def systemInfo(): verInfo = r"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" psKey = r"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine" sysPolKey = r"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" sysSummary = printHeader("SYSTEM INFORMATION") sysSummary += "{0:<10}: {1}\n".format("Host", Env.MachineName) sysSummary += "{0:<10}: {1} {2}\n".format("OS", Registry.GetValue(verInfo, "ProductName", "Windows"), Diagnostics.FileVersionInfo.GetVersionInfo(Env.SystemDirectory + "\\kernel32.dll").ProductVersion) sysSummary += "{0:<10}: {1}\n".format("64-Bit", Env.Is64BitOperatingSystem) sysSummary += "{0:<10}: {1}\n".format("Date", DateTime.Now.ToString()) sysSummary += "{0:<10}: {1}\n\n".format("Uptime", DateTimeOffset(DateTime.Now).AddMilliseconds(-Env.TickCount).LocalDateTime) sysSummary += "{0:<14}: {1}\{2}\n".format("Username", Env.UserDomainName, Env.UserName) sysSummary += "{0:<14}: {1}\n\n".format("Logon Server", Env.GetEnvironmentVariable("LOGONSERVER")) sysSummary += "{0:<22}: {1}\n".format("PowerShell Version", Registry.GetValue(psKey, "PowerShellVersion", "N/A - Likely 2.0")) sysSummary += "{0:<22}: {1}\n".format("PowerShell Compat", Registry.GetValue(psKey, "PSCompatibleVersion", "N/A - Likely 1.0, 2.0")) sysSummary += "{0:<22}: {1}\n".format("PS Script Block Log", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging", "EnableScriptBlockLogging", "N/A")) sysSummary += "{0:<22}: {1}\n".format("PS Transcription", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription", "EnableTranscripting", "N/A")) sysSummary += "{0:<22}: {1}\n".format("PS Transcription Dir", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription", "OutputDirectory", "N/A")) sysSummary += "{0:<22}: {1}\n\n".format("PS Module Logging", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ModuleLogging", "EnableModuleLogging", "N/A")) sysSummary += "{0:<27}: {1}\n".format("UAC Enabled", Convert.ToBoolean(Registry.GetValue(sysPolKey, "EnableLUA", "N/A"))) sysSummary += "{0:<27}: {1}\n".format("High Integrity", WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) sysSummary += "{0:<27}: {1}\n".format("UAC Token Filter Disabled", Registry.GetValue(sysPolKey, "LocalAccount", False)) sysSummary += "{0:<27}: {1}\n".format("UAC Admin Filter Enabled", Registry.GetValue(sysPolKey, "FilterAdministratorToken", False)) sysSummary += "{0:<27}: {1}\n".format("Local Admin Pass Solution", Registry.GetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd", "AdmPwdEnabled", "N/A")) sysSummary += "{0:<27}: {1}\n".format("LSASS Protection", Registry.GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa", "RunAsPPL", "N/A")) sysSummary += "{0:<27}: {1}\n".format("Deny RDP Connections", Convert.ToBoolean(Registry.GetValue("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server", "FDenyTSConnections", "N/A"))) return sysSummary
def firewallStatus(): fwKey = r"HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy" fwSummary = printHeader("FIREWALL STATUS") fwSummary += "Standard: {0}\n".format( Convert.ToBoolean( Registry.GetValue(fwKey + "\StandardProfile", "EnableFirewall", "N/A"))) fwSummary += "Domain: {0}\n".format( Convert.ToBoolean( Registry.GetValue(fwKey + "\DomainProfile", "EnableFirewall", "N/A"))) fwSummary += "Public: {0}\n".format( Convert.ToBoolean( Registry.GetValue(fwKey + "\PublicProfile", "EnableFirewall", "N/A"))) #MAYBE TO-DO: Parse/print firewall rules '''rulesKey = Registry.LocalMachine.OpenSubKey("System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules") rules = rulesKey.GetValueNames() for rule in rules: value = rulesKey.GetValue(rule) if "Active=TRUE" in value: valueDict = {} settings = value.split("|") for s in settings[1:-1]: k = s.split("=")[0] v = s.split("=")[1] valueDict[k] = v if 'LPort' in valueDict: print valueDict #fwSummary += "{0:<40}: {1}\n".format(rule, value)''' print fwSummary
def firewallStatus(): fwKey = r"HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy" fwSummary = printHeader("FIREWALL STATUS") fwSummary += "Standard: {0}\n".format(Convert.ToBoolean(Registry.GetValue(fwKey + "\StandardProfile", "EnableFirewall", "N/A"))) fwSummary += "Domain: {0}\n".format(Convert.ToBoolean(Registry.GetValue(fwKey + "\DomainProfile", "EnableFirewall", "N/A"))) fwSummary += "Public: {0}\n".format(Convert.ToBoolean(Registry.GetValue(fwKey + "\PublicProfile", "EnableFirewall", "N/A"))) return fwSummary
def _get_map_value2(map, key, format=None): try: if str(type(map[key])) == "<type 'NSData'>": if format == 'str': return Encoding.UTF8.GetString(map[key].Bytes) if format == 'bool': return Convert.ToBoolean(map[key].Bytes) if format == 'int': return Convert.ToInt32(map[key].Bytes) return map[key].Bytes if format == 'data': return Encoding.UTF8.GetBytes(str(map[key])) if format == 'bool': return bool(map[key]) if format == 'int': return int(str(map[key])) return str(map[key]) except: if format == 'bool': return False elif format == 'int': return 0 elif format == 'str': return "" elif format == 'data': return bytes(0)
def load_bool_from_xml(self, xmldoc, name): """Loads a bool with a specified node name from an XmlDocument and saves it to the attribute. The bool should be saved as: <name>true/false</name> xmldoc->The XmlDocment to load from. name->The attribute to save to and the root node name to load the bool from.""" if xmldoc.SelectSingleNode(name) is not None: setattr(self, name, Convert.ToBoolean(xmldoc.SelectSingleNode(name).InnerText))
def _get_map_value(map, key, format=None): try: if map.ContainsKey(key) == False: if format == 'bool': return False elif format == 'int': return 0 elif format == 'str': return "" elif format == 'data': return Encoding.UTF8.GetBytes("0") if hasattr(map[key], "Bytes"): if format == 'str': return Encoding.UTF8.GetString(map[key].Bytes) if format == 'bool': return Convert.ToBoolean(map[key].Bytes) if format == 'int': return Convert.ToInt32(map[key].Bytes) return map[key].Bytes if format == 'data': if hasattr(map[key], "Bytes"): return map[key].Bytes else: return Encoding.UTF8.GetBytes(map[key].ToString()) if format == 'bool': if hasattr(map[key], "ToBool"): return map[key].ToBool() else: return bool(map[key]) if format == 'int': if hasattr(map[key], "ToInt"): return map[key].ToInt() else: return Convert.ToInt32(map[key]) return map[key].ToString() except: if format == 'bool': return False elif format == 'int': return 0 elif format == 'str': return "" elif format == 'data': return Encoding.UTF8.GetBytes("0")