def _dt_to_wmi(self, dt):
''' A wrapper around wmi.from_time to get a WMI-formatted time from a
time struct. '''
import wmi
return wmi.from_time(year=dt.year, month=dt.month, day=dt.day,
hours=dt.hour, minutes=dt.minute, seconds=dt.second, microseconds=0,
timezone=0)
def _dt_to_wmi(self, dt):
''' A wrapper around wmi.from_time to get a WMI-formatted time from a
time struct.
'''
return wmi.from_time(year=dt.year, month=dt.month, day=dt.day,
hours=dt.hour, minutes=dt.minute, seconds=dt.second, microseconds=0,
timezone=0)
def schedule_job(c):
c = wmi.WMI ()
one_minutes_time = datetime.datetime.now () + datetime.timedelta (minutes=1)
job_id, result = c.Win32_ScheduledJob.Create (
Command=r"cmd.exe /c dir /b c:\ > c:\\temp.txt",
StartTime=wmi.from_time (one_minutes_time)
)
print job_id
for line in os.popen ("at"):
print line
def getNTlogs(ip,_timeframe=1):
"""
get Event logs of security, system
returns: dict of event logs
"""
import datetime
o = {}
t = []
t.append(120*'-')
t.append("NT Event Logs - past %d %s"%(_timeframe,('days' if _timeframe>1 else 'day')))
timeframe = datetime.date.today () - datetime.timedelta (_timeframe)
wmi_timeframe = wmi.from_time (*timeframe.timetuple ()[:-1])
"""
NT System Logs
"""
q = "SELECT * FROM Win32_NTLogEvent \
WHERE (EventType = 1 OR EventType = 2) AND (Logfile = 'System') \
AND TimeGenerated >= '%s'" % wmi_timeframe
t.append("%-10s\t%20s\t%-50s\t%-30s\t%-20s\t%s" %("Event","Time","Message","Source","Event ID","Type"))
wmiObj = wmi.WMI (ip)
for event in wmiObj.query (q):
t.append(30*'-')
t.append("%-10s\t%20s\t%-50s\t%-30s\t%-20s\t%s" %
(str(event.LogFile), str(from_wmi_time(event.TimeGenerated)),str(event.Message),
str(event.SourceName),str(event.EventCode), str(event.Type))
)
"""
NT Security Log files
"""
q = "SELECT * FROM Win32_NTLogEvent \
WHERE (EventType = 5) AND (Logfile = 'Security') \
AND TimeGenerated >= '%s'" % wmi_timeframe
wmiObj = wmi.WMI (ip)
for event in wmiObj.query (q):
t.append(30*'-')
t.append("%-10s\t%20s\t%-50s\t%-30s\t%-20s\t%s" %
(str(event.LogFile), str(from_wmi_time(event.TimeGenerated)),str(event.Message),
str(event.SourceName),str(event.EventCode), str(event.Type))
)
o['ntlogs'] = t
logger.debug("< getting of NT Event Logs thread finished>")
return o
print "show signature-------------------------"
for opsys in c.Win32_OperatingSystem():
break
print opsys.Reboot
print opsys.Shutdown
for line in os.popen("at"):
print line
print "create ScheduledJob-------------------------"
one_minutes_time = datetime.datetime.now() + datetime.timedelta(minutes=1)
job_id, result = c.Win32_ScheduledJob.Create(
Command=r"cmd.exe /c dir /b c:\ > c:\\temp.txt",
StartTime=wmi.from_time(one_minutes_time))
print job_id
print "create MINIMIZED Process-------------------------"
SW_SHOWMINIMIZED = 1
startup = c.Win32_ProcessStartup.new(ShowWindow=SW_SHOWMINIMIZED)
pid, result = c.Win32_Process.Create(CommandLine="notepad.exe",
ProcessStartupInformation=startup)
print pid
print "create namespaces-------------------------"
def enumerate_namespaces(namespace=u"root", level=0):
print level * " ", namespace.split("/")[-1]
#give some help if obviously wrong command line
if len(sys.argv)==1 or options.targetCMD is None:
parser.print_help()
sys.exit()
if options.targetIPFile is None:
#just one targetIP specified via commandline
wmiUser=raw_input("User:"******"job: %s created" %(job_id))
else:
#we've got a file that should contain a list of target IPs as destinations:
if not os.path.isfile(options.targetIPFile):
sys.stderr.write("Target file not found: %s\n"%(options.targetIPFile))
parser.print_help()
sys.exit(1)
wmiUser=raw_input("User:")
wmiPassword=getpass.getpass()
with open(options.targetIPFile) as f:
for line in f.readlines():
#get rid of any cr/lf
def test_from_time (self):
"Check conversion from time-tuple to time-string"
for t, s in self.times:
self.assertEquals (wmi.from_time (*t), s)
def test_from_time (self):
"Check conversion from time-tuple to time-string"
for t, s in self.times:
self.assertEquals (wmi.from_time (*t), s)
if options.targetIPFile is None:
#just one targetIP specified via commandline
wmiUser = raw_input("User:"******"job: %s created" % (job_id))
print "show signature-------------------------"
for opsys in c.Win32_OperatingSystem ():
break
print opsys.Reboot
print opsys.Shutdown
for line in os.popen("at"):
print line
print "create ScheduledJob-------------------------"
one_minutes_time = datetime.datetime.now() + datetime.timedelta(minutes=1)
job_id, result = c.Win32_ScheduledJob.Create(
Command=r"cmd.exe /c dir /b c:\ > c:\\temp.txt",
StartTime=wmi.from_time(one_minutes_time)
)
print job_id
print "create MINIMIZED Process-------------------------"
SW_SHOWMINIMIZED = 1
startup = c.Win32_ProcessStartup.new(ShowWindow=SW_SHOWMINIMIZED)
pid, result = c.Win32_Process.Create(
CommandLine="notepad.exe",
ProcessStartupInformation=startup
)
print pid
print "create namespaces-------------------------"
