Update lerc_client

lerc_client/lercConsole/App.config

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <startup>
-    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />
   </startup>
   <appSettings>
     <add key="logTarget" value="console" />

lerc_client/lercConsole/Properties/AssemblyInfo.cs

@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyVersion("1.0.0.2")]
+[assembly: AssemblyFileVersion("1.0.0.2")]

lerc_client/lercConsole/lercConsole.csproj

@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>lercConsole</RootNamespace>
     <AssemblyName>lercConsole</AssemblyName>
-    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
   </PropertyGroup>
@@ -22,6 +22,7 @@
     <DefineConstants>DEBUG;TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
     <PlatformTarget>AnyCPU</PlatformTarget>
@@ -31,6 +32,7 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
@@ -57,8 +59,8 @@
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <PropertyGroup>
-    <PostBuildEvent>copy /Y $(SolutionDir)certs\lerc.ca.pem $(TargetDir)lerc.ca.pem
-copy /Y $(SolutionDir)certs\lerc.client.pfx $(TargetDir)lerc.client.pfx</PostBuildEvent>
+    <PostBuildEvent>copy /Y "$(SolutionDir)certs\lerc.ca.pem" "$(TargetDir)lerc.ca.pem"
+copy /Y "$(SolutionDir)certs\lerc.client.pfx" "$(TargetDir)lerc.client.pfx"</PostBuildEvent>
   </PropertyGroup>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

lerc_client/lercLib/Properties/AssemblyInfo.cs

@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
+[assembly: AssemblyVersion("1.0.0.2")]
+[assembly: AssemblyFileVersion("1.0.0.2")]

lerc_client/lercLib/lercLib.csproj

@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>lercLib</RootNamespace>
     <AssemblyName>lercLib</AssemblyName>
-    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
@@ -55,7 +55,7 @@
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <PropertyGroup>
-    <PostBuildEvent>"C:\Program Files (x86)\Windows Kits\8.1\bin\x86\signtool.exe" sign /f $(SolutionDir)certs\lerc.code.pfx $(TargetPath)</PostBuildEvent>
+    <PostBuildEvent>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x86\signtool.exe" sign /fd sha256 /f "$(SolutionDir)certs\lerc.code.pfx" "$(TargetPath)"</PostBuildEvent>
   </PropertyGroup>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

lerc_client/lercService/App.config

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <startup>
-    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
+    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />
   </startup>
   <appSettings>
     <add key="logTarget" value="file" />

lerc_client/lercService/Properties/AssemblyInfo.cs

@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.1")]
-[assembly: AssemblyFileVersion("1.0.0.1")]
+[assembly: AssemblyVersion("1.0.0.2")]
+[assembly: AssemblyFileVersion("1.0.0.2")]

lerc_client/lercService/lercService.csproj

@@ -9,7 +9,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>lercService</RootNamespace>
     <AssemblyName>lerc</AssemblyName>
-    <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
     <PublishUrl>publish\</PublishUrl>
@@ -92,9 +92,9 @@
     </EmbeddedResource>
   </ItemGroup>
   <ItemGroup>
-    <BootstrapperPackage Include=".NETFramework,Version=v4.5.2">
+    <BootstrapperPackage Include=".NETFramework,Version=v4.8">
       <Visible>False</Visible>
-      <ProductName>Microsoft .NET Framework 4.5.2 %28x86 and x64%29</ProductName>
+      <ProductName>Microsoft .NET Framework 4.8 %28x86 and x64%29</ProductName>
       <Install>true</Install>
     </BootstrapperPackage>
     <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
@@ -105,7 +105,7 @@
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <PropertyGroup>
-    <PostBuildEvent>"C:\Program Files (x86)\Windows Kits\8.1\bin\x86\signtool.exe" sign /f $(SolutionDir)certs\lerc.code.pfx $(TargetPath)</PostBuildEvent>
+    <PostBuildEvent>"C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x86\signtool.exe" sign /fd sha256 /f "$(SolutionDir)certs\lerc.code.pfx" "$(TargetPath)"</PostBuildEvent>
   </PropertyGroup>
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

lerc_client/lercSetup/lercSetup.vdproj

@@ -88,10 +88,10 @@
             "ComponentsUrl" = "8:"
                 "Items"
                 {
-                    "{EDC2488A-8267-493A-A98E-7D9C3B36CDF3}:.NETFramework,Version=v4.5"
+                    "{EDC2488A-8267-493A-A98E-7D9C3B36CDF3}:.NETFramework,Version=v4.8"
                     {
-                    "Name" = "8:Microsoft .NET Framework 4.5 (x86 and x64)"
-                    "ProductCode" = "8:.NETFramework,Version=v4.5"
+                    "Name" = "8:Microsoft .NET Framework 4.8 (x86 and x64)"
+                    "ProductCode" = "8:.NETFramework,Version=v4.8"
                     }
                 }
             }
@@ -120,10 +120,10 @@
             "ComponentsUrl" = "8:"
                 "Items"
                 {
-                    "{EDC2488A-8267-493A-A98E-7D9C3B36CDF3}:.NETFramework,Version=v4.5"
+                    "{EDC2488A-8267-493A-A98E-7D9C3B36CDF3}:.NETFramework,Version=v4.8"
                     {
-                    "Name" = "8:Microsoft .NET Framework 4.5 (x86 and x64)"
-                    "ProductCode" = "8:.NETFramework,Version=v4.5"
+                    "Name" = "8:Microsoft .NET Framework 4.8 (x86 and x64)"
+                    "ProductCode" = "8:.NETFramework,Version=v4.8"
                     }
                 }
             }
@@ -204,7 +204,7 @@
                 {
                 "Name" = "8:.NET Framework"
                 "Message" = "8:[VSDNETMSG]"
-                "FrameworkVersion" = "8:.NETFramework,Version=v4.5"
+                "FrameworkVersion" = "8:.NETFramework,Version=v4.8"
                 "AllowLaterVersions" = "11:FALSE"
                 "InstallUrl" = "8:http://go.microsoft.com/fwlink/?LinkId=395269"
                 }
@@ -287,7 +287,7 @@
             {
             "AssemblyRegister" = "3:1"
             "AssemblyIsInGAC" = "11:FALSE"
-            "AssemblyAsmDisplayName" = "8:lercLib, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL"
+            "AssemblyAsmDisplayName" = "8:lercLib, Version=1.0.0.2, Culture=neutral, processorArchitecture=MSIL"
                 "ScatterAssemblies"
                 {
                     "_CC5D63CD55B1236C93A64E8B7CF785EC"
@@ -376,25 +376,25 @@
         "AspNetVersion" = "8:4.0.30319.0"
         "RestartWWWService" = "11:FALSE"
         "RemovePreviousVersions" = "11:TRUE"
-        "DetectNewerInstalledVersion" = "11:FALSE"
+        "DetectNewerInstalledVersion" = "11:TRUE"
         "InstallAllUsers" = "11:TRUE"
-        "ProductVersion" = "8:1.0.0"
+        "ProductVersion" = "8:1.0.1"
         "Manufacturer" = "8:Integral Defense"
         "ARPHELPTELEPHONE" = "8:"
         "ARPHELPLINK" = "8:"
         "Title" = "8:Live Endpoint Response Client"
         "Subject" = "8:"
         "ARPCONTACT" = "8:Integral Defense"
         "Keywords" = "8:"
-        "ARPCOMMENTS" = "8:Allows secuirty analysts to perform live response actions."
+        "ARPCOMMENTS" = "8:Allows security analysts to perform live response actions."
         "ARPURLINFOABOUT" = "8:"
         "ARPPRODUCTICON" = "8:"
         "ARPIconIndex" = "3:0"
         "SearchPath" = "8:"
         "UseSystemSearchPath" = "11:TRUE"
         "TargetPlatform" = "3:0"
         "PreBuildEvent" = "8:"
-        "PostBuildEvent" = "8:\"C:\\Program Files (x86)\\Windows Kits\\8.1\\bin\\x86\\signtool.exe\" sign /f $(ProjectDir)..\\certs\\lerc.code.pfx $(BuiltOuputPath)"
+        "PostBuildEvent" = "8:\"C:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.26100.0\\x86\\signtool.exe\" sign /fd sha256 /f \"$(ProjectDir)..\\certs\\lerc.code.pfx\" \"$(BuiltOuputPath)\""
         "RunPostBuildEvent" = "3:0"
         }
         "Registry"

lerc_client/packages.config

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="Newtonsoft.Json" version="11.0.2" targetFramework="net452" />
+  <package id="Newtonsoft.Json" version="11.0.2" targetFramework="net48" />
 </packages>

lerc_control/__init__.py

@@ -102,7 +102,7 @@ def main():
     parser_run = subparsers.add_parser('run', help="Run a shell command on the host.")
     parser_run.add_argument('hostname', help="the host you'd like to work with")
     parser_run.add_argument('command', help='The shell command for the host to execute`')
-    parser_run.add_argument('-a', '--async', action='store_true', help='Set asynchronous to true (do NOT wait for output or command to complete)')
+    parser_run.add_argument('-a', '--asynchronous', action='store_true', help='Set asynchronous to true (do NOT wait for output or command to complete)')
     parser_run.add_argument('-p', '--print-only', action='store_true', help='Only print results to screen.')
     parser_run.add_argument('-w', '--write-only', action='store_true', help='Only write results to file.')
     parser_run.add_argument('-o', '--output-filename', default=None, action='store', help='Specify the name of the file to write any results to.')
@@ -324,25 +324,24 @@ def main():
             sys.exit(0)
         logger.info("Attempting to deploy lerc with CarbonBlack..")
         try:
-            from cbapi.response import CbResponseAPI
-            from cbapi.psc.threathunter import CbThreatHunterAPI
+            from cbc_sdk import CBCloudAPI
             from cbinterface.cli import load_configured_environments
-            from cbinterface.psc.device import find_device_by_hostname
+            from cbinterface.enterprise_edr.device import find_device_by_hostname
             from lerc_control.deploy_lerc import deploy_lerc, CbSensor_search
-        except:
-            logger.error("Failed to import deployment functions. Install and configure cbinterface, if you have Carbon Black.")
+        except Exception as e:
+            logger.error(f"{e}Failed to import deployment functions. Install and configure cbinterface, if you have Carbon Black.")
             sys.exit(1)
         logging.getLogger('lerc_control.deploy_lerc').setLevel(logging.ERROR)
 
         device_or_sensor = None
         configured_environments = load_configured_environments()
-        if "psc" in configured_environments or "cbc" in configured_environments:
+        if "enterprise_edr" in configured_environments or "cbc" in configured_environments:
             # search here first
             logger.info(f"searching for device...")
-            profiles = configured_environments.get("psc", [])
+            profiles = configured_environments.get("enterprise_edr", [])
             profiles.extend(configured_environments.get("cbc", []))
             for profile in profiles:
-                cb = CbThreatHunterAPI(profile=profile)
+                cb = CBCloudAPI(profile=profile)
                 device_or_sensor = find_device_by_hostname(cb, args.hostname)
                 if device_or_sensor:
                     break
@@ -509,8 +508,8 @@ def main():
     # Else, see if we're running a command directly
     cmd = None
     if args.instruction == 'run':
-        if args.async:
-            cmd = client.Run(args.command, async=args.async)
+        if args.asynchronous:
+            cmd = client.Run(args.command, asynchronous=args.asynchronous)
         else:
             cmd = client.Run(args.command)
 

lerc_control/deploy_lerc.py

@@ -16,17 +16,17 @@
 logger = logging.getLogger("lerc_control."+__name__)
 
 try:
-    from cbapi.psc import Device
-    from cbapi.psc.threathunter import CbThreatHunterAPI
+    from cbc_sdk.platform.devices import Device
+    from cbc_sdk import CBCloudAPI
     from cbapi.response import CbResponseAPI, Sensor
-    from cbapi.errors import ConnectionError, UnauthorizedError, ServerError, ClientError
+    from cbc_sdk.errors import ConnectionError, UnauthorizedError, ServerError, ClientError
 
     from cbinterface.cli import load_configured_environments
-    from cbinterface.config import get_default_cbapi_product, get_default_cbapi_profile
+    from cbinterface.config import get_default_cb_product, get_default_cb_profile
     from cbinterface.helpers import input_with_timeout
     from cbinterface.commands import ExecuteCommand, PutFile, GetFile, DeleteFile
 
-    from cbinterface.psc.device import find_device_by_hostname, is_device_online
+    from cbinterface.enterprise_edr.device import find_device_by_hostname, is_device_online
     from cbinterface.response.sensor import make_sensor_query, is_sensor_online
 except ModuleNotFoundError:
     sys.stderr.write("[ERROR] deploy_lerc only supports deployment with carbon black and cbinterface.")
@@ -105,7 +105,7 @@ def deploy_lerc(device_or_sensor: Union[Device, Sensor], install_command: str, l
 
     hostname = device = sensor = None
     if isinstance(device_or_sensor, Device):
-        from cbinterface.psc.sessions import CustomLiveResponseSessionManager
+        from cbinterface.enterprise_edr.sessions import CustomLiveResponseSessionManager
         device = device_or_sensor
         hostname = device.name[device.name.rfind('\\')+1:] if '\\' in device.name else device.name
     elif isinstance(device_or_sensor, Sensor):
@@ -138,7 +138,7 @@ def deploy_lerc(device_or_sensor: Union[Device, Sensor], install_command: str, l
     cb = device_or_sensor._cb
 
     offline = False
-    timeout = 1200  # default 20 minutes (same used by Cb)
+    timeout = 900  # default 15 minutes (same used by Cb)
     if device and not is_device_online(device):
         # Decision point: if the device is NOT online, give the analyst and option to wait
         logger.warning(f"{device.id}:{device.name} is offline.")
@@ -170,18 +170,18 @@ def deploy_lerc(device_or_sensor: Union[Device, Sensor], install_command: str, l
         timeout = timeout * 86400
 
     logger.info(f"waiting for active session on device ...")
-    session_manager = CustomLiveResponseSessionManager(cb, custom_session_keepalive=True)
+    session_manager = CustomLiveResponseSessionManager(cb, custom_session_keepalive=False)
     if not session_manager.wait_for_active_session(device_or_sensor, timeout=timeout):
         logger.error(f"reached timeout waiting for active session.")
         return False
 
-    download = PutFile(lerc_installer_path, 'lercSetup.msi')
+    download = PutFile(lerc_installer_path, 'C:\\Windows\\System32\\lercSetup.msi')
     execute = ExecuteCommand(install_command, wait_for_output=False, wait_timeout=60, wait_for_completion=True)
 
     logger.info(f"submitting commands to download and install lerc.") 
     if previously_installed:
         # delete any old msi package, just in-case
-        session_manager.submit_command(DeleteFile('lercSetup.msi'), device_or_sensor)
+        session_manager.submit_command(DeleteFile('C:\\Windows\\System32\\lercSetup.msi'), device_or_sensor)
     session_manager.submit_command(download, device_or_sensor)
     session_manager.submit_command(execute, device_or_sensor)
     session_manager.process_completed_commands() # wait

lerc_control/lerc_api/__init__.py

@@ -241,13 +241,13 @@ def _issue_command(self, command):
             return False
 
 
-    def Run(self, shell_command, async=False):
+    def Run(self, shell_command, asynchronous=False):
         """Execute a shell command on the host.
 
         :param str shell_command: The command to run on the host
         :param bool async: (optional) ``False``: LERC client will stream any results and  wait until for completion. ``True``: Execute the command and return immediately.
         """
-        command = { "operation":"run", "command": shell_command, "async": async }
+        command = { "operation":"run", "command": shell_command, "async": asynchronous }
         return self._issue_command(command)
 
     def Download(self, server_file_path, client_file_path=None, analyst_file_path=None):
@@ -348,7 +348,7 @@ def contain(self):
         self.Run('del {}'.format(bat_name))
 
         self.Download(safe_contain_bat_path)
-        containment_command = self.Run(contain_cmd.format(int(self.sleep_cycle)+5), async=True)
+        containment_command = self.Run(contain_cmd.format(int(self.sleep_cycle)+5), asynchronous=True)
 
         # Dummy command to give the containment command enough time to execute before lerc kills it with wmic
         flag_cmd = self.Run("dir")

lerc_control/scripted.py

@@ -182,7 +182,7 @@ def execute_script(lerc, script_path, return_result_commands=False, execute_clea
                     # assuming we never will want to async_run OR write_results_path OR print_results
                     COMMON_CLEANUP_COMMANDS['RUN'].append(run_string)
                 continue
-            cmd = lerc.Run(run_string, async=async_run)
+            cmd = lerc.Run(run_string, asynchronous=async_run)
             command_history[command] = cmd
             command_history[command].get_the_results = get_results
             command_history[command].write_results_path = write_results_path

setup.py

@@ -8,7 +8,7 @@
 from codecs import open
 from os import path
 
-__version__ = "0.0.24"
+__version__ = "0.0.25"
 description = "Libraries and utilities for controling and working with Live Endpoint Response Clients."
 
 here = path.abspath(path.dirname(__file__))