def _dt_to_wmi(self, dt): ''' A wrapper around wmi.from_time to get a WMI-formatted time from a time struct. ''' import wmi return wmi.from_time(year=dt.year, month=dt.month, day=dt.day, hours=dt.hour, minutes=dt.minute, seconds=dt.second, microseconds=0, timezone=0)
def _dt_to_wmi(self, dt): ''' A wrapper around wmi.from_time to get a WMI-formatted time from a time struct. ''' return wmi.from_time(year=dt.year, month=dt.month, day=dt.day, hours=dt.hour, minutes=dt.minute, seconds=dt.second, microseconds=0, timezone=0)
def schedule_job(c): c = wmi.WMI () one_minutes_time = datetime.datetime.now () + datetime.timedelta (minutes=1) job_id, result = c.Win32_ScheduledJob.Create ( Command=r"cmd.exe /c dir /b c:\ > c:\\temp.txt", StartTime=wmi.from_time (one_minutes_time) ) print job_id for line in os.popen ("at"): print line
def getNTlogs(ip,_timeframe=1): """ get Event logs of security, system returns: dict of event logs """ import datetime o = {} t = [] t.append(120*'-') t.append("NT Event Logs - past %d %s"%(_timeframe,('days' if _timeframe>1 else 'day'))) timeframe = datetime.date.today () - datetime.timedelta (_timeframe) wmi_timeframe = wmi.from_time (*timeframe.timetuple ()[:-1]) """ NT System Logs """ q = "SELECT * FROM Win32_NTLogEvent \ WHERE (EventType = 1 OR EventType = 2) AND (Logfile = 'System') \ AND TimeGenerated >= '%s'" % wmi_timeframe t.append("%-10s\t%20s\t%-50s\t%-30s\t%-20s\t%s" %("Event","Time","Message","Source","Event ID","Type")) wmiObj = wmi.WMI (ip) for event in wmiObj.query (q): t.append(30*'-') t.append("%-10s\t%20s\t%-50s\t%-30s\t%-20s\t%s" % (str(event.LogFile), str(from_wmi_time(event.TimeGenerated)),str(event.Message), str(event.SourceName),str(event.EventCode), str(event.Type)) ) """ NT Security Log files """ q = "SELECT * FROM Win32_NTLogEvent \ WHERE (EventType = 5) AND (Logfile = 'Security') \ AND TimeGenerated >= '%s'" % wmi_timeframe wmiObj = wmi.WMI (ip) for event in wmiObj.query (q): t.append(30*'-') t.append("%-10s\t%20s\t%-50s\t%-30s\t%-20s\t%s" % (str(event.LogFile), str(from_wmi_time(event.TimeGenerated)),str(event.Message), str(event.SourceName),str(event.EventCode), str(event.Type)) ) o['ntlogs'] = t logger.debug("< getting of NT Event Logs thread finished>") return o
print "show signature-------------------------" for opsys in c.Win32_OperatingSystem(): break print opsys.Reboot print opsys.Shutdown for line in os.popen("at"): print line print "create ScheduledJob-------------------------" one_minutes_time = datetime.datetime.now() + datetime.timedelta(minutes=1) job_id, result = c.Win32_ScheduledJob.Create( Command=r"cmd.exe /c dir /b c:\ > c:\\temp.txt", StartTime=wmi.from_time(one_minutes_time)) print job_id print "create MINIMIZED Process-------------------------" SW_SHOWMINIMIZED = 1 startup = c.Win32_ProcessStartup.new(ShowWindow=SW_SHOWMINIMIZED) pid, result = c.Win32_Process.Create(CommandLine="notepad.exe", ProcessStartupInformation=startup) print pid print "create namespaces-------------------------" def enumerate_namespaces(namespace=u"root", level=0): print level * " ", namespace.split("/")[-1]
#give some help if obviously wrong command line if len(sys.argv)==1 or options.targetCMD is None: parser.print_help() sys.exit() if options.targetIPFile is None: #just one targetIP specified via commandline wmiUser=raw_input("User:"******"job: %s created" %(job_id)) else: #we've got a file that should contain a list of target IPs as destinations: if not os.path.isfile(options.targetIPFile): sys.stderr.write("Target file not found: %s\n"%(options.targetIPFile)) parser.print_help() sys.exit(1) wmiUser=raw_input("User:") wmiPassword=getpass.getpass() with open(options.targetIPFile) as f: for line in f.readlines(): #get rid of any cr/lf
def test_from_time (self): "Check conversion from time-tuple to time-string" for t, s in self.times: self.assertEquals (wmi.from_time (*t), s)
if options.targetIPFile is None: #just one targetIP specified via commandline wmiUser = raw_input("User:"******"job: %s created" % (job_id))
print "show signature-------------------------" for opsys in c.Win32_OperatingSystem (): break print opsys.Reboot print opsys.Shutdown for line in os.popen("at"): print line print "create ScheduledJob-------------------------" one_minutes_time = datetime.datetime.now() + datetime.timedelta(minutes=1) job_id, result = c.Win32_ScheduledJob.Create( Command=r"cmd.exe /c dir /b c:\ > c:\\temp.txt", StartTime=wmi.from_time(one_minutes_time) ) print job_id print "create MINIMIZED Process-------------------------" SW_SHOWMINIMIZED = 1 startup = c.Win32_ProcessStartup.new(ShowWindow=SW_SHOWMINIMIZED) pid, result = c.Win32_Process.Create( CommandLine="notepad.exe", ProcessStartupInformation=startup ) print pid print "create namespaces-------------------------"