shadowbrokers-exploits/windows/Resources/Ep/Scripts/RoundupMast/rmregquery.eps

97 lines
2 KiB
PostScript
Raw Normal View History

# $Revision: 1.2 $ $Date: 2007-06-04 12:12:51-04 $
int $i;
int $j;
string $key;
string $apptype;
string $appname;
string $ip;
string $port;
string $REG_BASE;
$REG_BASE[0] = "Software\\Siemens\\SC";
$REG_BASE[1] = "Software\\Siemens\\NetM";
@record on;
$i = 0;
while ($i < sizeof($REG_BASE))
{
`regquery -hive L -subkey $REG_BASE[$i]`;
string $versions = GetCmdData("subkey");
$j = 0;
while ($j < sizeof($versions))
{
`regquery -hive L -subkey $REG_BASE[$i]\\$versions[$j]\\IPCIPI\\NameService`;
`regquery -hive L -subkey $REG_BASE[$i]\\$versions[$j]\\Admin`;
`regquery -hive L -subkey $REG_BASE[$i]\\$versions[$j]\\Admin\\Internal`;
$j++;
}
$i++;
}
# get a list of APPNAMES
`regquery -hive R -subkey SNI\\WINTNS\\APPNAMES`;
string $APPNAMES = GetCmdData("subkey");
ifnot (prompt "Should I enumerate the network elements?")
{
return true;
}
echo "";
echo "Getting network element information:";
echo "";
echo "---------------------------------------------";
@echo off;
$i = 0;
while ($i < sizeof($APPNAMES))
{
# ignore this appname if it does not contain TCPIP or ETPX25
$appname = split(".", $APPNAMES[$i]);
if ((defined($appname[1]) == false) || ($appname[1] != "TCPIP" && $appname[1] != "ETPX25"))
{
$i++;
continue;
}
$key = "SNI\\WINTNS\\APPNAMES\\$APPNAMES[$i]\\APPTYPE";
`regquery -hive R -subkey $key`;
$apptype = GetCmdData("value_data");
if (defined($apptype) && ($apptype == "DIALG"))
{
if ($appname[1] == "TCPIP")
{
$key = "SNI\\WINTNS\\APPNAMES\\$APPNAMES[$i]\\REMOTE\\IPADDR";
`regquery -hive R -subkey $key`;
$ip = GetCmdData("value_data");
$key = "SNI\\WINTNS\\APPNAMES\\$APPNAMES[$i]\\REMOTE\\TCPPORT";
`regquery -hive R -subkey $key`;
$port = GetCmdData("value_data");
echo "$APPNAMES[$i] $apptype $ip $port";
}
else
{
echo "$APPNAMES[$i] $apptype";
}
}
$i++;
}
echo "---------------------------------------------";
@record off;
@echo on;
return true;