iamtheky Posted February 5, 2013 Share Posted February 5, 2013 (edited) Usage: We create a script with a fat amount of updates. This script will read that au3 and output an script that Configuration Management and Testing can use to verify the payload. This should be a fairly functional regwrite and filegetversion example (the GP and SecTemplate lines I realize are specific as we tag those, thus they are in custom). Standard enhancement questions apply...Can anymore generic items be added? Can this be done more efficiently?Has someone already posted a kickass version of this idea that I overlooked?expandcollapse popup#Include <Array.au3> #Include <File.au3> ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;READ Source File to a string;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; $SrcFile = FileOpenDialog ("Select AU3" , @ScriptDir & "\", "(*.au3)" , 3) $FileArray = stringsplit($SrcFile , "\") $FileArray[$FileArray[0]] = stringtrimright($FileArray[$FileArray[0]] , 4) $OutPutFile = $FileArray[$FileArray[0]] & "_Checker.au3" ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAPTURE ALL REGWrite strings;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; $string = FileRead ($SrcFile) $RegArray = stringregexp ($string , "RegWrite(.*)" , 3) for $i = ubound($RegArray) - 1 to 0 step -1 If StringinStr($RegArray[$i] , "RunOnceEx") Then _ArrayDelete($RegArray , $i) ; eliminate runonce items since they wont be there on reboot anyway Next $VerArray = _ArrayUnique($RegArray) _ArrayDelete($RegArray , 0) for $i = 0 to ubound($RegArray) - 1 $trim = stringtrimleft($RegArray[$i] , 1) $trim = stringtrimright($trim , 1) $stringArray = stringsplit ($trim , "," , 2) $RegArray[$i] = '$key = ' & $stringArray[0] & '' & @CRLF & _ '$value = ' & $stringArray[1] & '' & @CRLF & _ '$RegData = Regread($key, $value)' & @CRLF & _ 'If @Error Then' & @CRLF & _ 'filewrite($log, $key & ", " & $value & " = Empty or Does Not Exist")' & @CRLF & _ ' filewrite($log , @CRLF)' & @CRLF & _ 'ElseIf $RegData <> "" Then' & @CRLF & _ ' filewrite($log, $key & ", " & $value & " = " & $RegData)' & @CRLF & _ 'filewrite($log , @CRLF)' & @CRLF & _ 'Else' & @CRLF & _ ' filewrite($log, $key & ", " & $value & " = 0")' & @CRLF & _ 'filewrite($log , @CRLF)' & @CRLF & _ 'Endif' & @CRLF next ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAPTURE ALL FILEGETVERSION strings;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; $VerArray = stringregexp ($string , "FileGetVersion.*\)" , 3) $VerArray = _ArrayUnique($VerArray) _ArrayDelete($VerArray , 0) for $i = 0 to ubound($VerArray) - 1 $fileonly = stringtrimleft($VerArray[$i] , 16) $fileonly = stringtrimright($fileonly , 1) If stringleft($fileonly , 1) = "'" Then $fileonly = stringtrimleft($fileonly , 1) Endif If stringright($fileonly , 1) = "'" Then $fileonly = stringtrimright($fileonly , 1) Endif $VerArray[$i] = "filewrite($log," & $fileonly & " & " & '" = "' & " & " & $VerArray[$i] & ")" & @CRLF & _ 'filewrite($log , @CRLF)' & @CRLF next ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CUSTOM CHECKS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;~ Global $CustomArray[1] $GP = '$Max = _FileCountLines("C:\Windows\System32\GroupPolicy\GPT.ini")' & @CRLF & _ '$Comment = FileReadLine("C:\Windows\System32\GroupPolicy\GPT.ini" , $Max)' & @CRLF & _ 'filewrite($log , "Group Policy Comment: " & $Comment)' & @CRLF & _ 'filewrite($log , @CRLF)' & @CRLF _ArrayAdd($CustomArray , $GP) $SecPol = '$Comment = FileReadLine("C:\Windows\Security\Templates\SECTEMP.inf" , 1)' & @CRLF & _ 'filewrite($log , "Security Policy Comment: " & $Comment)' & @CRLF & _ 'filewrite($log , @CRLF)' & @CRLF _ArrayAdd($CustomArray , $SecPol) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WRITE OUTPUT FILE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; $writefile = FileOpen($OutPutFile , 2) filewrite($writefile , '$log = fileopen("log.txt" , 2)' & @CRLF) filewrite($writefile , @CRLF) filewrite($writefile , "#include <file.au3>") filewrite($writefile , @CRLF) _FileWriteFromArray ($writefile , $RegArray) _FileWriteFromArray ($writefile , $VerArray) _FileWriteFromArray ($writefile , $CustomArray) filewrite($writefile , 'fileclose($log)') FileClose($writefile) $Path = RegRead ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Aut2Exe.exe" , "") RunWait ('"' & $PATH & '"' & " /in " & '"' & $OutPutFile & '"')*Sorry this is the same as I just dusted it off for a new sec disc and forgot I had linked to the blog Edited February 5, 2013 by boththose ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now