Jump to content
Sign in to follow this  
iamtheky

verification project

Recommended Posts

iamtheky

Usage: We create a script with a fat amount of updates. This script will read that au3 and output an script that Configuration Management and Testing can use to verify the payload. This should be a fairly functional regwrite and filegetversion example (the GP and SecTemplate lines I realize are specific as we tag those, thus they are in custom). Standard enhancement questions apply...

Can anymore generic items be added?

Can this be done more efficiently?

Has someone already posted a kickass version of this idea that I overlooked?

#Include <Array.au3>
#Include <File.au3>

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;READ Source File to a string;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

$SrcFile = FileOpenDialog ("Select AU3" , @ScriptDir & "\", "(*.au3)" , 3)

$FileArray = stringsplit($SrcFile , "\")


$FileArray[$FileArray[0]] = stringtrimright($FileArray[$FileArray[0]] , 4)

$OutPutFile = $FileArray[$FileArray[0]] & "_Checker.au3"

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAPTURE ALL REGWrite strings;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


$string = FileRead ($SrcFile)

$RegArray = stringregexp ($string , "RegWrite(.*)" , 3)


for $i = ubound($RegArray) - 1 to 0 step -1

If StringinStr($RegArray[$i] , "RunOnceEx") Then _ArrayDelete($RegArray , $i) ; eliminate runonce items since they wont be there on reboot anyway

Next


$VerArray = _ArrayUnique($RegArray)
_ArrayDelete($RegArray , 0)


for $i = 0 to ubound($RegArray) - 1

$trim = stringtrimleft($RegArray[$i] , 1)
$trim = stringtrimright($trim , 1)

$stringArray = stringsplit ($trim , "," , 2)


$RegArray[$i] = '$key = ' & $stringArray[0] & '' & @CRLF & _
'$value = ' & $stringArray[1] & '' & @CRLF & _
'$RegData = Regread($key, $value)' & @CRLF & _
'If @Error Then' & @CRLF & _
'filewrite($log, $key & ", " & $value & " = Empty or Does Not Exist")' & @CRLF & _
' filewrite($log , @CRLF)' & @CRLF & _
'ElseIf $RegData <> "" Then' & @CRLF & _
' filewrite($log, $key & ", " & $value & " = " & $RegData)' & @CRLF & _
'filewrite($log , @CRLF)' & @CRLF & _
'Else' & @CRLF & _
' filewrite($log, $key & ", " & $value & " = 0")' & @CRLF & _
'filewrite($log , @CRLF)' & @CRLF & _
'Endif' & @CRLF

next


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAPTURE ALL FILEGETVERSION strings;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


$VerArray = stringregexp ($string , "FileGetVersion.*\)" , 3)

$VerArray = _ArrayUnique($VerArray)
_ArrayDelete($VerArray , 0)




for $i = 0 to ubound($VerArray) - 1

$fileonly = stringtrimleft($VerArray[$i] , 16)
$fileonly = stringtrimright($fileonly , 1)

If stringleft($fileonly , 1) = "'" Then
$fileonly = stringtrimleft($fileonly , 1)
Endif

If stringright($fileonly , 1) = "'" Then
$fileonly = stringtrimright($fileonly , 1)
Endif


$VerArray[$i] = "filewrite($log," & $fileonly & " & " & '" = "' & " & " & $VerArray[$i] & ")" & @CRLF & _
'filewrite($log , @CRLF)' & @CRLF

next


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CUSTOM CHECKS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;~
Global $CustomArray[1]



$GP = '$Max = _FileCountLines("C:\Windows\System32\GroupPolicy\GPT.ini")' & @CRLF & _
'$Comment = FileReadLine("C:\Windows\System32\GroupPolicy\GPT.ini" , $Max)' & @CRLF & _
'filewrite($log , "Group Policy Comment: " & $Comment)' & @CRLF & _
'filewrite($log , @CRLF)' & @CRLF

_ArrayAdd($CustomArray , $GP)


$SecPol = '$Comment = FileReadLine("C:\Windows\Security\Templates\SECTEMP.inf" , 1)' & @CRLF & _
'filewrite($log , "Security Policy Comment: " & $Comment)' & @CRLF & _
'filewrite($log , @CRLF)' & @CRLF

_ArrayAdd($CustomArray , $SecPol)


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WRITE OUTPUT FILE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


$writefile = FileOpen($OutPutFile , 2)

filewrite($writefile , '$log = fileopen("log.txt" , 2)' & @CRLF)
filewrite($writefile , @CRLF)
filewrite($writefile , "#include <file.au3>")
filewrite($writefile , @CRLF)

_FileWriteFromArray ($writefile , $RegArray)
_FileWriteFromArray ($writefile , $VerArray)
_FileWriteFromArray ($writefile , $CustomArray)

filewrite($writefile , 'fileclose($log)')

FileClose($writefile)

$Path = RegRead ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Aut2Exe.exe" , "")
RunWait ('"' & $PATH & '"' & " /in " & '"' & $OutPutFile & '"')

*Sorry this is the same as I just dusted it off for a new sec disc and forgot I had linked to the blog

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×