commit 60a13c6746874f4752d218c4d19126ca3b8637b0
parent 610f2100c80c06eed881f58ca2a71fc94159a507
Author: PlutoTank <qwolkensperg@gmail.com>
Date: Thu, 28 Nov 2019 09:12:44 -0800
fixed some bugs and got rid of useless files
Diffstat:
10 files changed, 41 insertions(+), 77 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -1 +1 @@
-/CyberPoliceOutput-
\ No newline at end of file
+/CyberPoliceOutput
diff --git a/ConfigFiles/PasteUsersHere.txt b/ConfigFiles/PasteUsersHere.txt
@@ -4,13 +4,11 @@ bwayne (you)
jgordon
password: BaRbr@
apennyworth
- password: WayN3$
+ password: gamer
tdrake
password: T1tANsGo!
bgordon
password: password
-Gamer
- password:
Authorized Users:
hbullock
lfox
diff --git a/CyberPolice.bat b/CyberPolice.bat
@@ -2,7 +2,7 @@
SETLOCAL EnableDelayedExpansion
-set functions=checkfiles usermgmtff userprop services firewall features passwordPol audit lockout rdp power sessions shares checkdns uac backuplsp lsp regharden verifysys
+set functions=checkfiles usermgmtff userprop services firewall features passwordPol audit lockout rdp power sessions shares checkdns uac backuplsp lsp regharden verifysys auto
for /F "tokens=1,2 delims=#" %%a in ('"prompt #$H#$E# & echo on & for %%b in (1) do rem"') do (
set "DEL=%%a"
@@ -123,6 +123,9 @@ goto:manual
if "%~1"=="backuplsp" (
goto:EOF
)
+if "%~1"=="auto" (
+ goto:EOF
+)
call:%~1
goto:EOF
:manual
@@ -182,7 +185,7 @@ call:servicesLoop "%wmicPath% process list brief>" "BriefProcesses.txt"
call:servicesLoop "%wmicPath% process list full>" "FullProcesses.txt"
call:servicesLoop "%wmicPath% startup list full>" "StartupLists.txt"
call:servicesLoop "net start>" "StartedProcesses.txt"
-call:servicesLoop "reg export HKLM\Software\Microsoft\Windows\CurrentVersion\Run" "Run.reg"
+call:servicesLoop "reg export HKLM\Software\Microsoft\Windows\CurrentVersion\Run" "Run.txt"
%powershellPath% -ExecutionPolicy Bypass -File "%powershellScriptPath%/ProcessDMA.ps1"
call:manualVerify "services.msc"
goto:EOF
@@ -402,6 +405,7 @@ for /f "tokens=*" %%A in (%configPath%\RegistyHardenData.txt) do (
reg add "!regPath!" /v !regKey! /t !regType! /d !regVal! /f
)
)
+call:manualVerify regedit.exe
goto:EOF
:groupPol
@@ -485,20 +489,14 @@ for /f "tokens=*" %%A in (%output%\users.txt) do (
)
echo.
echo The CYBER POLICE are now applying admins...
-setlocal DisableDelayedExpansion
for /f "tokens=*" %%A in (%uOutDir%\authAdmins.txt) do (
- set "line=%%A"
- setlocal enabledelayedexpansion
+ endlocal & set "line=%%A"
for /f "tokens=1 delims= " %%C in ("!line!") do (
- setlocal DisableDelayedExpansion
- set "user=%%C"
+ endlocal & set "user=%%C"
)
- setlocal enabledelayedexpansion
for /f "tokens=2 delims= " %%C in ("!line!") do (
- setlocal DisableDelayedExpansion
- set "pass=%%C"
+ endlocal & set "pass=%%C"
)
- setlocal enabledelayedexpansion
call:checkusersadmin !user! !pass!
)
echo The CYBER POLICE are now applying users...
@@ -514,14 +512,10 @@ call:manualVerify lusrmgr.msc
goto:EOF
:checkcurrusers
-setlocal DisableDelayedExpansion
for /f "tokens=* delims=" %%B in (%uOutDir%\authAdmins.txt) do (
- set "line=%%B"
- setlocal enabledelayedexpansion
+ endlocal & set "line=%%B"
for /f "tokens=1 delims= " %%C in ("!line!") do (
- setlocal DisableDelayedExpansion
- set "userChk=%%C"
- setlocal enabledelayedexpansion
+ endlocal & set "userChk=%%C"
if "%~1"=="!userChk!" (
call:colorEcho 0b "%~1"
call:colorEcho 0a " found"
@@ -550,10 +544,8 @@ net user %~1 /active:no
goto:EOF
:checkusersadmin
-setlocal DisableDelayedExpansion
-set "user=%~1"
-set "pass=%~2"
-setlocal enabledelayedexpansion
+endlocal & set "user=%~1"
+endlocal & set "pass=%~2"
for /f "tokens=*" %%B in (!uOutDir!\enabledUsers.txt) do (
if "!user!"=="%%B" (
call:colorEcho 0b "!user!"
@@ -596,10 +588,8 @@ echo.
goto:EOF
:checkusers
-setlocal DisableDelayedExpansion
-set "user=%~1"
-set "pass=%~2"
-setlocal enabledelayedexpansion
+endlocal & set "user=%~1"
+endlocal & set "pass=%~2"
for /f "tokens=*" %%B in (!uOutDir!\enabledUsers.txt) do (
if "!user!"=="%%B" (
call:colorEcho 0b "!user!"
@@ -682,8 +672,11 @@ if %rdpChk%==y (
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
netsh advfirewall firewall set rule group="remote desktop" new enable=yes
- echo Please select "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)"
- start SystemPropertiesRemote.exe /wait
+ call:colorEcho 07 "The CYBER POLICE suggest you check"
+ call:colorEcho 0b "Allow connections only from computers running Remote Desktop with Network Level Authentication"
+ echo.
+ call:manualVerify SystemPropertiesRemote.exe
+ pause>nul
call:colorEcho 0a "The CYBER POLICE enabled RDP"
echo.
goto:EOF
@@ -775,6 +768,9 @@ call:colorEcho 0b "Running %~1..."
echo.
start %~1 /wait
echo.
+call:colorEcho 0e "Press any key to let the CYBER POLICE continue..."
+echo.
+pause >nul
goto:EOF
:colorEcho
diff --git a/PowershellScripts/CheckFiles.ps1 b/PowershellScripts/CheckFiles.ps1
@@ -19,7 +19,7 @@ if(Test-path "$path2\CheckFilesOutput\VerySuspicious\FoundInAppData.txt") {Clear
Write-host "The CYBER POLICE are checking the $extensions..." -ForegroundColor Cyan
foreach($ext in $extensions){
Write-host "Checking for .$ext files"
- if(!(Test-path "$path2\CheckFilesOutput\Extentions\$ext.txt")){New-Item -path $path2\CheckFilesOutput\Extentions\$ext.txt -name $ext.txt -type "file"}
+ if(!(Test-path "$path2\CheckFilesOutput\Extentions\$ext.txt")){New-Item -path $path2\CheckFilesOutput\Extentions\$ext.txt -name $ext.txt -type "file" | Out-Null}
else{Clear-content "$path2\CheckFilesOutput\Extentions\$ext.txt"}
C:\Windows\System32\cmd.exe /C dir C:\*.$ext /s /b | Out-File "$path2\CheckFilesOutput\Extentions\$ext.txt"
@@ -40,7 +40,7 @@ Write-host "CYBER POLICE are done busting files via extentions" -ForegroundColor
Write-host "The CYBER POLICE are checking for $tools..." -ForegroundColor Cyan
foreach($tool in $tools){
Write-host "Checking for $tool"
- if(!(Test-path $path2\CheckFilesOutput\Tools\$tool.txt)){New-Item -path $path2\CheckFilesOutput\Tools\$tool.txt -name $tool.txt -type "file"}
+ if(!(Test-path $path2\CheckFilesOutput\Tools\$tool.txt)){New-Item -path $path2\CheckFilesOutput\Tools\$tool.txt -name $tool.txt -type "file" | Out-Null}
else{Clear-content "$path2\CheckFilesOutput\Tools\$tool.txt"}
C:\Windows\System32\cmd.exe /C dir C:\*$tool* /s /b | Out-File "$path2\CheckFilesOutput\Tools\$tool.txt"
diff --git a/PowershellScripts/CreateFile.ps1 b/PowershellScripts/CreateFile.ps1
@@ -8,7 +8,7 @@
)
Write-Host "Creating $name..." -ForegroundColor Gray
if (!(Test-Path "$path/$name")) {
- New-Item $path/$name -ItemType file
+ New-Item $path/$name -ItemType file | Out-Null
Write-Host "$name created in $path" -ForegroundColor Green
} else {
Write-Host "$name already exists in $path" -ForegroundColor Yellow
diff --git a/PowershellScripts/Get-BasicADObject.ps1 b/PowershellScripts/Get-BasicADObject.ps1
@@ -1,29 +0,0 @@
-Function Get-BasicADObject {
- param
- (
- [String]$Ldap = "dc=" + $env:USERDNSDOMAIN.replace(".", ",dc="),
- [String]$Filter = "(&(objectCategory=person)(objectClass=user))"
- )
-
- if ($pscmdlet.ShouldProcess($Ldap, "Get information about AD Object")) {
- $searcher = [adsisearcher]$Filter
-
- $Ldap = $Ldap.replace("LDAP://", "")
- $searcher.SearchRoot = "LDAP://$Ldap"
- $results = $searcher.FindAll()
-
- $ADObjects = @()
- foreach ($result in $results) {
- [Array]$propertiesList = $result.Properties.PropertyNames
- $obj = New-Object PSObject
- foreach ($property in $propertiesList) {
- $obj | add-member -membertype noteproperty -name $property -value ([string]$result.Properties.Item($property))
- }
- $ADObjects += $obj
- }
-
- Return $ADObjects
- }
-}
-
-
diff --git a/PowershellScripts/MakeCheckFileDirectories.ps1 b/PowershellScripts/MakeCheckFileDirectories.ps1
@@ -3,10 +3,10 @@ $thispath=Split-Path -parent $MyInvocation.MyCommand.Definition
$path = Split-Path -parent $thispath
$path2=Get-content $path/CyberPoliceOutput/path.txt
-if(!(Test-Path "$path2\CheckFilesOutput\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\}
-if(!(Test-Path "$path2\CheckFilesOutput\VerySuspicious\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\VerySuspicious\}
-if(!(Test-path "$path2\CheckFilesOutput\VerySuspicious\FoundInUsers.txt")){New-Item -path $path2\CheckFilesOutput\VerySuspicious\ -name FoundInUsers.txt -type "file"}
-if(!(Test-Path "$path2\CheckFilesOutput\FoundInAppData\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\FoundInAppData\}
-if(!(Test-path "$path2\CheckFilesOutput\FoundInAppData\FoundInAppData.txt")){New-Item -path $path2\CheckFilesOutput\FoundInAppData\ -name FoundInAppData.txt -type "file"}
-if(!(Test-Path "$path2\CheckFilesOutput\Extentions\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\Extentions\}
-if(!(Test-Path "$path2\CheckFilesOutput\Tools\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\Tools\}-
\ No newline at end of file
+if(!(Test-Path "$path2\CheckFilesOutput\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\ | Out-Null}
+if(!(Test-Path "$path2\CheckFilesOutput\VerySuspicious\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\VerySuspicious\ | Out-Null}
+if(!(Test-path "$path2\CheckFilesOutput\VerySuspicious\FoundInUsers.txt")){New-Item -path $path2\CheckFilesOutput\VerySuspicious\ -name FoundInUsers.txt -type "file" | Out-Null}
+if(!(Test-Path "$path2\CheckFilesOutput\FoundInAppData\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\FoundInAppData\ | Out-Null}
+if(!(Test-path "$path2\CheckFilesOutput\FoundInAppData\FoundInAppData.txt")){New-Item -path $path2\CheckFilesOutput\FoundInAppData\ -name FoundInAppData.txt -type "file" | Out-Null}
+if(!(Test-Path "$path2\CheckFilesOutput\Extentions\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\Extentions\ | Out-Null}
+if(!(Test-Path "$path2\CheckFilesOutput\Tools\")){New-Item -ItemType Directory -Force -Path $path2\CheckFilesOutput\Tools\ | Out-Null}+
\ No newline at end of file
diff --git a/PowershellScripts/ManageUsersFromFile.ps1 b/PowershellScripts/ManageUsersFromFile.ps1
@@ -101,10 +101,10 @@ function BeginUserManagement {
if (!(Test-Path $configpath/PasteUsersHere.txt -PathType Leaf)) {
Write-Host "Raw users from README is not available!" -ForegroundColor Red
Write-Host "Creating file..." -ForegroundColor Yellow
- New-Item -Path $configpath/PasteUsersHere.txt -ItemType "file" -Force
+ New-Item -Path $configpath/PasteUsersHere.txt -ItemType "file" -Force | Out-Null
}
$userMgmtFilePath = "$configpath/PasteUsersHere.txt"
-New-Item -path $output\ManagedUserOutput -name authAdmins.txt -type "file" -Force
-New-Item -path $output\ManagedUserOutput -name authUsers.txt -type "file" -Force
+New-Item -path $output\ManagedUserOutput -name authAdmins.txt -type "file" -Force | Out-Null
+New-Item -path $output\ManagedUserOutput -name authUsers.txt -type "file" -Force | Out-Null
EditCheck
\ No newline at end of file
diff --git a/PowershellScripts/ProcessDMA.ps1 b/PowershellScripts/ProcessDMA.ps1
@@ -7,7 +7,7 @@ $servicesD = @()
$servicesM = @()
$servicesA = @()
-if (!(Test-path "$path2\Services\ChangedServices.txt")) { New-Item -path $path2\Services\ChangedServices -name ChangedServices.txt -type "file" -Force }
+if (!(Test-path "$path2\Services\ChangedServices.txt")) { New-Item -path $path2\Services\ChangedServices -name ChangedServices.txt -type "file" -Force | Out-Null}
Write-host "Would you like the CYBER POLICE to manage services (Default is No)" -ForegroundColor Yellow
$Readhost = Read-Host "[Y/N]"
diff --git a/PowershellScripts/UserList.ps1 b/PowershellScripts/UserList.ps1
@@ -8,7 +8,7 @@ $accounts = Get-Wmiobject Win32_UserAccount -filter 'LocalAccount=TRUE' | select
if (!(Test-Path "$path2/users.txt"))
{
- New-Item $path2/users.txt -ItemType file
+ New-Item $path2/users.txt -ItemType file | Out-Null
Write-Host "Created users.txt file!" -ForegroundColor Yellow
}
