def systemInfo():
verInfo = r"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
psKey = r"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine"
sysPolKey = r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System"
sysSummary = printHeader("SYSTEM INFORMATION")
sysSummary += "{0:<10}: {1}\n".format("Host", Env.MachineName)
sysSummary += "{0:<10}: {1} {2}\n".format("OS", Registry.GetValue(verInfo, "ProductName", "Windows"), Diagnostics.FileVersionInfo.GetVersionInfo(Env.SystemDirectory + "\\kernel32.dll").ProductVersion)
sysSummary += "{0:<10}: {1}\n".format("64-Bit", Env.Is64BitOperatingSystem)
sysSummary += "{0:<10}: {1}\n".format("Date", DateTime.Now.ToString())
sysSummary += "{0:<10}: {1}\n\n".format("Uptime", DateTimeOffset(DateTime.Now).AddMilliseconds(-Env.TickCount).LocalDateTime)
sysSummary += "{0:<14}: {1}\{2}\n".format("Username", Env.UserDomainName, Env.UserName)
sysSummary += "{0:<14}: {1}\n\n".format("Logon Server", Env.GetEnvironmentVariable("LOGONSERVER"))
sysSummary += "{0:<22}: {1}\n".format("PowerShell Version", Registry.GetValue(psKey, "PowerShellVersion", "N/A - Likely 2.0"))
sysSummary += "{0:<22}: {1}\n".format("PowerShell Compat", Registry.GetValue(psKey, "PSCompatibleVersion", "N/A - Likely 1.0, 2.0"))
sysSummary += "{0:<22}: {1}\n".format("PS Script Block Log", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging", "EnableScriptBlockLogging", "N/A"))
sysSummary += "{0:<22}: {1}\n".format("PS Transcription", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription", "EnableTranscripting", "N/A"))
sysSummary += "{0:<22}: {1}\n".format("PS Transcription Dir", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription", "OutputDirectory", "N/A"))
sysSummary += "{0:<22}: {1}\n\n".format("PS Module Logging", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging", "EnableModuleLogging", "N/A"))
sysSummary += "{0:<27}: {1}\n".format("UAC Enabled", Convert.ToBoolean(Registry.GetValue(sysPolKey, "EnableLUA", "N/A")))
sysSummary += "{0:<27}: {1}\n".format("High Integrity", WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
sysSummary += "{0:<27}: {1}\n".format("UAC Token Filter Disabled", Registry.GetValue(sysPolKey, "LocalAccount", False))
sysSummary += "{0:<27}: {1}\n".format("UAC Admin Filter Enabled", Registry.GetValue(sysPolKey, "FilterAdministratorToken", False))
sysSummary += "{0:<27}: {1}\n".format("Local Admin Pass Solution", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd", "AdmPwdEnabled", "N/A"))
sysSummary += "{0:<27}: {1}\n".format("LSASS Protection", Registry.GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa", "RunAsPPL", "N/A"))
sysSummary += "{0:<27}: {1}\n".format("Deny RDP Connections", Convert.ToBoolean(Registry.GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server", "FDenyTSConnections", "N/A")))
return sysSummary
def firewallStatus():
fwKey = r"HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy"
fwSummary = printHeader("FIREWALL STATUS")
fwSummary += "Standard: {0}\n".format(
Convert.ToBoolean(
Registry.GetValue(fwKey + "\StandardProfile", "EnableFirewall",
"N/A")))
fwSummary += "Domain: {0}\n".format(
Convert.ToBoolean(
Registry.GetValue(fwKey + "\DomainProfile", "EnableFirewall",
"N/A")))
fwSummary += "Public: {0}\n".format(
Convert.ToBoolean(
Registry.GetValue(fwKey + "\PublicProfile", "EnableFirewall",
"N/A")))
#MAYBE TO-DO: Parse/print firewall rules
'''rulesKey = Registry.LocalMachine.OpenSubKey("System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules")
rules = rulesKey.GetValueNames()
for rule in rules:
value = rulesKey.GetValue(rule)
if "Active=TRUE" in value:
valueDict = {}
settings = value.split("|")
for s in settings[1:-1]:
k = s.split("=")[0]
v = s.split("=")[1]
valueDict[k] = v
if 'LPort' in valueDict:
print valueDict
#fwSummary += "{0:<40}: {1}\n".format(rule, value)'''
print fwSummary
def firewallStatus():
fwKey = r"HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy"
fwSummary = printHeader("FIREWALL STATUS")
fwSummary += "Standard: {0}\n".format(Convert.ToBoolean(Registry.GetValue(fwKey + "\StandardProfile", "EnableFirewall", "N/A")))
fwSummary += "Domain: {0}\n".format(Convert.ToBoolean(Registry.GetValue(fwKey + "\DomainProfile", "EnableFirewall", "N/A")))
fwSummary += "Public: {0}\n".format(Convert.ToBoolean(Registry.GetValue(fwKey + "\PublicProfile", "EnableFirewall", "N/A")))
return fwSummary
def _get_map_value2(map, key, format=None):
try:
if str(type(map[key])) == "<type 'NSData'>":
if format == 'str':
return Encoding.UTF8.GetString(map[key].Bytes)
if format == 'bool':
return Convert.ToBoolean(map[key].Bytes)
if format == 'int':
return Convert.ToInt32(map[key].Bytes)
return map[key].Bytes
if format == 'data':
return Encoding.UTF8.GetBytes(str(map[key]))
if format == 'bool':
return bool(map[key])
if format == 'int':
return int(str(map[key]))
return str(map[key])
except:
if format == 'bool':
return False
elif format == 'int':
return 0
elif format == 'str':
return ""
elif format == 'data':
return bytes(0)
def load_bool_from_xml(self, xmldoc, name):
"""Loads a bool with a specified node name from an XmlDocument and saves it to the attribute. The bool should be saved as:
<name>true/false</name>
xmldoc->The XmlDocment to load from.
name->The attribute to save to and the root node name to load the bool from."""
if xmldoc.SelectSingleNode(name) is not None:
setattr(self, name, Convert.ToBoolean(xmldoc.SelectSingleNode(name).InnerText))
def _get_map_value(map, key, format=None):
try:
if map.ContainsKey(key) == False:
if format == 'bool':
return False
elif format == 'int':
return 0
elif format == 'str':
return ""
elif format == 'data':
return Encoding.UTF8.GetBytes("0")
if hasattr(map[key], "Bytes"):
if format == 'str':
return Encoding.UTF8.GetString(map[key].Bytes)
if format == 'bool':
return Convert.ToBoolean(map[key].Bytes)
if format == 'int':
return Convert.ToInt32(map[key].Bytes)
return map[key].Bytes
if format == 'data':
if hasattr(map[key], "Bytes"):
return map[key].Bytes
else:
return Encoding.UTF8.GetBytes(map[key].ToString())
if format == 'bool':
if hasattr(map[key], "ToBool"):
return map[key].ToBool()
else:
return bool(map[key])
if format == 'int':
if hasattr(map[key], "ToInt"):
return map[key].ToInt()
else:
return Convert.ToInt32(map[key])
return map[key].ToString()
except:
if format == 'bool':
return False
elif format == 'int':
return 0
elif format == 'str':
return ""
elif format == 'data':
return Encoding.UTF8.GetBytes("0")