forked from p34709852/monkey
add info draft
This commit is contained in:
Oran Nadler
parent
9c7ead8ddb
commit
805c7ad38a
|
|
@ -2,9 +2,12 @@ import os
|
||||||
import logging
|
import logging
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
|
import sys
|
||||||
|
sys.coinit_flags = 0 # needed for proper destruction of the wmi python module
|
||||||
|
import wmi
|
||||||
import _winreg
|
import _winreg
|
||||||
from wmi import WMI
|
|
||||||
#from mimikatz_collector import MimikatzCollector
|
from mimikatz_collector import MimikatzCollector
|
||||||
from . import InfoCollector
|
from . import InfoCollector
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
@ -17,10 +20,59 @@ WMI_CLASSES = set(["Win32_OperatingSystem",
|
||||||
"Win32_LoggedOnUser",
|
"Win32_LoggedOnUser",
|
||||||
"Win32_UserProfile",
|
"Win32_UserProfile",
|
||||||
"win32_UserAccount",
|
"win32_UserAccount",
|
||||||
"Win32_Process",
|
#"Win32_Process",
|
||||||
"Win32_Product",
|
#"Win32_Product",
|
||||||
"Win32_Service"])
|
#"Win32_Service"
|
||||||
|
])
|
||||||
|
|
||||||
|
def fix_obj_for_mongo(o):
|
||||||
|
if type(o) == dict:
|
||||||
|
return dict([(k, fix_obj_for_mongo(v)) for k, v in o.iteritems()])
|
||||||
|
|
||||||
|
elif type(o) in (list, tuple):
|
||||||
|
return [fix_obj_for_mongo(i) for i in o]
|
||||||
|
|
||||||
|
elif type(o) in (int, float, bool):
|
||||||
|
return o
|
||||||
|
|
||||||
|
elif type(o) in (str, unicode):
|
||||||
|
# mongo dosn't like unprintable chars, so we use repr :/
|
||||||
|
return repr(o)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
else:
|
||||||
|
return repr(o)
|
||||||
|
|
||||||
|
"""
|
||||||
|
def fix_wmi_obj_for_mongo(o):
|
||||||
|
for item in wmi_class:
|
||||||
|
row = {}
|
||||||
|
|
||||||
|
for prop in item.properties:
|
||||||
|
try:
|
||||||
|
value = getattr(item, prop)
|
||||||
|
except wmi.x_wmi:
|
||||||
|
continue
|
||||||
|
|
||||||
|
row[prop] = value
|
||||||
|
|
||||||
|
for method_name in item.methods:
|
||||||
|
if not method_name.startswith("GetOwner"):
|
||||||
|
continue
|
||||||
|
|
||||||
|
method = getattr(item, method_name)
|
||||||
|
|
||||||
|
try:
|
||||||
|
row[method_name[3:]] = method()
|
||||||
|
|
||||||
|
except wmi.x_wmi:
|
||||||
|
#LOG.error("Error running wmi method '%s'" % (method_name, ))
|
||||||
|
#LOG.error(traceback.format_exc())
|
||||||
|
continue
|
||||||
|
|
||||||
|
result.append(row)
|
||||||
|
"""
|
||||||
|
|
||||||
class WindowsInfoCollector(InfoCollector):
|
class WindowsInfoCollector(InfoCollector):
|
||||||
"""
|
"""
|
||||||
|
|
@ -47,8 +99,9 @@ class WindowsInfoCollector(InfoCollector):
|
||||||
self.get_reg_key(r"SYSTEM\CurrentControlSet\Control\Lsa")
|
self.get_reg_key(r"SYSTEM\CurrentControlSet\Control\Lsa")
|
||||||
self.get_installed_packages()
|
self.get_installed_packages()
|
||||||
|
|
||||||
#mimikatz_collector = MimikatzCollector()
|
mimikatz_collector = MimikatzCollector()
|
||||||
#self.info["credentials"] = mimikatz_collector.get_logon_info()
|
self.info["credentials"] = mimikatz_collector.get_logon_info()
|
||||||
|
self.info["mimikatz"] = mimikatz_collector.get_mimikatz_text()
|
||||||
|
|
||||||
return self.info
|
return self.info
|
||||||
|
|
||||||
|
|
@ -58,51 +111,34 @@ class WindowsInfoCollector(InfoCollector):
|
||||||
|
|
||||||
def get_wmi_info(self):
|
def get_wmi_info(self):
|
||||||
for wmi_class_name in WMI_CLASSES:
|
for wmi_class_name in WMI_CLASSES:
|
||||||
self.info[wmi_class_name] = self.get_wmi_class(wmi_class_name)
|
self.info[wmi_class_name] = fix_obj_for_mongo(self.get_wmi_class(wmi_class_name))
|
||||||
|
|
||||||
def get_wmi_class(self, class_name):
|
def get_wmi_class(self, class_name):
|
||||||
if not self.wmi:
|
if not self.wmi:
|
||||||
self.wmi = WMI()
|
self.wmi = wmi.WMI()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
wmi_class = getattr(self.wmi, class_name)()
|
wmi_class = getattr(self.wmi, class_name)()
|
||||||
except:
|
except wmi.x_wmi:
|
||||||
LOG.error("Error getting wmi class '%s'" % (class_name, ))
|
#LOG.error("Error getting wmi class '%s'" % (class_name, ))
|
||||||
LOG.error(traceback.format_exc())
|
#LOG.error(traceback.format_exc())
|
||||||
return
|
return
|
||||||
|
|
||||||
result = []
|
print "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
|
||||||
|
print type(wmi_class)
|
||||||
for item in wmi_class:
|
print "@" * 20
|
||||||
row = {}
|
os._exit(1)
|
||||||
|
|
||||||
for prop in item.properties:
|
return wmi_class
|
||||||
value = getattr(item, prop)
|
|
||||||
row[prop] = value
|
|
||||||
|
|
||||||
for method_name in item.methods:
|
|
||||||
if not method_name.startswith("GetOwner"):
|
|
||||||
continue
|
|
||||||
|
|
||||||
method = getattr(item, method_name)
|
|
||||||
|
|
||||||
try:
|
|
||||||
row[method_name[3:]] = method()
|
|
||||||
|
|
||||||
except:
|
|
||||||
LOG.error("Error running wmi method '%s'" % (method_name, ))
|
|
||||||
LOG.error(traceback.format_exc())
|
|
||||||
continue
|
|
||||||
|
|
||||||
result.append(row)
|
|
||||||
|
|
||||||
return result
|
|
||||||
|
|
||||||
def get_reg_key(self, subkey_path, store=_winreg.HKEY_LOCAL_MACHINE):
|
def get_reg_key(self, subkey_path, store=_winreg.HKEY_LOCAL_MACHINE):
|
||||||
key = _winreg.ConnectRegistry(None, store)
|
key = _winreg.ConnectRegistry(None, store)
|
||||||
subkey = _winreg.OpenKey(key, subkey_path)
|
subkey = _winreg.OpenKey(key, subkey_path)
|
||||||
|
|
||||||
self.info[subkey_path] = [_winreg.EnumValue(subkey, i) for i in xrange(_winreg.QueryInfoKey(subkey)[0])]
|
d = dict([_winreg.EnumValue(subkey, i)[:2] for i in xrange(_winreg.QueryInfoKey(subkey)[0])])
|
||||||
|
d = fix_obj_for_mongo(d)
|
||||||
|
|
||||||
|
self.info[subkey_path] = d
|
||||||
|
|
||||||
subkey.Close()
|
subkey.Close()
|
||||||
key.Close()
|
key.Close()
|
||||||
Loading…
Reference in New Issue