user and return guessed full paths to Extension files. Args: user: Username as string. Returns: A list of strings containing paths to look for extension files in. Raises: OSError: On invalid system in the Schema. """ client = aff4.FACTORY.Open(self.client_id, token=self.token) system = client.Get(client.Schema.SYSTEM) paths = [] profile_path = "Default" user_pb = flow_utils.GetUserInfo(client, user) if not user_pb: logging.error("User not found") return [] if system == "Windows": path = ("%(local_app_data)s/%(sw)s/User Data/%(profile)s") for p in ["Google/Chrome", "Chromium"]: paths.append( path % { "local_app_data": user_pb.special_folders.local_app_data, "sw": p, "profile": profile_path }) elif system == "Linux": path = "%(home_path)s/.config/%(sw)s/%(profile)s" for p in ["google-chrome", "chromium"]: paths.append(path % { "home_path": user_pb.homedir, "sw": p, "profile": profile_path }) elif system == "Darwin": path = "%(home_path)s/Library/Application Support/%(sw)s/%(profile)s" for p in ["Google/Chrome", "Chromium"]: paths.append(path % { "home_path": user_pb.homedir, "sw": p, "profile": profile_path }) else: logging.error("Invalid OS for Chrome extensions") raise OSError return paths
def Start(self): """Validate parameters and do the actual work.""" if not self.username: raise RuntimeError("Please supply a valid user name.") if self.use_tsk: self.path_type = rdfvalue.PathSpec.PathType.TSK else: self.path_type = rdfvalue.PathSpec.PathType.OS client = aff4.FACTORY.Open(self.client_id, token=self.token) self.user_pb = flow_utils.GetUserInfo(client, self.username) if not self.user_pb: self.Error("Could not find homedir for user %s" % self.username) raise RuntimeError("No homedir found for user %s" % self.username) if self.get_browser_history: self.CallFlow("FirefoxHistory", pathtype=self.path_type, username=self.user, next_state="FinishFlow") self.CallFlow("ChromeHistory", pathtype=self.path_type, username=self.user, next_state="FinishFlow") if self.recursive_list_homedir: homedir = self.user_pb.homedir self.CallFlow("RecursiveListDirectory", pathtype=self.path_type, path=homedir, max_depth=int(self.recursive_list_homedir), next_state="FinishFlow") if self.recursive_list_user_registry: regdir = "HKEY_USERS/%s" % self.user_pb.sid max_depth = int(self.recursive_list_user_registry) self.CallFlow("RecursiveListDirectory", pathtype=rdfvalue.PathSpec.PathType.REGISTRY, path=regdir, max_depth=max_depth, next_state="FinishFlow") if self.artifact_list: self.CallFlow("ArtifactCollectorFlow", artifact_list=list(self.artifact_list), use_tsk=self.use_tsk, next_state="FinishFlow")
def GuessHistoryPaths(self, username): """Take a user and return guessed full paths to History files. Args: username: Username as string. Returns: A list of strings containing paths to look for history files in. Raises: OSError: On invalid system in the Schema """ client = aff4.FACTORY.Open(self.client_id, token=self.token) system = client.Get(client.Schema.SYSTEM) user_info = flow_utils.GetUserInfo(client, username) if not user_info: self.Error("Could not find homedir for user {0}".format(username)) return paths = [] if system == "Windows": path = ("{app_data}\\{sw}\\User Data\\Default\\") for sw_path in ["Google\\Chrome", "Chromium"]: paths.append( path.format( app_data=user_info.special_folders.local_app_data, sw=sw_path)) elif system == "Linux": path = "hotexamples_com/.config/{sw}/Default/" for sw_path in ["google-chrome", "chromium"]: paths.append(path.format(homedir=user_info.homedir, sw=sw_path)) elif system == "Darwin": path = "hotexamples_com/Library/Application Support/{sw}/Default/" for sw_path in ["Google/Chrome", "Chromium"]: paths.append(path.format(homedir=user_info.homedir, sw=sw_path)) else: raise OSError("Invalid OS for Chrome History") return paths