diff --git a/agents/meshcore.js b/agents/meshcore.js index 6f37ec45..e561bb6a 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -1936,9 +1936,9 @@ function getSystemInformation(func) { if (process.platform == 'win32') { results.pendingReboot = require('win-info').pendingReboot(); // Pending reboot - if (require('computer-identifiers').volumes_promise != null) + if (require('win-volumes').volumes_promise != null) { - var p = require('computer-identifiers').volumes_promise(); + var p = require('win-volumes').volumes_promise(); p.then(function (res) { results.hardware.windows.volumes = cleanGetBitLockerVolumeInfo(res); @@ -1946,12 +1946,6 @@ function getSystemInformation(func) { func(results); }); } - else if (require('computer-identifiers').volumes != null) - { - results.hardware.windows.volumes = cleanGetBitLockerVolumeInfo(require('computer-identifiers').volumes()); - results.hash = hasher.syncHash(JSON.stringify(results)).toString('hex'); - func(results); - } else { results.hash = hasher.syncHash(JSON.stringify(results)).toString('hex'); @@ -4044,11 +4038,9 @@ function processConsoleCommand(cmd, args, rights, sessionid) { break; case 'bitlocker': if (process.platform == 'win32') { - if (require('computer-identifiers').volumes_promise != null) { - var p = require('computer-identifiers').volumes_promise(); + if (require('win-volumes').volumes_promise != null) { + var p = require('win-volumes').volumes_promise(); p.then(function (res) { sendConsoleText(JSON.stringify(cleanGetBitLockerVolumeInfo(res), null, 1), this.session); }); - } else if (require('computer-identifiers').volumes != null) { - sendConsoleText(JSON.stringify(cleanGetBitLockerVolumeInfo(require('computer-identifiers').volumes()), null, 1), this.session); } } break; diff --git a/agents/modules_meshcore/computer-identifiers.js b/agents/modules_meshcore/computer-identifiers.js index c4eab022..ce5e3520 100644 --- a/agents/modules_meshcore/computer-identifiers.js +++ b/agents/modules_meshcore/computer-identifiers.js @@ -422,75 +422,6 @@ function windows_wmic_results(str) return (result); } -function windows_volumes() -{ - var promise = require('promise'); - var p1 = new promise(function (res, rej) { this._res = res; this._rej = rej; }); - var ret = {}; - var values = require('win-wmi').query('ROOT\\CIMV2', 'SELECT * FROM Win32_LogicalDisk', ['DeviceID', 'VolumeName', 'FileSystem', 'Size', 'FreeSpace', 'DriveType']); - if(values[0]){ - for (var i = 0; i < values.length; ++i) { - var drive = values[i]['DeviceID'].slice(0,-1); - ret[drive] = { - name: (values[i]['VolumeName'] ? values[i]['VolumeName'] : ""), - type: (values[i]['FileSystem'] ? values[i]['FileSystem'] : "Unknown"), - size: (values[i]['Size'] ? values[i]['Size'] : 0), - sizeremaining: (values[i]['FreeSpace'] ? values[i]['FreeSpace'] : 0), - removable: (values[i]['DriveType'] == 2), - cdrom: (values[i]['DriveType'] == 5) - }; - } - } - try { - values = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume', ['DriveLetter','ConversionStatus','ProtectionStatus']); - if(values[0]){ - for (var i = 0; i < values.length; ++i) { - var drive = values[i]['DriveLetter'].slice(0,-1); - var statuses = { - 0: 'FullyDecrypted', - 1: 'FullyEncrypted', - 2: 'EncryptionInProgress', - 3: 'DecryptionInProgress', - 4: 'EncryptionPaused', - 5: 'DecryptionPaused' - }; - ret[drive].volumeStatus = statuses.hasOwnProperty(values[i].ConversionStatus) ? statuses[values[i].ConversionStatus] : 'FullyDecrypted'; - ret[drive].protectionStatus = (values[i].ProtectionStatus == 0 ? 'Off' : (values[i].ProtectionStatus == 1 ? 'On' : 'Unknown')); - try { - var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = ''; - var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ' + drive + ': -Type recoverypassword'], {}); - keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); }); - keychild.waitExit(); - var lines = keychild.stdout.str.trim().split('\r\n'); - for (var x = 0; x < lines.length; x++) { // Loop each line - var abc = lines[x].trim(); - var englishidpass = (abc !== '' && abc.includes('Numerical Password:')); // English ID - var germanidpass = (abc !== '' && abc.includes('Numerisches Kennwort:')); // German ID - var frenchidpass = (abc !== '' && abc.includes('Mot de passe num')); // French ID - var englishpass = (abc !== '' && abc.includes('Password:') && !abc.includes('Numerical Password:')); // English Password - var germanpass = (abc !== '' && abc.includes('Kennwort:') && !abc.includes('Numerisches Kennwort:')); // German Password - var frenchpass = (abc !== '' && abc.includes('Mot de passe :') && !abc.includes('Mot de passe num')); // French Password - if (englishidpass || germanidpass || frenchidpass|| englishpass || germanpass || frenchpass) { - var nextline = lines[x + 1].trim(); - if (x + 1 < lines.length && (nextline !== '' && (nextline.startsWith('ID:') || nextline.startsWith('ID :')) )) { - identifier = nextline.replace('ID:','').replace('ID :', '').trim(); - foundIDMarkedLine = true; - }else if (x + 1 < lines.length && nextline !== '') { - password = nextline; - foundMarkedLine = true; - } - } - } - ret[drive].identifier = (foundIDMarkedLine ? identifier : ''); // Set Bitlocker Identifier - ret[drive].recoveryPassword = (foundMarkedLine ? password : ''); // Set Bitlocker Password - } catch(ex) { } // just carry on as we cant get bitlocker key - } - } - p1._res(ret); - } catch (ex) { p1._res(ret); } // just return volumes as cant get encryption/bitlocker - return (p1); -} - function windows_identifiers() { var ret = { windows: {} }; @@ -962,11 +893,6 @@ module.exports.isVM = function isVM() return (ret); }; -if (process.platform == 'win32') -{ - module.exports.volumes_promise = windows_volumes; -} - // bios_date = BIOS->ReleaseDate // bios_vendor = BIOS->Manufacturer // bios_version = BIOS->SMBIOSBIOSVersion diff --git a/agents/modules_meshcore/win-volumes.js b/agents/modules_meshcore/win-volumes.js index e0e11276..59e87c1a 100644 --- a/agents/modules_meshcore/win-volumes.js +++ b/agents/modules_meshcore/win-volumes.js @@ -39,17 +39,90 @@ function getVolumes() { ret[v[i].DeviceID] = trimObject(v[i]); } - - v = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume'); - for (i in v) - { - var tmp = trimObject(v[i]); - for (var k in tmp) + try { + v = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume'); + for (i in v) { - ret[tmp.DeviceID][k] = tmp[k]; + var tmp = trimObject(v[i]); + for (var k in tmp) + { + ret[tmp.DeviceID][k] = tmp[k]; + } } - } + } catch (ex) { } return (ret); } -module.exports = { getVolumes: function () { try { return (getVolumes()); } catch (x) { return ({}); } } }; \ No newline at end of file +function windows_volumes() +{ + var promise = require('promise'); + var p1 = new promise(function (res, rej) { this._res = res; this._rej = rej; }); + var ret = {}; + var values = require('win-wmi').query('ROOT\\CIMV2', 'SELECT * FROM Win32_LogicalDisk', ['DeviceID', 'VolumeName', 'FileSystem', 'Size', 'FreeSpace', 'DriveType']); + if(values[0]){ + for (var i = 0; i < values.length; ++i) { + var drive = values[i]['DeviceID'].slice(0,-1); + ret[drive] = { + name: (values[i]['VolumeName'] ? values[i]['VolumeName'] : ""), + type: (values[i]['FileSystem'] ? values[i]['FileSystem'] : "Unknown"), + size: (values[i]['Size'] ? values[i]['Size'] : 0), + sizeremaining: (values[i]['FreeSpace'] ? values[i]['FreeSpace'] : 0), + removable: (values[i]['DriveType'] == 2), + cdrom: (values[i]['DriveType'] == 5) + }; + } + } + try { + values = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume', ['DriveLetter','ConversionStatus','ProtectionStatus']); + if(values[0]){ + for (var i = 0; i < values.length; ++i) { + var drive = values[i]['DriveLetter'].slice(0,-1); + var statuses = { + 0: 'FullyDecrypted', + 1: 'FullyEncrypted', + 2: 'EncryptionInProgress', + 3: 'DecryptionInProgress', + 4: 'EncryptionPaused', + 5: 'DecryptionPaused' + }; + ret[drive].volumeStatus = statuses.hasOwnProperty(values[i].ConversionStatus) ? statuses[values[i].ConversionStatus] : 'FullyDecrypted'; + ret[drive].protectionStatus = (values[i].ProtectionStatus == 0 ? 'Off' : (values[i].ProtectionStatus == 1 ? 'On' : 'Unknown')); + try { + var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = ''; + var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ' + drive + ': -Type recoverypassword'], {}); + keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); }); + keychild.waitExit(); + var lines = keychild.stdout.str.trim().split('\r\n'); + for (var x = 0; x < lines.length; x++) { // Loop each line + var abc = lines[x].trim(); + var englishidpass = (abc !== '' && abc.includes('Numerical Password:')); // English ID + var germanidpass = (abc !== '' && abc.includes('Numerisches Kennwort:')); // German ID + var frenchidpass = (abc !== '' && abc.includes('Mot de passe num')); // French ID + var englishpass = (abc !== '' && abc.includes('Password:') && !abc.includes('Numerical Password:')); // English Password + var germanpass = (abc !== '' && abc.includes('Kennwort:') && !abc.includes('Numerisches Kennwort:')); // German Password + var frenchpass = (abc !== '' && abc.includes('Mot de passe :') && !abc.includes('Mot de passe num')); // French Password + if (englishidpass || germanidpass || frenchidpass|| englishpass || germanpass || frenchpass) { + var nextline = lines[x + 1].trim(); + if (x + 1 < lines.length && (nextline !== '' && (nextline.startsWith('ID:') || nextline.startsWith('ID :')) )) { + identifier = nextline.replace('ID:','').replace('ID :', '').trim(); + foundIDMarkedLine = true; + }else if (x + 1 < lines.length && nextline !== '') { + password = nextline; + foundMarkedLine = true; + } + } + } + ret[drive].identifier = (foundIDMarkedLine ? identifier : ''); // Set Bitlocker Identifier + ret[drive].recoveryPassword = (foundMarkedLine ? password : ''); // Set Bitlocker Password + } catch(ex) { } // just carry on as we cant get bitlocker key + } + } + p1._res(ret); + } catch (ex) { p1._res(ret); } // just return volumes as cant get encryption/bitlocker + return (p1); +} + +module.exports = { + getVolumes: function () { try { return (getVolumes()); } catch (x) { return ({}); } }, + volumes_promise: windows_volumes +}; \ No newline at end of file