public/Watch-VPASActivePSMSession.ps1
|
<#
.Synopsis MONITOR ACTIVE SESSION CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO MONITOR ACTIVE PSM SESSION .LINK https://vpasmodule.com/commands/Watch-VPASActivePSMSession .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER ActiveSessionID Unique ID that maps to the target ActiveSession Supply the ActiveSessionID to skip any querying to find the target ActiveSession .PARAMETER OpenRDPFile Trigger the RDPFile to open by default, rather then just display the RDPFile contents .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $MonitorActiveSessionRDPFile = Watch-VPASActivePSMSession -SearchQuery {SEARCHQUERY VALUE} .EXAMPLE $MonitorActiveSessionRDPFile = Watch-VPASActivePSMSession -ActiveSessionID {ACTIVE SESSION ID VALUE} .EXAMPLE $InputParameters = @{ SearchQuery = "DomainAdmin01" OpenRDPFile = $true|$false } $MonitorActiveSessionRDPFile = Watch-VPASActivePSMSession -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ ActiveSessionID = "12_135" OpenRDPFile = $true|$false } $MonitorActiveSessionRDPFile = Watch-VPASActivePSMSession -InputParameters $InputParameters .OUTPUTS If successful: An RDP file containing the following example full address:s:1.2.3.4 server port:i:3389 username:s:localhost\PSM@1df467e5-de84-424f-8527-d88a423577fc alternate shell:s:PSM@1df467e5-de84-424f-8527-d88a423577fc desktopwidth:i:768 desktopheight:i:1024 screen mode id:i:2 redirectdrives:i:0 drivestoredirect:s: redirectsmartcards:i:0 EnableCredSspSupport:i:0 redirectcomports:i:0 remoteapplicationmode:i:0 use multimon:i:0 span monitors:i:0 smart sizing:i:1 --- $false if failed #> function Watch-VPASActivePSMSession{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find the target active session (for example: DomainAdmin01)")] [String]$SearchQuery, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique SessionID of the target active session (for example: 12_135)")] [String]$ActiveSessionID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$OpenRDPFile, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("SearchQuery","OpenRDPFile") MandatoryKeys = @("SearchQuery") } set2 = @{ AcceptableKeys = @("ActiveSessionID","OpenRDPFile") MandatoryKeys = @("ActiveSessionID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE ACTIVE SESSION" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($ActiveSessionID)){ Write-Verbose "NO ACTIVESESSIONID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE ACTIVE SESSION ID BASED ON SPECIFIED PARAMETERS" $ActiveSessionID = Get-VPASActiveSessionIDHelper -token $token -SearchQuery $SearchQuery Write-Verbose "RETURNING ACTIVE SESSION ID" } else{ Write-Verbose "ACTIVE SESSION ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/LiveSessions/$ActiveSessionID/Monitor/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/LiveSessions/$ActiveSessionID/Monitor/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } Write-Verbose "CONSTRUCTING FILENAME" $tempResponse = $response -split "`r`n" $GUID = $tempResponse[2] -split ":" $tempName = $GUID[2] + "-MONITORING.rdp" $tempName = $tempName -replace "\\","_" Write-Verbose "CREATING RDP FILE" $curUser = $env:UserName $outputPath = "C:\Users\$curUser\Downloads\$tempName" write-output $response | Set-Content $outputPath Write-Verbose "RDP FILE CREATED: $outputPath" if($OpenRDPFile){ write-verbose "OPENING RDP FILE" #Invoke-Expression "mstsc.exe '$outputPath'" Start-Process "$env:windir\system32\mstsc.exe" -ArgumentList "$outputPath" } else{ Write-VPASOutput -str "RDP FILE CREATED: $outputPath" -type M Write-VPASOutput -str "PLEASE NOTE THIS FILE IS VALID FOR ~15 SECONDS ONLY" -type M } $outputlog = $response $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN Write-Verbose "RETURNING RDP FILE CONTENT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO MONITOR ACTIVE SESSION" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |