-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathamcatchfetch.php
82 lines (79 loc) · 5.07 KB
/
amcatchfetch.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php
if(isset($_POST["page"])){
$page_number = filter_var($_POST["page"], FILTER_SANITIZE_NUMBER_INT, FILTER_FLAG_STRIP_HIGH); //filter number
if(!is_numeric($page_number)){die('Invalid page number!');} //incase of invalid page number
}else{
$page_number = 1; //if there's no page number, set it to 1
}
$total = 0;$item_per_page = 10;
if($huntGUID != '' and $serverID != '') {
$tsqlAMCacheCount = "select count(*) Total FROM [NOAH].[dbo].[AmcacheAudited] aa, [NOAH].[dbo].[ServerAudited] sa, [NOAH].[dbo].[Hunt] hu
WHERE hu.huntingGUID = '$huntGUID'
AND sa.serverID = $serverID
AND aa.serverID = sa.serverID
AND hu.huntingID = sa.huntingID";
$getAmcache = sqlsrv_query($conn, $tsqlAMCacheCount);
if ( $getAmcache === false)
die( print_r( sqlsrv_errors(), true));
$data = array();
$data['data'] = '';
if(sqlsrv_has_rows($getAmcache)) {
if( $row = sqlsrv_fetch_array( $getAmcache, SQLSRV_FETCH_ASSOC)) {
$total = $row['Total'];
}
//break records into pages
$total_pages = ceil($total/$item_per_page);
//position of records
$page_position = (($page_number-1) * $item_per_page);
$tsqlAMCache = "SELECT
hu.huntingGUID, sa.serverName,[amcacheAuditedID],[Associated],[ProgramName],[ProgramID],[VolumeID],[VolumeIDLastWriteTimestamp],[FileID],[FileIDLastWriteTimestamp],[SHA1],[FullPath],[FileExtension],[MFTEntryNumber],[MFTSequenceNumber],[FileSize],[FileVersionString],[FileVersionNumber],[FileDescription],[PEHeaderSize],[PEHeaderHash],[PEHeaderChecksum],[Created],[LastModified],[LastModified2],[CompileTime],[LanguageID],[CompanyName]
FROM [NOAH].[dbo].[AmcacheAudited] aa, [NOAH].[dbo].[ServerAudited] sa, [NOAH].[dbo].[Hunt] hu
WHERE hu.huntingGUID = '$huntGUID'
AND sa.serverID = $serverID
AND aa.serverID = sa.serverID
AND hu.huntingID = sa.huntingID
GROUP BY huntingGUID, serverName,[amcacheAuditedID],[Associated],[ProgramName],[ProgramID],[VolumeID],[VolumeIDLastWriteTimestamp],[FileID],[FileIDLastWriteTimestamp],[SHA1],[FullPath],[FileExtension],[MFTEntryNumber],[MFTSequenceNumber],[FileSize],[FileVersionString],[FileVersionNumber],[FileDescription],[PEHeaderSize],[PEHeaderHash],[PEHeaderChecksum],[Created],[LastModified],[LastModified2],[CompileTime],[LanguageID],[CompanyName]
ORDER BY [amcacheAuditedID]
OFFSET ".$page_position." ROWS
FETCH NEXT ".$item_per_page." ROWS ONLY
";
}
}
else {
$tsqlAMCacheCount = "select count(*) Total FROM [NOAH].[dbo].[AmcacheAudited] aa, [NOAH].[dbo].[ServerAudited] sa, [NOAH].[dbo].[Hunt] hu
WHERE aa.serverID = sa.serverID
AND sa.huntingID = hu.huntingID";
$getAmcache = sqlsrv_query($conn, $tsqlAMCacheCount);
if ( $getAmcache === false)
die( print_r( sqlsrv_errors(), true));
$data = array();
$data['data'] = '';
if(sqlsrv_has_rows($getAmcache)) {
if( $row = sqlsrv_fetch_array( $getAmcache, SQLSRV_FETCH_ASSOC)) {
$total = $row['Total'];
}
//break records into pages
$total_pages = ceil($total/$item_per_page);
//position of records
$page_position = (($page_number-1) * $item_per_page);
$tsqlAMCache = "SELECT
hu.huntingGUID, sa.serverName,[Associated],[ProgramName],[ProgramID],[VolumeID],[VolumeIDLastWriteTimestamp],[FileID],[FileIDLastWriteTimestamp],[SHA1],[FullPath],[FileExtension],[MFTEntryNumber],[MFTSequenceNumber],[FileSize],[FileVersionString],[FileVersionNumber],[FileDescription],[PEHeaderSize],[PEHeaderHash],[PEHeaderChecksum],[Created],[LastModified],[LastModified2],[CompileTime],[LanguageID],[CompanyName]
FROM [NOAH].[dbo].[AmcacheAudited] aa, [NOAH].[dbo].[ServerAudited] sa, [NOAH].[dbo].[Hunt] hu
WHERE aa.serverID = sa.serverID
AND sa.huntingID = hu.huntingID
GROUP BY huntingGUID, serverName,[Associated],[ProgramName],[ProgramID],[VolumeID],[VolumeIDLastWriteTimestamp],[FileID],[FileIDLastWriteTimestamp],[SHA1],[FullPath],[FileExtension],[MFTEntryNumber],[MFTSequenceNumber],[FileSize],[FileVersionString],[FileVersionNumber],[FileDescription],[PEHeaderSize],[PEHeaderHash],[PEHeaderChecksum],[Created],[LastModified],[LastModified2],[CompileTime],[LanguageID],[CompanyName]
OFFSET ".$page_position." ROWS
FETCH NEXT ".$item_per_page." ROWS ONLY
";
}
}
$getAmcache = sqlsrv_query($conn, $tsqlAMCache);
if ( $getAmcache === false)
die( print_r( sqlsrv_errors(), true));
$data = array();
$data['data'] = '';
if(sqlsrv_has_rows($getAmcache)) {
while( $row = sqlsrv_fetch_array( $getAmcache, SQLSRV_FETCH_ASSOC)) {
echo '<tr><td>'.$row['huntingGUID'].'</td><td>'.$row['serverName'].'</td><td>'.$row['Associated'].'</td><td>'.$row['ProgramName'].'</td><td>'.$row['ProgramID'].'</td><td>'.$row['VolumeID'].'</td><td>'.$row['SHA1'].'</td></tr>';
}
}