def as_text(self): t = '--- start share ---\n' t += 'Share Name: ' + str(self.get_name()) + '\n' t += 'Description: ' + str(self.get_description()) + '\n' if self.get_path(): t += 'Path: ' + str(self.get_path()) + '\n' else: t += 'Path: None\n' t += 'Passwd: ' + str(self.get_passwd()) + '\n' t += 'Current Uses: ' + str(self.get_current_uses()) + '\n' t += 'Max Uses: ' + str(self.get_max_uses()) + '\n' t += 'Permissions: ' + str(self.get_permissions()) + '\n' if self.get_path(): f = File(self.get_path()) if f.exists(): if f.get_sd(): t += 'Directory Security Descriptor:\n' t += f.get_sd().as_text() + '\n' else: t += 'Directory Security Descriptor: None (can\'t read sd)\n' else: t += 'Directory Security Descriptor: None (path doesn\'t exist)\n' else: t += 'Directory Security Descriptor: None (no path)\n' if self.get_sd(): t += 'Share Security Descriptor:\n' t += self.get_sd().as_text() + '\n' else: t += 'Share Security Descriptor: None\n' t += '--- end share ---\n' return t
def find_in_path(f): f_str = f.get_name() for d in os.environ.get('PATH').split(';'): #print "[D] looking in path for %s" % d + "\\" + f_str if os.path.exists(d + "\\" + f_str): #print "[D] found in path %s" % d + "\\" + f_str return File(d + "\\" + f_str) return None
def dumptab_all_files(self): # Record info about all directories include_dirs = 1 # Identify all NTFS drives prog_dirs = [] for d in Drives().get_fixed_drives(): print(wpc.utils.tab_line("info", "drive", d.get_name(), d.get_fs())) if d.get_fs() == 'NTFS': prog_dirs.append(d.get_name()) # Walk the directory tree of each NTFS drive for directory in prog_dirs: for filename in wpc.utils.dirwalk(directory, '*', include_dirs): f = File(filename) print(f.as_tab())
def get_exe_file(self): if not self.exe_file: filename = self.get_exe_path_clean() if filename: # might be None self.exe_file = File(filename) else: self.exe_file = None return self.exe_file
def dumptab_program_files(self): # Record info about all directories include_dirs = 1 prog_dirs = [] if os.getenv('ProgramFiles'): prog_dirs.append(os.environ['ProgramFiles']) if os.getenv('ProgramFiles(x86)'): prog_dirs.append(os.environ['ProgramFiles(x86)']) for directory in prog_dirs: # Walk program files directories looking for executables for filename in wpc.utils.dirwalk( directory, wpc.conf.executable_file_extensions, include_dirs): f = File(filename) print(f.as_tab())
def get_dlls(self): if self.dlls == []: if self.get_mhs(): for mh in self.get_mhs(): dll = win32process.GetModuleFileNameEx(self.get_ph(), mh) #print dll self.dlls.append(File(dll)) #dump_perms(dll, 'file', {'brief': 1}) return self.dlls
def dump_all_files(self): # Record info about all directories include_dirs = 1 # TODO other drives too prog_dirs = ['c:\\'] count = 0 for dir in prog_dirs: # Walk program files directories looking for executables for filename in wpc.utils.dirwalk(dir, '*', include_dirs): f = File(filename) #print "[D] Processing %s" % f.get_name() # TODO check file owner, parent paths, etc. Maybe use is_replaceable instead? aces = f.get_dangerous_aces() count = count + 1 for ace in aces: for p in ace.get_perms(): print("%s\t%s\t%s\t%s\t%s" % (f.get_type(), f.get_name(), ace.get_type(), ace.get_principal().get_fq_name(), p))
def lookup_files_for_clsid(clsid): results = [] # Potentially intersting subkeys of clsids are listed here: # http://msdn.microsoft.com/en-us/library/windows/desktop/ms691424(v=vs.85).aspx for v in ("InprocServer", "InprocServer32", "LocalServer", "LocalServer32"): r = RegKey("HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\" + clsid + "\\" + v) if r.is_present: d = r.get_value("") # "(Default)" value if d: d = env_expand(d) results.append([r, v, File(d)]) # else: # print "[i] Skipping non-existent clsid: %s" % r.get_name() return results
def add_by_name(self, name): f = File(name) self.add(f)
def get_exe(self): if not self.exe: if self.get_exe_path_dirty(): self.exe = File(self.get_exe_path_clean()) return self.exe