MB60893 Posted May 31, 2014 Share Posted May 31, 2014 (edited) Firstly, may I just say this took ages for me to build. I have been extremely busy of late, and I have finally compiled a really useful network and system information gathering tool. PLEASE NOTE: I am freely releasing this code. Please keep all copyrights, as this took me ages, and I don't want people claiming they did all the work just with a simple "copy and paste" being the truth. Some of the VBScript I have had real troubles with. The final thing I want to implement over time is some sort of get BIOS information, but aside from that the script should do. The USB Rubber Ducky could use this script quite effectively with a kind of Duck Slurp to copy the files. You might need to pull a powershell wget and execute (type that into google, and click the github result) to use the script on the machine, but aside from that, it might be a valuable form of reconnaissance, as the script takes about 10 seconds in all to work! If anyone has troubles, please note there is a temporary file which shows the processes. It refreshes every second or two. You might need to kill the VBScript process in CMD with taskkill /f /im "process_name.exe" /t, but aside from that the script will work flawlessly... or at least it has for me!! 8-) Enjoy! MB60893 Out. _____________________________________________ Save the file as a .vbs script and run. Win XP, Vista, 7, 8. ' (c) 2014 MB60893 - All Rights Reserved. ' ' This VBScript gathers system information and saves it to multiple folders. ' This script can also be run from a USB key. Could possibly be used in conjunction with the USB Rubber Ducky. Dim FSO, shell, xslProcessor Sub RunCmd(CommandString, OutputFile) cmd = "cmd /c " + CommandString + " >> " + OutputFile shell.Run cmd, 0, True End Sub Sub GetOSInfo(outputFileName) On Error Resume Next strComputer = "." HKEY_LOCAL_MACHINE = &H80000002 Dim objReg, outputFile Dim buildDetailNames, buildDetailRegValNames buildDetailNames = Array("Product Name", "Version", "Build Lab", "Type") buildDetailRegValNames = Array("ProductName", "CurrentVersion", "BuildLabEx", "CurrentType") Set outputFile = FSO.OpenTextFile(outputFileName, 2, True) Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") outputFile.WriteLine("[Architecture/Processor Information]") outputFile.WriteLine() outputFile.Close cmd = "cmd /c set processor >> " & outputFileName shell.Run cmd, 0, True Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine() outputFile.WriteLine("[Operating System Information]") outputFile.WriteLine() strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" for I = 0 to UBound(buildDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, strKeyPath, buildDetailRegValNames(I), info outputFile.WriteLine(buildDetailNames(I) + " = " + info) Next outputFile.WriteLine() strKeyPath = "SYSTEM\SETUP" objReg.GetDWordValue HKEY_LOCAL_MACHINE, strKeyPath, "Upgrade", upgradeInfo if IsNull(upgradeInfo) Then outputFile.WriteLine("This is a clean installed system") Else outputFile.WriteLine("This is an upgraded system") End If outputFile.WriteLine(buildDetailNames(I) + " = " + info) outputFile.WriteLine() outputFile.WriteLine("[File versions]") outputFile.WriteLine() Set shell = WScript.CreateObject( "WScript.Shell" ) windir = shell.ExpandEnvironmentStrings("%windir%\system32\") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Dim FileSet FileSet = Array("onex.dll", "l2nacp.dll", "wlanapi.dll", "wlancfg.dll", "wlanconn.dll", "wlandlg.dll", "wlanext.exe", "wlangpui.dll", "wlanhc.dll", "wlanhlp.dll", "wlaninst.dll", "wlanmm.dll", "wlanmmhc.dll", "wlanmsm.dll", "wlanpref.dll", "wlansec.dll", "wlansvc.dll", "wlanui.dll") For Each file in FileSet filename = windir + file strQuery = "Select * from CIM_Datafile Where Name = '" + Replace(filename, "\", "\\") + "'" Set fileProp = objWMIService.ExecQuery _ (strQuery) For Each objFile in fileProp outputFile.WriteLine(file + " " + objFile.Version) Next Next Dim Dot3FileSet Dot3FileSet = Array("onex.dll", "dot3api.dll", "dot3cfg.dll", "dot3dlg.dll", "dot3gpclnt.dll", "dot3gpui.dll", "dot3msm.dll", "dot3svc.dll", "dot3ui.dll") For Each file in Dot3FileSet filename = windir + file strQuery = "Select * from CIM_Datafile Where Name = '" + Replace(filename, "\", "\\") + "'" Set fileProp = objWMIService.ExecQuery _ (strQuery) For Each objFile in fileProp outputFile.WriteLine(file + " " + objFile.Version) Next Next call GetBatteryInfo(outputFile) outputFile.Close Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine("") outputFile.WriteLine("[System Information]") outputFile.WriteLine("") outputFile.Close 'Comments: Dumping System Information using "systeminfo" command cmd = "cmd /c systeminfo >> " & outputFileName shell.Run cmd, 0, True Set outputFile = FSO.OpenTextFile(outputFileName, 8, True) outputFile.WriteLine("") outputFile.WriteLine("[User Information]") outputFile.WriteLine("") outputFile.Close cmd = "cmd /c set u >> " & outputFileName shell.Run cmd, 0, True End Sub Sub GetBatteryInfo(outputFile) On Error Resume Next strComputer = "." outputFile.WriteLine() outputFile.WriteLine("[Power Information]") outputFile.WriteLine() Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Set colItems = objWMIService.ExecQuery("Select * from Win32_Battery") if colItems.Count = 0 Then outputFile.WriteLine("It is a Desktop running on AC") Else For Each objItem in colItems if objItem.Availability = 2 Then outputFile.WriteLine("Machine is running on AC Adapter") Else if objitem.Availability = 3 Then outputFile.WriteLine("Machine is running on Battery") End If End If Next End If End Sub Sub GetWcnInfo(outputFileName) On Error Resume Next Dim WcnInfoFile Set WcnInfoFile= FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("-------------------------------------") WcnInfoFile.WriteLine("---------+ WCN Information +---------") WcnInfoFile.WriteLine("-------------------------------------") WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("-----------------") WcnInfoFile.WriteLine("+ Services Status") WcnInfoFile.WriteLine("-----------------") WcnInfoFile.WriteLine("") WcnInfoFile.Close Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c sc query wcncsvc >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c sc query wlansvc >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c sc query eaphost >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c sc query fdrespub >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c sc query upnphost >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c sc query eaphost >> " & outputFileName objShell.Run cmd, 0, True Set WcnInfoFile= FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("-----------------------") WcnInfoFile.WriteLine("+ WCN Files Information ") WcnInfoFile.WriteLine("-----------------------") WcnInfoFile.WriteLine("") strComputer = "." Set shell = WScript.CreateObject( "WScript.Shell" ) windir = shell.ExpandEnvironmentStrings("%windir%\system32\") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") Dim FileSet FileSet = Array("wcncsvc.dll", "wcnapi.dll", "fdwcn.dll", "wcneapauthproxy.dll", "wcneappeerproxy.dll", "wcnwiz.dll", "wcnnetsh.dll", "wczdlg.dll") For Each file in FileSet filename = windir + file strQuery = "Select * from CIM_Datafile Where Name = '" + Replace(filename, "\", "\\") + "'" Set fileProp = objWMIService.ExecQuery _ (strQuery) For Each objFile in fileProp WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("---------------------") WcnInfoFile.WriteLine(file) WcnInfoFile.WriteLine("---------------------") WcnInfoFile.WriteLine(" - Version : " + objFile.Version ) WcnInfoFile.WriteLine(" - Creation Date : " + objFile.CreationDate ) WcnInfoFile.WriteLine(" - Description : " + objFile.Description ) WcnInfoFile.WriteLine(" - Installation Date : " + objFile.InstallDate ) WcnInfoFile.WriteLine(" - In Use Count : " + objFile.InUseCount ) WcnInfoFile.WriteLine(" - Last Accessed : " + objFile.LastAccessed ) WcnInfoFile.WriteLine(" - Last Modified : " + objFile.LastModified ) WcnInfoFile.WriteLine(" - Status : " + objFile.Status ) Next Next WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("-------------------------------") WcnInfoFile.WriteLine("+ Network Adapters Information ") WcnInfoFile.WriteLine("-------------------------------") WcnInfoFile.WriteLine("") strQuery = "Select * from Win32_NetworkAdapter " Set AdapterProp = objWMIService.ExecQuery _ (strQuery) For Each objFile in AdapterProp WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("---------------------") WcnInfoFile.WriteLine("DeviceID : " + objFile.DeviceID ) WcnInfoFile.WriteLine("---------------------") WcnInfoFile.WriteLine(" - Adapter Type : " + objFile.AdapterType ) WcnInfoFile.WriteLine(" - Auto Sense : " + objFile.AutoSense ) WcnInfoFile.WriteLine(" - Description : " + objFile.Description ) WcnInfoFile.WriteLine(" - NetConnectionID : " + objFile.NetConnectionID ) WcnInfoFile.WriteLine(" - GUID : " + objFile.GUID ) WcnInfoFile.WriteLine(" - MACAddress : " + objFile.MACAddress ) WcnInfoFile.WriteLine(" - Manufacturer : " + objFile.Manufacturer ) WcnInfoFile.WriteLine(" - MaxSpeed : " + objFile.MaxSpeed ) WcnInfoFile.WriteLine(" - Speed : " + objFile.Speed ) WcnInfoFile.WriteLine(" - Name : " + objFile.Name ) Select Case objFile.NetConnectionStatus Case 0 strAvail= "Disconnected" Case 1 strAvail= "Connecting" Case 2 strAvail= "Connected" Case 3 strAvail= "Disconnecting" Case 4 strAvail= "Hardware not present" Case 5 strAvail= "Hardware disabled" Case 6 strAvail= "Hardware malfunction" Case 7 strAvail= "Media disconnected" Case 8 strAvail= "Authenticating" Case 9 strAvail= "Authentication succeeded" Case 10 strAvail= "Authentication failed" Case 11 strAvail= "Invalid address" Case 12 strAvail= "Credentials required" End Select WcnInfoFile.WriteLine(" - NetConnectionStatus : " + strAvail ) WcnInfoFile.WriteLine(" - NetEnabled : " + objFile.NetEnabled ) WcnInfoFile.WriteLine(" - NetworkAddresses : " + objFile.NetworkAddresses ) WcnInfoFile.WriteLine(" - PermanentAddress : " + objFile.PermanentAddress ) WcnInfoFile.WriteLine(" - PhysicalAdapter : " + objFile.PhysicalAdapter ) WcnInfoFile.WriteLine(" - PNPDeviceID : " + objFile.PNPDeviceID ) WcnInfoFile.WriteLine(" - ProductName : " + objFile.ProductName ) WcnInfoFile.WriteLine(" - ServiceName : " + objFile.ServiceName ) WcnInfoFile.WriteLine(" - SystemName : " + objFile.SystemName ) WcnInfoFile.WriteLine(" - TimeOfLastReset : " + objFile.TimeOfLastReset ) WcnInfoFile.WriteLine(" - Status : " + objFile.Status ) Select Case objFile.StatusInfo Case 1 strAvail= "Other" Case 2 strAvail= "Unknown" Case 3 strAvail= "Enabled" Case 4 strAvail= "Disabled" Case 5 strAvail= "Not Applicable" End Select WcnInfoFile.WriteLine(" - StatusInfo : " + strAvail ) Select Case objFile.Availability Case 1 strAvail= "Other" Case 2 strAvail= "Unknown" Case 3 strAvail= "Running or Full Power" Case 4 strAvail= "Warning" Case 5 strAvail= "In test" Case 6 strAvail= "Not Applicable" Case 7 strAvail= "Power Off" Case 8 strAvail= "Off Line" Case 9 strAvail= "Off Duty" Case 10 strAvail= "Degraded" Case 11 strAvail= "Not Installed" Case 12 strAvail= "Install Error" Case 13 strAvail= "Power Save - Unknown" Case 14 strAvail= "Power Save - Low Power Mode" Case 15 strAvail= "Power Save - Standby" Case 16 strAvail= "Power Cycle" Case 17 strAvail= "Power Save - Warning" End Select WcnInfoFile.WriteLine(" - Availability : " + strAvail ) WcnInfoFile.WriteLine(" - Caption : " + objFile.Caption ) Select Case objFile.ConfigManagerErrorCode Case 0 strAvail= "Device is working properly" Case 1 strAvail= "Device is not configured correctly" Case 2 strAvail= "Windows cannot load the driver for this device" Case 3 strAvail= "Driver for this device might be corrupted, or the system may be low on memory or other resources" Case 4 strAvail= "Device is not working properly. One of its drivers or the registry might be corrupted." Case 5 strAvail= "Driver for the device requires a resource that Windows cannot manage." Case 6 strAvail= "Boot configuration for the device conflicts with other devices" Case 7 strAvail= "Cannot filter" Case 8 strAvail= "Driver loader for the device is missing" Case 9 strAvail= "Device is not working properly. The controlling firmware is incorrectly reporting the resources for the device" Case 10 strAvail= "Device cannot start" Case 11 strAvail= "Device failed" Case 12 strAvail= "Device cannot find enough free resources to use" Case 13 strAvail= "Windows cannot verify the device's resources" Case 14 strAvail= "Device cannot work properly until the computer is restarted" Case 15 strAvail= "Device is not working properly due to a possible re-enumeration problem" Case 16 strAvail= "Windows cannot identify all of the resources that the device uses" Case 17 strAvail= "Device is requesting an unknown resource type." Case 18 strAvail= "Device drivers must be reinstalled" Case 19 strAvail= "Failure using the VxD loader" Case 20 strAvail= "Registry might be corrupted." Case 21 strAvail= "System failure. If changing the device driver is ineffective, see the hardware documentation. Windows is removing the device" Case 22 strAvail= "Device is disabled" Case 23 strAvail= "System failure. If changing the device driver is ineffective, see the hardware documentation" Case 24 strAvail= "Device is not present, not working properly, or does not have all of its drivers installed." Case 25 strAvail= "Windows is still setting up the device" Case 27 strAvail= "Device does not have valid log configuration." Case 28 strAvail= "Device drivers are not installed." Case 29 strAvail= "Device is disabled. The device firmware did not provide the required resources." Case 30 strAvail= "Device is using an IRQ resource that another device is using." Case 31 strAvail= "Device is not working properly. Windows cannot load the required device drivers." End Select WcnInfoFile.WriteLine(" - ConfigManagerErrorCode: " + strAvail ) WcnInfoFile.WriteLine(" - Error Cleared : " + objFile.ErrorCleared ) WcnInfoFile.WriteLine(" - Error Description : " + objFile.ErrorDescription) WcnInfoFile.WriteLine(" - LastErrorCode : " + objFile.LastErrorCode) WcnInfoFile.WriteLine(" - Index : " + objFile.Index) WcnInfoFile.WriteLine(" - Installed : " + objFile.Installed ) WcnInfoFile.WriteLine(" - Install Date : " + objFile.InstallDate ) WcnInfoFile.WriteLine(" - InterfaceIndex : " + objFile.InterfaceIndex ) Next WcnInfoFile.Close Set WcnInfoFile = FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("-----------------------") WcnInfoFile.WriteLine("+ ipconfig information") WcnInfoFile.WriteLine("-----------------------") WcnInfoFile.WriteLine("") WcnInfoFile.Close cmd = "cmd /c ipconfig /all >> " & outputFileName objShell.Run cmd, 0, True Set WcnInfoFile = FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("----------------------") WcnInfoFile.WriteLine("+ Softap Capabilities ") WcnInfoFile.WriteLine("----------------------") WcnInfoFile.WriteLine("") WcnInfoFile.Close cmd = "cmd /c netsh wlan show device >> " & outputFileName objShell.Run cmd, 0, True Set WcnInfoFile = FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("----------------------") WcnInfoFile.WriteLine("+ Dump wcncsvc RegKey ") WcnInfoFile.WriteLine("----------------------") WcnInfoFile.WriteLine("") WcnInfoFile.Close cmd = "cmd /c reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcncsvc\Parameters >> " & outputFileName objShell.Run cmd, 0, True ' Set shell = WScript.CreateObject( "WScript.Shell" ) ' windir = shell.ExpandEnvironmentStrings("%windir%\system32\") ' filename = windir + "wcnwiz.dll" ' commandname = windir + "rundll32.exe" ' cmd = "cmd /c "& commandname &" "& filename &" , RunDumpWcnCache >> " & outputFileName ' objShell.Run cmd, 0, True Set WcnInfoFile = FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("--------------------------------") WcnInfoFile.WriteLine("+ Network Discovery Information.") WcnInfoFile.WriteLine("--------------------------------") WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("------------------------------") WcnInfoFile.WriteLine("- Current Profile information") WcnInfoFile.WriteLine("------------------------------") WcnInfoFile.WriteLine("") ' Profile Type Const NET_FW_PROFILE2_DOMAIN = 1 Const NET_FW_PROFILE2_PRIVATE = 2 Const NET_FW_PROFILE2_PUBLIC = 4 ' Direction Const NET_FW_RULE_DIR_IN = 1 Const NET_FW_RULE_DIR_OUT = 2 ' Create the FwPolicy2 object. Dim fwPolicy2 Dim ProfileType ProfileType = Array("Domain", "Private", "Public") Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2") CurrentProfile = fwPolicy2.CurrentProfileTypes WcnInfoFile.WriteLine ("Current firewall profile is: ") '// The returned 'CurrentProfiles' bitmask can have more than 1 bit set if multiple profiles '// are active or current at the same time if ( CurrentProfile AND NET_FW_PROFILE2_DOMAIN ) then WcnInfoFile.WriteLine(ProfileType(0)) end if if ( CurrentProfile AND NET_FW_PROFILE2_PRIVATE ) then WcnInfoFile.WriteLine(ProfileType(1)) end if if ( CurrentProfile AND NET_FW_PROFILE2_PUBLIC ) then WcnInfoFile.WriteLine(ProfileType(2)) end if WcnInfoFile.Close cmd = "cmd /c netsh advfirewall show currentprofile >> " & outputFileName objShell.Run cmd, 0, True Set WcnInfoFile = FSO.OpenTextFile(outputFileName, 8, True) WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine("----------------------------------------------") WcnInfoFile.WriteLine("- Network discovery status for current profile") WcnInfoFile.WriteLine("----------------------------------------------") WcnInfoFile.WriteLine("") Dim rule ' Get the Rules object Dim RulesObject Set RulesObject = fwPolicy2.Rules For Each rule In Rulesobject if rule.Grouping = "@FirewallAPI.dll,-32752" then WcnInfoFile.WriteLine("") WcnInfoFile.WriteLine(" Rule Name: " & rule.Name) WcnInfoFile.WriteLine(" ----------------------------------------------") WcnInfoFile.WriteLine(" Enabled: " & rule.Enabled) WcnInfoFile.WriteLine(" Description: " & rule.Description) WcnInfoFile.WriteLine(" Application Name: " & rule.ApplicationName) WcnInfoFile.WriteLine(" Service Name: " & rule.ServiceName) Select Case rule.Direction Case NET_FW_RULE_DIR_IN WcnInfoFile.WriteLine(" Direction: In") Case NET_FW_RULE_DIR_OUT WcnInfoFile.WriteLine(" Direction: Out") End Select end if Next WcnInfoFile.Close End Sub Sub GetWirelessAdapterInfo(outputFile) On Error Resume Next Dim adapters, objReg Dim adapterDetailNames, adapterDetailRegValNames adapterDetailNames = Array("Driver Description", "Adapter Guid", "Hardware ID", "Driver Date", "Driver Version", "Driver Provider") adapterDetailRegValNames = Array("DriverDesc", "NetCfgInstanceId", "MatchingDeviceId", "DriverDate", "DriverVersion", "ProviderName") IHVDetailNames = Array("ExtensibilityDLL", "UIExtensibilityCLSID", "GroupName", "DiagnosticsID") IHVDetailRegValNames = Array("ExtensibilityDLL", "UIExtensibilityCLSID", "GroupName", "DiagnosticsID") HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\" objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, adapterSet For Each adapter In adapterSet If StrComp("Properties", adapter) Then fullstrKeyPath = strKeyPath + adapter objReg.GetDWORDValue HKEY_LOCAL_MACHINE, fullstrKeyPath, "*IfType", ifType If ifType = 71 Then for I = 0 to UBound(adapterDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, fullstrKeyPath, adapterDetailRegValNames(I), info outputFile.WriteLine(adapterDetailNames(I) + " = " + info) Next ihvKeyPath = fullstrKeyPath + "\Ndi\IHVExtensions" For J = 0 to UBound(IHVDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, ihvKeyPath, IHVDetailRegValNames(J), ihvInfo outputFile.WriteLine(IHVDetailNames(J) + " = " + ihvInfo) Next objReg.GetDWordValue HKEY_LOCAL_MACHINE, ihvKeyPath, "AdapterOUI", ihvInfo outputFile.WriteLine("AdapterOUI = " + CSTR(ihvInfo)) outputFile.WriteLine() End If End If Next Set objShell = WScript.CreateObject( "WScript.Shell" ) tempFile = "tempfile.txt" cmd = "cmd /c tasklist > " & tempFile objShell.Run cmd, 0, True Set objTextFile = FSO.OpenTextFile(tempFile, 1) strIHVOutput = objTextFile.ReadAll() Set regEx = New RegExp regEx.Pattern = "^wlanext.exe[\s|a-z|A-Z|\d]*" regEx.Multiline = True regEx.IgnoreCase = True regEx.Global = True Set Matches = regEx.Execute(strIHVOutput) For Each match in Matches outputFile.WriteLine(match.Value) Next End Sub Sub GetWirelessAutoconfigLog(logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) 'Export the operational log cmd = "cmd /c wevtutil epl ""Microsoft-Windows-WLAN-AutoConfig/Operational"" " & logFileName objShell.Run cmd, 0, True 'Archive the log so that it can be read on different machines cmd = "cmd /c wevtutil al " & logFileName objShell.Run cmd, 0, True End Sub Sub GetWiredAdapterInfo(outputFile) On Error Resume Next Dim adapters, objReg Dim adapterDetailNames, adapterDetailRegValNames adapterDetailNames = Array("Driver Description", "Adapter Guid", "Hardware ID", "Driver Date", "Driver Version", "Driver Provider") adapterDetailRegValNames = Array("DriverDesc", "NetCfgInstanceId", "MatchingDeviceId", "DriverDate", "DriverVersion", "ProviderName") HKEY_LOCAL_MACHINE = &H80000002 strComputer = "." Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\" objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, adapterSet For Each adapter In adapterSet If StrComp("Properties", adapter) Then fullstrKeyPath = strKeyPath + adapter objReg.GetDWORDValue HKEY_LOCAL_MACHINE, fullstrKeyPath, "*IfType", ifType If ifType = 6 Then for I = 0 to UBound(adapterDetailNames) objReg.GetStringValue HKEY_LOCAL_MACHINE, fullstrKeyPath, adapterDetailRegValNames(I), info outputFile.WriteLine(adapterDetailNames(I) + " = " + info) Next outputFile.WriteLine() End If End If Next End Sub Sub GetEnvironmentInfo(outputFileName) On Error Resume Next Dim envInfoFile Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh wlan show all > " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh lan show interfaces >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh lan show settings >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh lan show profiles >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c ipconfig /all >> " & outputFileName objShell.Run cmd, 0, True RunCmd "echo.", outputFileName RunCmd "echo ROUTE PRINT:", outputFileName RunCmd "route print", outputFileName Set envInfoFile = FSO.OpenTextFile(outputFileName, 8, True) envInfoFile.WriteLine("") envInfoFile.WriteLine("Machine certificates...") envInfoFile.WriteLine("") envInfoFile.Close cmd = "cmd /c certutil -v -store -silent My >> " & outputFileName objShell.Run cmd, 0, True Set envInfoFile = FSO.OpenTextFile(outputFileName, 8, True) envInfoFile.WriteLine("") envInfoFile.WriteLine("User certificates...") envInfoFile.WriteLine("") envInfoFile.Close cmd = "cmd /c certutil -v -store -silent -user My >> " & outputFileName objShell.Run cmd, 0, True End Sub 'Comments: Function to dump a tree under a registry path into a file Sub DumpRegKey(outputFileName,regpath) On Error Resume Next Dim cmd Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c reg export " & regpath & " " & outputFileName & " /y" objShell.Run cmd, 0, True End Sub Sub DumpAllKeys On Error Resume Next Dim NotifRegFile, RegFolder, Key RegFolder = "Reg" if Not FSO.FolderExists(RegFolder) Then FSO.CreateFolder RegFolder End If ' Dump WLAN registry keys AllCredRegFile = RegFolder + "\AllCred.reg.txt" AllCredFilterFile = RegFolder + "\AllCredFilter.reg.txt" CredRegFileA = RegFolder + "\{07AA0886-CC8D-4e19-A410-1C75AF686E62}.reg.txt" CredRegFileB = RegFolder + "\{33c86cd6-705f-4ba1-9adb-67070b837775}.reg.txt" CredRegFileC = RegFolder + "\{edd749de-2ef1-4a80-98d1-81f20e6df58e}.reg.txt" APIPermRegFile = RegFolder + "\APIPerm.reg.txt" NotifRegFile = RegFolder + "\Notif.reg.txt" GPTRegFile = RegFolder + "\GPT.reg.txt" CUWlanSvcRegFile = RegFolder + "\HKCUWlanSvc.reg.txt" LMWlanSvcRegFile = RegFolder + "\HKLMWlanSvc.reg.txt" NidRegFile = RegFolder + "\NetworkProfiles.reg.txt" call DumpRegKey(NotifRegFile ,"""HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications""") call DumpRegKey(AllCredRegFile ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers""") call DumpRegKey(AllCredFilterFile,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters""") call DumpRegKey(CredRegFileA ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{07AA0886-CC8D-4e19-A410-1C75AF686E62}""") call DumpRegKey(CredRegFileB ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{33c86cd6-705f-4ba1-9adb-67070b837775}""") call DumpRegKey(CredRegFileC ,"""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\{edd749de-2ef1-4a80-98d1-81f20e6df58e}""") call DumpRegKey(APIPermRegFile ,"""HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters\WlanAPIPermissions""") call DumpRegKey(GPTRegFile , """HKLM\SOFTWARE\Policies\Microsoft\Windows\Wireless\GPTWirelessPolicy""") call DumpRegKey(CUWlanSvcRegFile ,"""HKCU\SOFTWARE\Microsoft\Wlansvc""") call DumpRegKey(LMWlanSvcRegFile ,"""HKLM\SOFTWARE\Microsoft\Wlansvc""") ' Dump Dot3 registry keys LMDot3SvcRegFile = RegFolder + "\HKLMDot3Svc.reg.txt" CUDot3SvcRegFile = RegFolder + "\HKCUDot3Svc.reg.txt" LGPPolicyFile = RegFolder + "\L2GP.reg.txt" call DumpRegKey(LMDot3SvcRegFile ,"""HKLM\SOFTWARE\Microsoft\dot3svc""") call DumpRegKey(CUDot3SvcRegFile ,"""HKCU\SOFTWARE\Microsoft\dot3svc""") call DumpRegKey(LGPPolicyFile ,"""HKLM\SOFTWARE\Policies\Microsoft\Windows\WiredL2\GP_Policy""") call DumpRegKey(NidRegFile ,"""HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\NetworkList""") End Sub ' Dump Winsock LSP catalog Sub DumpWinsockCatalog(outputFileName) On Error Resume Next Dim envInfoFile Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh winsock show catalog > " & outputFileName objShell.Run cmd, 0, True End Sub ' Dump the Windows Firewall Configuration Sub GetWindowsFirewallInfo(configFileName, logFileName, effectiveRulesFileName, consecLogFileName, logFileNameVerbose, consecLogFileNameVerbose) On Error Resume Next Dim envInfoFile Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c echo Current Profiles: > " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & configFileName objShell.Run cmd, 0, True 'Dump the current profiles cmd = "cmd /c netsh advfirewall monitor show currentprofile >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo Firewall Configuration: >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & configFileName objShell.Run cmd, 0, True ' Dump the firewall configuration cmd = "cmd /c netsh advfirewall monitor show firewall >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo Connection Security Configuration: >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & configFileName objShell.Run cmd, 0, True 'Dump the connection security configuration cmd = "cmd /c netsh advfirewall monitor show consec >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo Firewall Rules : >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & configFileName objShell.Run cmd, 0, True 'Dump the firewall rules cmd = "cmd /c netsh advfirewall firewall show rule name=all verbose >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo Connection Security Rules : >> " & configFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & configFileName objShell.Run cmd, 0, True 'Dump the connection security rules cmd = "cmd /c netsh advfirewall consec show rule name=all verbose >> " & configFileName objShell.Run cmd, 0, True 'Dump the firewall rules from Dynamic Store cmd = "cmd /c echo Firewall Rules currently enforced : > " & effectiveRulesFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & effectiveRulesFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh advfirewall monitor show firewall rule name=all >> " & effectiveRulesFileName objShell.Run cmd, 0, True 'Dump the connection security rules from Dynamic Store cmd = "cmd /c echo Connection Security Rules currently enforced : >> " & effectiveRulesFileName objShell.Run cmd, 0, True cmd = "cmd /c echo ------------------------------------------------------------------------ >> " & effectiveRulesFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh advfirewall monitor show consec rule name=all >> " & effectiveRulesFileName objShell.Run cmd, 0, True 'Export the operational log cmd = "cmd /c wevtutil epl ""Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"" " & logFileName objShell.Run cmd, 0, True 'Archive the log so that it could be read on different machines cmd = "cmd /c wevtutil al " & logFileName objShell.Run cmd, 0, True 'Export the operational log cmd = "cmd /c wevtutil epl ""Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"" " & consecLogFileName objShell.Run cmd, 0, True 'Archive the log so that it could be read on different machines cmd = "cmd /c wevtutil al " & consecLogFileName objShell.Run cmd, 0, True 'Export the operational log cmd = "cmd /c wevtutil epl ""Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"" " & logFileNameVerbose objShell.Run cmd, 0, True 'Archive the log so that it could be read on different machines cmd = "cmd /c wevtutil al " & logFileNameVerbose objShell.Run cmd, 0, True 'Export the operational log cmd = "cmd /c wevtutil epl ""Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"" " & consecLogFileNameVerbose objShell.Run cmd, 0, True 'Archive the log so that it could be read on different machines cmd = "cmd /c wevtutil al " & consecLogFileNameVerbose objShell.Run cmd, 0, True End Sub Sub GetWfpInfo(outputFileName, logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh wfp show filters file=" & outputFileName & " > " & logFileName objShell.Run cmd, 0, True End Sub ' Dump Netio State Sub GetNetioInfo(outputFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh interface teredo show state > " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh interface httpstunnel show interface >> " & outputFileName objShell.Run cmd, 0, True cmd = "cmd /c netsh interface httpstunnel show statistics >> " & outputFileName objShell.Run cmd, 0, True End Sub Sub GetDnsInfo(logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) RunCmd "echo IPCONFIG /DISPLAYDNS: ", logFileName RunCmd "ipconfig /displaydns", logFileName RunCmd "echo. ", logFileName RunCmd "echo NETSH NAMESPACE SHOW EFFECTIVE:", logFileName RunCmd "netsh namespace show effective", logFileName RunCmd "echo.", logFileName RunCmd "echo NETSH NAMESPACE SHOW POLICY:", logFileName RunCmd "netsh namespace show policy", logFileName End Sub Sub GetNeighborInfo(logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) RunCmd "echo ARP -A:", logFileName RunCmd "arp -a", logFileName RunCmd "echo.", logFileName RunCmd "echo NETSH INT IPV6 SHOW NEIGHBORS:", logFileName RunCmd "netsh int ipv6 show neigh", logFileName End Sub Sub GetFileSharingInfo(logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) RunCmd "echo NBTSTAT -N:", logFileName RunCmd "nbtstat -n", logFileName RunCmd "echo.", logFileName RunCmd "echo NBTSTAT -C:", logFileName RunCmd "nbtstat -c", logFileName RunCmd "echo.", logFileName RunCmd "echo NET CONFIG RDR:", logFileName RunCmd "net config rdr", logFileName RunCmd "echo.", logFileName RunCmd "echo NET CONFIG SRV:", logFileName RunCmd "net config srv", logFileName RunCmd "echo.", logFileName RunCmd "echo NET SHARE:", logFileName RunCmd "net share", logFileName End Sub Sub GetGPResultInfo(logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c gpresult /scope:computer /v 1> " & logFileName & " 2>&1" objShell.Run cmd, 0, True End Sub Sub GetNetEventsInfo(outputFileName, logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh wfp show netevents file=" & outputFileName & " 1> " & logFileName & " 2>&1" objShell.Run cmd, 0, True End Sub Sub GetShowStateInfo(outputFileName, logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh wfp show state file=" & outputFileName & " 1> " & logFileName & " 2>&1" objShell.Run cmd, 0, True End Sub Sub GetSysPortsInfo(outputFileName, logFileName) On Error Resume Next Set objShell = WScript.CreateObject( "WScript.Shell" ) cmd = "cmd /c netsh wfp show sysports file=" & outputFileName & " 1> " & logFileName & " 2>&1" objShell.Run cmd, 0, True End Sub On Error Resume Next Dim adapterInfoFile, netInfoFile, WcnInfoFile Set FSO = CreateObject("Scripting.FileSystemObject") Set shell = WScript.CreateObject( "WScript.Shell" ) sysdrive = shell.ExpandEnvironmentStrings("%SystemDrive%\") configFolder = "config" osinfoFileName = configFolder + "\osinfo.txt" adapterinfoFileName = configFolder + "\adapterinfo.txt" envinfoFileName = configFolder + "\envinfo.txt" wirelessAutoconfigLogFileName = configFolder + "\WLANAutoConfigLog.evtx" wscatFileName = configFolder + "\WinsockCatalog.txt" wcnFileName = configFolder + "\WcnInfo.txt" wcncachedumpFile= sysdrive + "\wcncachedump.txt" windowsFirewallConfigFileName = configFolder + "\WindowsFirewallConfig.txt" windowsFirewallEffectiveRulesFileName = configFolder + "\WindowsFirewallEffectiveRules.txt" windowsFirewallLogFileName = configFolder + "\WindowsFirewallLog.evtx" windowsFirewallConsecLogFileName = configFolder + "\WindowsFirewallConsecLog.evtx" windowsFirewallVerboseLogFileName = configFolder + "\WindowsFirewallLogVerbose.evtx" windowsFirewallConsecVerboseLogFileName = configFolder + "\WindowsFirewallConsecLogVerbose.evtx" wfpfiltersfilename=configFolder + "\wfpfilters.xml" wfplogfilename=configFolder + "\wfplog.log" netioStateFilename=configFolder + "\netiostate.txt" dnsInfoFileName = configFolder + "\Dns.txt" neighborsFileName = configFolder + "\Neighbors.txt" filesharingFileName = configFolder + "\FileSharing.txt" gpresultFileName = configFolder + "\gpresult.txt" neteventsFileName = configFolder + "\netevents.xml" neteventsFileLog = configFolder + "\neteventslog.txt" showstateFileName = configFolder + "\wfpstate.xml" showstateFileLog = configFolder + "\wfpstatelog.txt" sysportsFileName = configFolder + "\sysports.xml" sysportsFileLog = configFolder + "\sysportslog.txt" if Not FSO.FolderExists(configFolder) Then FSO.CreateFolder configFolder End If call DumpAllKeys call GetOSInfo(osinfoFileName) Set adapterInfoFile = FSO.OpenTextFile(adapterInfoFileName, 2, True) call GetWirelessAdapterInfo(adapterInfoFile) call GetWiredAdapterInfo(adapterInfoFile) adapterInfoFile.Close call GetWirelessAutoconfigLog(wirelessAutoConfigLogFileName) call GetEnvironmentInfo(envinfoFileName) call DumpWinsockCatalog(wscatFileName) call GetWindowsFirewallInfo(windowsFirewallConfigFileName, windowsFirewallLogFileName, windowsFirewallEffectiveRulesFileName,windowsFirewallConsecLogFileName, windowsFirewallVerboseLogFileName, windowsFirewallConsecVerboseLogFileName) call GetWcnInfo(wcnFileName) call GetWfpInfo(wfpfiltersfilename, wfplogfilename) call GetNetioInfo(netioStateFilename) call GetDnsInfo(dnsInfoFileName) call GetNeighborInfo(neighborsFileName) call GetFileSharingInfo(filesharingFileName) call GetGPResultInfo(gpresultFileName) call GetNetEventsInfo(neteventsFileName, neteventsFileLog) call GetShowStateInfo(showstateFileName, showstateFileLog) call GetSysPortsInfo(sysportsFileName, sysportsFileLog) Edited May 31, 2014 by MB60893 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.