diff --git a/agents/meshcore.js b/agents/meshcore.js index f5bf7da6..31c8e26f 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -4047,7 +4047,6 @@ function processConsoleCommand(cmd, args, rights, sessionid) { if (require('computer-identifiers').volumes_promise != null) { var p = require('computer-identifiers').volumes_promise(); p.then(function (res) { sendConsoleText(JSON.stringify(cleanGetBitLockerVolumeInfo(res), null, 1), this.session); }); - response = "Please wait..."; } else if (require('computer-identifiers').volumes != null) { sendConsoleText(JSON.stringify(cleanGetBitLockerVolumeInfo(require('computer-identifiers').volumes()), null, 1), this.session); } diff --git a/agents/modules_meshcore/computer-identifiers.js b/agents/modules_meshcore/computer-identifiers.js index ddebf8b7..469b0b43 100644 --- a/agents/modules_meshcore/computer-identifiers.js +++ b/agents/modules_meshcore/computer-identifiers.js @@ -426,98 +426,69 @@ function windows_volumes() { var promise = require('promise'); var p1 = new promise(function (res, rej) { this._res = res; this._rej = rej; }); - var p2 = new promise(function (res, rej) { this._res = res; this._rej = rej; }); - - p1._p2 = p2; - p2._p1 = p1; - - var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']); - p1.child = child; - child.promise = p1; - child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); }); - child.stdin.write('Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n'); - child.on('exit', function (c) - { - var a, i, tokens, key; - var ret = {}; - - a = this.stdout.str.trim().split('\r\n'); - for (i = 1; i < a.length; ++i) - { - tokens = a[i].split(','); - if (tokens[0] != '' && tokens[1] != undefined) - { - ret[tokens[0].split('"')[1]] = - { - name: tokens[1].split('"')[1], - type: tokens[2].split('"')[1], - size: tokens[3].split('"')[1], - sizeremaining: tokens[4].split('"')[1], - removable: tokens[5].split('"')[1] == 'Removable', - cdrom: tokens[5].split('"')[1] == 'CD-ROM' - }; - } + var ret = {}; + var values = require('win-wmi').query('ROOT\\CIMV2', 'SELECT * FROM Win32_LogicalDisk', ['DeviceID', 'VolumeName', 'FileSystem', 'Size', 'FreeSpace', 'DriveType']); + if(values[0]){ + for (var i = 0; i < values.length; ++i) { + var drive = values[i]['DeviceID'].slice(0,-1); + ret[drive] = { + name: (values[i]['VolumeName'] ? values[i]['VolumeName'] : ""), + type: (values[i]['FileSystem'] ? values[i]['FileSystem'] : "Unknown"), + size: (values[i]['Size'] ? values[i]['Size'] : 0), + sizeremaining: (values[i]['FreeSpace'] ? values[i]['FreeSpace'] : 0), + removable: (values[i]['DriveType'] == 2), + cdrom: (values[i]['DriveType'] == 5) + }; } - this.promise._res({ r: ret, t: tokens }); - }); - - p1.then(function (j) - { - var ret = j.r; - var tokens = j.t; - - var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']); - p2.child = child; - child.promise = p2; - child.tokens = tokens; - child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); }); - child.stdin.write('Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n'); - child.on('exit', function () - { - var i; - var a = this.stdout.str.trim().split('\r\n'); - for (i = 1; i < a.length; ++i) - { - tokens = a[i].split(','); - key = tokens[0].split(':').shift().split('"').pop(); - if (ret[key] != null) - { - ret[key].volumeStatus = tokens[1].split('"')[1]; - ret[key].protectionStatus = tokens[2].split('"')[1]; - try { - var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = ''; - var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {}); - keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); }); - keychild.waitExit(); - var lines = keychild.stdout.str.trim().split('\r\n'); - for (var x = 0; x < lines.length; x++) { // Loop each line - var abc = lines[x].trim(); - var englishidpass = (abc !== '' && abc.includes('Numerical Password:')); // English ID - var germanidpass = (abc !== '' && abc.includes('Numerisches Kennwort:')); // German ID - var frenchidpass = (abc !== '' && abc.includes('Mot de passe num')); // French ID - var englishpass = (abc !== '' && abc.includes('Password:') && !abc.includes('Numerical Password:')); // English Password - var germanpass = (abc !== '' && abc.includes('Kennwort:') && !abc.includes('Numerisches Kennwort:')); // German Password - var frenchpass = (abc !== '' && abc.includes('Mot de passe :') && !abc.includes('Mot de passe num')); // French Password - if (englishidpass || germanidpass || frenchidpass|| englishpass || germanpass || frenchpass) { - var nextline = lines[x + 1].trim(); - if (x + 1 < lines.length && (nextline !== '' && (nextline.startsWith('ID:') || nextline.startsWith('ID :')) )) { - identifier = nextline.replace('ID:','').replace('ID :', '').trim(); - foundIDMarkedLine = true; - }else if (x + 1 < lines.length && nextline !== '') { - password = nextline; - foundMarkedLine = true; - } + } + try { + values = require('win-wmi').query('ROOT\\CIMV2\\Security\\MicrosoftVolumeEncryption', 'SELECT * FROM Win32_EncryptableVolume', ['DriveLetter','ConversionStatus','ProtectionStatus']); + if(values[0]){ + for (var i = 0; i < values.length; ++i) { + var drive = values[i]['DriveLetter'].slice(0,-1); + var statuses = { + 0: 'FullyDecrypted', + 1: 'FullyEncrypted', + 2: 'EncryptionInProgress', + 3: 'DecryptionInProgress', + 4: 'EncryptionPaused', + 5: 'DecryptionPaused' + }; + ret[drive].volumeStatus = statuses.hasOwnProperty(values[i].ConversionStatus) ? statuses[values[i].ConversionStatus] : 'FullyDecrypted'; + ret[drive].protectionStatus = (values[i].ProtectionStatus == 0 ? 'Off' : (values[i].ProtectionStatus == 1 ? 'On' : 'Unknown')); + try { + var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = ''; + var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ', drive, ' -Type recoverypassword'], {}); + keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); }); + keychild.waitExit(); + var lines = keychild.stdout.str.trim().split('\r\n'); + for (var x = 0; x < lines.length; x++) { // Loop each line + var abc = lines[x].trim(); + var englishidpass = (abc !== '' && abc.includes('Numerical Password:')); // English ID + var germanidpass = (abc !== '' && abc.includes('Numerisches Kennwort:')); // German ID + var frenchidpass = (abc !== '' && abc.includes('Mot de passe num')); // French ID + var englishpass = (abc !== '' && abc.includes('Password:') && !abc.includes('Numerical Password:')); // English Password + var germanpass = (abc !== '' && abc.includes('Kennwort:') && !abc.includes('Numerisches Kennwort:')); // German Password + var frenchpass = (abc !== '' && abc.includes('Mot de passe :') && !abc.includes('Mot de passe num')); // French Password + if (englishidpass || germanidpass || frenchidpass|| englishpass || germanpass || frenchpass) { + var nextline = lines[x + 1].trim(); + if (x + 1 < lines.length && (nextline !== '' && (nextline.startsWith('ID:') || nextline.startsWith('ID :')) )) { + identifier = nextline.replace('ID:','').replace('ID :', '').trim(); + foundIDMarkedLine = true; + }else if (x + 1 < lines.length && nextline !== '') { + password = nextline; + foundMarkedLine = true; } } - ret[key].identifier = (foundIDMarkedLine ? identifier : ''); // Set Bitlocker Identifier - ret[key].recoveryPassword = (foundMarkedLine ? password : ''); // Set Bitlocker Password - } catch(ex) { } - } + } + ret[drive].identifier = (foundIDMarkedLine ? identifier : ''); // Set Bitlocker Identifier + ret[drive].recoveryPassword = (foundMarkedLine ? password : ''); // Set Bitlocker Password + } catch(ex) { } // just carry on as we cant get bitlocker key } - this.promise._res(ret); - }); - }); - return (p2); + } + p1._res(ret); + } catch (ex) { p1._res(ret); } // just return volumes as cant get encryption/bitlocker + return (p1); } function windows_identifiers() @@ -806,7 +777,7 @@ function win_chassisType() child.descriptorMetadata = 'process-manager'; child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); }); child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); }); - child.stdin.write('Get-CimInstance Win32_SystemEnclosure| Select-Object -ExpandProperty ChassisTypes\r\n'); + child.stdin.write('Get-WmiObject Win32_SystemEnclosure | Select-Object -ExpandProperty ChassisTypes\r\n'); child.stdin.write('exit\r\n'); child.waitExit(); try { diff --git a/agents/modules_meshcore/win-info.js b/agents/modules_meshcore/win-info.js index dcb8ff43..dd60eb12 100644 --- a/agents/modules_meshcore/win-info.js +++ b/agents/modules_meshcore/win-info.js @@ -251,8 +251,12 @@ function defender(){ ret.child.stdin.write('exit\r\n'); ret.child.on('exit', function (c) { if (this.stdout.str == '') { this.promise._resolve({}); return; } - var abc = JSON.parse(this.stdout.str.trim()) - this.promise._resolve({ RealTimeProtection: abc.RealTimeProtectionEnabled, TamperProtected: abc.IsTamperProtected }); + try { + var abc = JSON.parse(this.stdout.str.trim()); + this.promise._resolve({ RealTimeProtection: abc.RealTimeProtectionEnabled, TamperProtected: abc.IsTamperProtected }); + } catch (ex) { + this.promise._resolve({}); return; + } }); return (ret); }