Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Analysis and Evaluation of the Windows Event Log - Bill Buchanan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
C:\Documents <strong>and</strong> Settings\Barrie\My ...-aes\simpletcpserver-aes\Program.cs<br />
element = doc.SelectSingleNode("/AES/passwordIterations");<br />
int passwordIterations = Convert.ToInt16(element.InnerText);<br />
element = doc.SelectSingleNode("/AES/initVector");<br />
string initVector = element.InnerText;<br />
element = doc.SelectSingleNode("/AES/keySize");<br />
int keySize = Convert.ToInt16(element.InnerText);<br />
if(!(Directory.Exists("C:\\<strong>Log</strong>s\\" + clientep.Address)))<br />
Directory.CreateDirectory("C:\\<strong>Log</strong>s\\" + clientep.Address);<br />
2<br />
string logFile = "C:\\<strong>Log</strong>s\\" + clientep.Address +"\\Evt<strong>Log</strong>2.log";<br />
TextWriter tsw;<br />
try<br />
{<br />
tsw = File.AppendText(logFile);<br />
}<br />
catch<br />
{<br />
tsw = new StreamWriter(@logFile);<br />
}<br />
tsw.WriteLine("Connected with {0} at port {1}",<br />
clientep.Address, clientep.Port);<br />
int myCount = 0;<br />
recv = 0;<br />
while (true)<br />
{<br />
data = new byte[10240];<br />
recv = client.Receive(data);<br />
if (recv == 0)<br />
break;<br />
string encryptedMessage = Encoding.ASCII.GetString(data, 0, recv);<br />
string decryptedMessage = Decrypt(encryptedMessage, passPhrase, saltValue,<br />
hashAlgorithm, passwordIterations, initVector, keySize);<br />
decryptedMessage = "" + DateTime.Now + "" +<br />
decryptedMessage;<br />
myCount++;<br />
Console.Write(myCount + " ");<br />
tsw.WriteLine(decryptedMessage);<br />
client.Send(data, recv, SocketFlags.None);<br />
}<br />
Console.WriteLine("Disconnected from {0}", clientep.Address);<br />
tsw.WriteLine("Disconnected from {0}",<br />
clientep.Address);<br />
tsw.Close();<br />
client.Close();<br />
newsock.Close();<br />
}<br />
static void writekey(string publickey)<br />
{<br />
StreamWriter fs = new StreamWriter("public.xml");<br />
fs.Write(publickey);<br />
fs.Close();<br />
}<br />
public static string Decrypt(string cipherText,string passPhrase,string saltValue,<br />
string hashAlgorithm,int passwordIterations,string initVector,int keySize)<br />
{<br />
byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);<br />
byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);<br />
byte[] cipherTextBytes = Convert.FromBase64String(cipherText);<br />
PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase,saltValueBytes,<br />
hashAlgorithm,passwordIterations);<br />
byte[] keyBytes = password.GetBytes(keySize / 8);<br />
RijndaelManaged symmetricKey = new RijndaelManaged();<br />
symmetricKey.Mode = CipherMode.CBC;<br />
ICryptoTransform decryptor = symmetricKey.CreateDecryptor(keyBytes,initVectorBytes)<br />
;<br />
MemoryStream memoryStream = new MemoryStream(cipherTextBytes);<br />
CryptoStream cryptoStream = new CryptoStream(memoryStream,decryptor,<br />
CryptoStreamMode.Read);<br />
byte[] plainTextBytes = new byte[cipherTextBytes.Length];<br />
String plainText;<br />
try