KiXforms Forum Index KiXforms
The Forum for the KiXforms Community
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 Quick Links 
Site News
Downloads
Documentation
Donations
Script Archive
Tracking Systems

RPC Vulnerability Scanner

 
Post new topic   Reply to topic    KiXforms Forum Index -> Script Archive
View previous topic :: View next topic  
Author Message
sptomey
KiXforms Enthusiast
KiXforms Enthusiast


Joined: 18 Mar 2003
Posts: 158

PostPosted: Thu Sep 11, 2003 7:47 pm    Post subject: RPC Vulnerability Scanner Reply with quote

All needed notes should be found in the script...Let me know what you think.

Code:
;;;;;; -------------------------------------------------------------------------------------------------------------------------
;;;;;;   Author      :   Shane Ptomey
;;;;;;   Description   :   Used to Scan range of PCs for RPC vulnerability.
;;;;;;   Dependencies   :   KiX and KiXForms.  Also uses kb824146 scanner from MS found at...
;;;;;;            http://www.microsoft.com/downloads/details.aspx?FamilyId=13AE421B-7BAB-41A2-843B-FAD838FE472E&displaylang=en
;;;;;;            Must extract files from the scan download into the same directory as the script.
;;;;;;            The kixforms.dll must be in the same directory as the script as well for the auto .dll registration to work.  You can REM out
;;;;;;            the first section 'if kixformstempreg...' and the 'KixFormsTempClean('%temp%')' line in the CloseForm function to disable the
;;;;;;            auto registration of kixforms.dll.
;;;;;; -------------------------------------------------------------------------------------------------------------------------

Break On

If KixFormsTempReg("%temp%")
   $null = messagebox ("There Was A Problem Registering KixForms.","Registration Error",4112)
   KixFormsTempClean("%temp%")
   Exit
Endif

$Form = CreateObject("Kixtart.Form")
$Form.Width = 685
$Form.Height = 500
$Form.Caption = "RPC Scanner"
$Form.Backcolor = $form.rgb(255,255,101)

$IPBox1 = $Form.TextBox("",20,30,25,20)
$IPBox1.MaxLength = 3
$IPBox1.TextAlign = 2
$IPBox1.OnKeyDown = "CheckKeys(1, $$IPBox1.KeyCode)"
$IPDot1 = $Form.Label(".",$IPBox1.Right+15,$IPBox1.Top+5)
$IPBox2 = $Form.TextBox("",$IPBox1.Right+33,$IPBox1.Top,$IPBox1.Width,$IPBox1.Height)
$IPBox2.MaxLength = 3
$IPBox2.TextAlign = 2
$IPBox2.OnGotFocus = "PopulateIPBoxes2()"
$IPBox2.OnKeyDown = "CheckKeys(2, $$IPBox2.KeyCode)"
$IPDot2 = $Form.Label(".",$IPBox2.Right+15,$IPBox2.Top+5)
$IPBox3 = $Form.TextBox("",$IPBox2.Right+33,$IPBox1.Top,$IPBox1.Width,$IPBox1.Height)
$IPBox3.MaxLength = 3
$IPBox3.TextAlign = 2
$IPBox3.OnGotFocus = "PopulateIPBoxes3()"
$IPBox3.OnKeyDown = "CheckKeys(3, $$IPBox3.KeyCode)"
$IPDot3 = $Form.Label(".",$IPBox3.Right+15,$IPBox3.Top+5)
$IPBox4 = $Form.TextBox("",$IPBox3.Right+33,$IPBox1.Top,$IPBox1.Width,$IPBox1.Height)
$IPBox4.MaxLength = 3
$IPBox4.TextAlign = 2
$IPBox4.OnGotFocus = "PopulateIPBoxes4()"
$IPBox4.OnKeyDown = "CheckKeys(4, $$IPBox4.KeyCode)"
$IPLabel = $Form.label("Enter Start Of IP Range To Search",$IPBox1.Left,$IPBox1.Top-20)

$IPBox5 = $Form.TextBox("",$IPBox1.left,$IPBox1.Top+50,$IPBox1.Width,$IPBox1.Height)
$IPBox5.MaxLength = 3
$IPBox5.TextAlign = 2
$IPBox5.OnKeyDown = "CheckKeys(5, $$IPBox5.KeyCode)"
$IPDot4 = $Form.Label(".",$IPBox5.Right+15,$IPBox5.Top+5)
$IPBox6 = $Form.TextBox("",$IPBox5.Right+33,$IPBox5.Top,$IPBox5.Width,$IPBox5.Height)
$IPBox6.MaxLength = 3
$IPBox6.TextAlign = 2
$IPBox6.OnKeyDown = "CheckKeys(6, $$IPBox6.KeyCode)"
$IPDot5 = $Form.Label(".",$IPBox6.Right+15,$IPBox6.Top+5)
$IPBox7 = $Form.TextBox("",$IPBox6.Right+33,$IPBox5.Top,$IPBox5.Width,$IPBox5.Height)
$IPBox7.MaxLength = 3
$IPBox7.TextAlign = 2
$IPBox7.OnKeyDown = "CheckKeys(7, $$IPBox7.KeyCode)"
$IPDot6 = $Form.Label(".",$IPBox7.Right+15,$IPBox7.Top+5)
$IPBox8 = $Form.TextBox("",$IPBox7.Right+33,$IPBox5.Top,$IPBox5.Width,$IPBox5.Height)
$IPBox8.MaxLength = 3
$IPBox8.TextAlign = 2
$IPBox8.OnKeyDown = "CheckKeys(8, $$IPBox8.KeyCode)"
$IPEndLabel = $Form.label("Enter End Of IP Range To Search",$IPBox5.Left,$IPBox5.Top-20)

$ScanPCsButton = $Form.ToolButton
$ScanPCsButton.Caption = "Scan PCs"
$ScanPCsButton.Icon = 43
$ScanPCsButton.Default = 1
$ScanPCsButton.Left = 20
$ScanPCsButton.Top = 110
$ScanPCsButton.Width = 100
$ScanPCsButton.Height = 25
$ScanPCsButton.OnClick = "ScanPCs()"
$ScanPCsButton.Backcolor = $form.rgb(200,200,200)

$ExitButton = $Form.ToolButton
$ExitButton.Caption = "Exit"
$ExitButton.Icon = 9
$ExitButton.Left = 130
$ExitButton.Top = 110
$ExitButton.Width = 100
$ExitButton.Height = 25
$ExitButton.OnClick = "CloseForm()"
$ExitButton.Backcolor = $form.rgb(200,200,200)

$StatusList = $Form.Controls.ListBox
$StatusList.Top = 30
$StatusList.Left = 250
$StatusList.Width = 220
$StatusList.Height = 100

$StatusLabel = $Form.Label ("Status")
$StatusLabel.Top = 10
$StatusLabel.Left = 280

$PatchedList = $Form.Controls.ListBox
$PatchedList.Sorted = 1
$PatchedList.Top = 170
$PatchedList.Left = 20
$PatchedList.Width = 200
$PatchedList.Height = 275

$PatchedLabel = $Form.Label ("Patched")
$PatchedLabel.Top = 150
$PatchedLabel.Left = 50

$NotPatchedList = $Form.Controls.ListBox
$NotPatchedList.Sorted = 1
$NotPatchedList.Top = 170
$NotPatchedList.Left = 240
$NotPatchedList.Width = 200
$NotPatchedList.Height = 275

$NotPatchedLabel = $Form.Label ("Un-Patched")
$NotPatchedLabel.Top = 150
$NotPatchedLabel.Left = 270

$UnreachableList = $Form.Controls.ListBox
$UnreachableList.Sorted = 1
$UnreachableList.Top = 170
$UnreachableList.Left = 460
$UnreachableList.Width = 200
$UnreachableList.Height = 275

$UnreachableLabel = $Form.Label ("Unreachable")
$UnreachableLabel.Top = 150
$UnreachableLabel.Left = 490

$Form.Center
$Form.Show

LoadForm()

$IPBox1.SetFocus

While $Form.Visible
  $=Execute($Form.DoEvents())
Loop
Exit

; -------------------------------------------------------------------------------
;                                                UDFs
; -------------------------------------------------------------------------------
; ------------------------------------------
;    Loads Form With Progress Bar
;    Calls Function To Create Temp Instance Of KixForms
;    Calls App Enum Functions                         
; ------------------------------------------
FUNCTION LoadForm()
   $Load = createobject("Kixtart.form")
   $Load.border = 0
   $Load.clientsize = 320,40
   $LoadingLabel = $Load.label
   $LoadingLabel.top=0
   $LoadingLabel.left = 0
   $LoadingLabel.fontsize=6
   $LoadingLabel.height=10
   $LoadingLabel.caption = "Loading..."
   $Load.center
   $Load.show
   $Progress = $Load.progressbar("",10,10,300,20)
   $Progress.style=1
   $Progress.max = 3
   For $c = 1 to 3
      Sleep 0.5
      If $c = 1
      Endif
      If $c = 2
         $LoadingLabel.caption = "Loading...Checking Permissions"
         If LocalAdmin()
            If @Priv = "Admin"
            Else
               Messagebox ("You do not have the required Domain Administrative priveledges","",0)
               CloseForm()
            Endif
         Else
            Messagebox ("You do not have the required Administrative priveledges","",0)
            CloseForm()
         Endif
      Endif
      If $c = 3
      Endif
      $Progress.value = $c
   Next
   $Load=0
ENDFUNCTION

; ------------------------------------------
;    Verifies That The Current User Has Admin Rights
; ------------------------------------------
FUNCTION LocalAdmin()
   $LocalAdmin=ingroup('@wksta\'+sidtoname('S-1-5-32-544'))-1+@inwin
ENDFUNCTION

; ------------------------------------------
;    Tabs When The '.' Is Pressed
; ------------------------------------------
FUNCTION CheckKeys($s, $key)
   If $key = 190
      $null = execute("$$last = right($$IPBox$s.Text, 1)")
      If $last = "."
         $null = execute("$$IPBox$s.Text = left($$IPBox$s.Text,len($$IPBox$s.Text)-1)")
      Endif
      If $s = 4
         exit 1
      Endif
      $s = $s+1
      $null = execute("$$IPBox$s" + ".SetFocus")
   Endif
ENDFUNCTION

; ------------------------------------------
;    Populates End IP Address From Start IP Boxes
; ------------------------------------------
FUNCTION PopulateIPBoxes2()
   If $IPBox5.text = ""
      $IPBox5.text = $IPBox1.text
   Endif
ENDFUNCTION
FUNCTION PopulateIPBoxes3()
   If $IPBox6.text = ""
      $IPBox6.text = $IPBox2.text
   Endif
ENDFUNCTION
FUNCTION PopulateIPBoxes4()
   If $IPBox7.text = ""
      $IPBox7.text = $IPBox3.text
   Endif
   $IPBox4.Text = "0"
   If $IPBox8.text = ""
      $IPBox8.text = "255"
   Endif
ENDFUNCTION

; ------------------------------------------
;    Enumerates All PCs In IP Range
; ------------------------------------------
FUNCTION ScanPCs()
   If $StatusList.ListCount > 0
      $clearprompt = Messagebox ("Would you like to clear current scan results?", "Clear Results", 36)
      If $clearprompt = 6
         $StatusList.Clear
         $PatchedList.Clear
         $NotpatchedList.Clear
         $UnReachableList.Clear
      Else
         $StatusList.Clear
      Endif
   Endif
   $IPStart = Trim($IPBox1.text)+"."+Trim($IPBox2.text)+"."+Trim($IPBox3.text)+"."+Trim($IPBox4.text)
   $IPEnd = Trim($IPBox5.text)+"."+Trim($IPBox6.text)+"."+Trim($IPBox7.text)+"."+Trim($IPBox8.text)
   $StartSubnet = Trim($IPBox1.text)+"."+Trim($IPBox2.text)+"."+Trim($IPBOX3.text)
   $EndSubnet = Trim($IPBox5.text)+"."+Trim($IPBox6.text)+"."+Trim($IPBOX7.text)
   Status ("Verifying the IP Range")
   If "$StartSubnet" = "$EndSubnet"
      If Ping ("$StartSubnet"+".1")
         Status ("Scanning $IPStart thru $IPEnd")
         $Form.Cursor = 11
         $scanfile = "%temp%\scanned"
         $scanfilehandle = FreeFileHandle()
         $day = @MDayNo
         $month = @MonthNo
         $year = substr (@Year, 3)
         If Len($day) = 1
            $day = "0" + $day
         Endif
         If Len($month) = 1
            $month = "0" + $month
         Endif
         $date = "_$year$month$day.log"
         $newscanfile = "$scanfile"+"$date"
         If Exist ("$newscanfile")
            Del "$newscanfile"
         Endif
         Shell '%comspec% /c scan.exe /l:$scanfile /r /v $IPStart-$IPEnd'
         Del "@CurDir\Vulnerable*.log"
         If Open ($scanfilehandle, $newscanfile) = 0
            Status ("Scan complete...Enumerating results")
            $line = ReadLine ($scanfilehandle)
            While @Error = 0
               If InStr ($line, "$StartSubnet")
                  $ipaddress = SubStr ($line, 1, InStr ($line, ":")-1)
                  $computer = SubStr ($line, InStr ($line, " ")+1)
                  $computer = SubStr ($computer, 1, InStr ($computer, ":")-1)
                  If InStr ($computer, ".")
                     $computer = SubStr ($computer, 1, InStr ($computer, ".")-1)
                  Endif
                  If InStr ($line, "patched with KB824146")
                     $PatchedList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "patched with KB823980")
                     $NotPatchedList.AddItem ("$ipaddress - $computer")                     
                  Endif
                  If InStr ($line, "unpatched")
                     $NotPatchedList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "this host needs further investigation")
                     $UnreachableList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "connection refused")
                     $UnreachableList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "host unreachable")
                     $UnreachableList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "cannot get workstation info")
                     $UnreachableList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "address not valid in this context")
                     $UnreachableList.AddItem ("$ipaddress - $computer")
                  Endif
                  If InStr ($line, "DCOM is disabled on this host")
                     $UnreachableList.AddItem ("$ipaddress - $computer")
                  Endif
               Else
                  If InStr ($line, "Patched with KB824146 and KB823980")
                     $patchedcount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "Unpatched")
                     $nopatchcount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "Patched with KB823980")
                     $823980count = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "DCOM Disabled")
                     $dcomdisabledcount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "Needs Investigation")
                     $investigatecount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "Connection refused")
                     $refusedcount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "Host unreachable")
                     $hostunreachablecount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  If InStr ($line, "Other Errors")
                     $othercount = SubStr ($line, InStrRev ($line, " ")+1)
                  Endif
                  $unpatchedcount = Val("$nopatchcount")+Val("$823980count")
                  $unreachablecount = Val("$dcomdisabledcount")+Val("$investigatecount")+Val("$refusedcount")+Val("$hostunreachablecount")+Val("$othercount")
               Endif
               $line = ReadLine ($scanfilehandle)
            Loop
            Status ("$patchedcount hosts found patched")
            Status ("$unpatchedcount hosts found unpatched")
            Status ("$unreachablecount hosts were unreachable")
            $Form.Cursor = 0
            $null = Close ($scanfilehandle)
            Del "$newscanfile"
         Else
            Status ("Unable to open scan log...Try Again")
            $Form.Cursor = 0
            Exit
         Endif
      Else
         Status ("The subnet of $StartSubnet does not seem to be valid")
         $Form.Cursor = 0
         Exit
      Endif
   Else
      Status ("The start subnet of $StartSubnet does not match the end subnet of $EndSubnet")
      $Form.Cursor = 0
      Exit
   Endif
ENDFUNCTION

; ------------------------------------------
;    Verifies That The IP Addresses Entered Are Pingable
; ------------------------------------------
FUNCTION Ping($ip)
   $pingfile = "%temp%\ping.xxx"
   $pinghandle = FreeFileHandle()
   shell '%comspec% /c ping -n 2 -w 200 $ip > $pingfile'
   If Open ($pinghandle, $pingfile) = 0
      $line = ReadLine ($pinghandle)
      While @Error = 0 and $ping=0
         If InStr ($line, "Reply from")
            $ping = 1
         Endif
         $line = ReadLine ($pinghandle)
      Loop
      $null = Close ($pinghandle)
      Del "$pingfile"
   Endif
ENDFUNCTION

; ------------------------------------------
;    Adds A Line To Status List And Selects Last Line
; ------------------------------------------
FUNCTION Status($text)
   $StatusList.AddItem($text)
   $StatusList.ListIndex=$StatusList.ListCount-1
ENDFUNCTION

; ------------------------------------------
;    Closes Form With Progress Bar
;    Calls Function To Clean Up Temp Instance Of KixForms
; ------------------------------------------
FUNCTION CloseForm()
   $Unload = createobject("Kixtart.form")
   $Unload.border = 0
   $Unload.clientsize = 320,40
   $CloseingLabel = $Unload.label
   $CloseingLabel.top=0
   $CloseingLabel.left = 0
   $CloseingLabel.fontsize=6
   $CloseingLabel.height=10
   $CloseingLabel.caption = "Closing Apps.."
   $Unload.center
   $Unload.show
   $Progress = $Unload.progressbar("",10,10,300,20)
   $Progress.style=1
   $Progress.max = 3
   For $c = 1 to 3
      Sleep 0.5
      If $c = 2
         KixFormsTempClean('%temp%')
      Endif
      $Progress.value = $c
   Next
   Quit()
ENDFUNCTION

; ------------------------------------------
;    Registers A Temp Instance Of KixForms
; ------------------------------------------
FUNCTION KixFormsTempReg($tempdir)
   If KeyExist ("HKEY_CLASSES_ROOT\Kixtart.Form\CLSID")
      $OrigKixFormsSID = ReadValue ("HKEY_CLASSES_ROOT\Kixtart.Form\CLSID", "")
      $OrigKixFormsLocation = ReadValue ("HKEY_CLASSES_ROOT\CLSID\$OrigKixFormsSID\InprocServer32", "")
      $OrigFound = 1
   Endif
   Copy "@CurDir\kixforms.dll" "$tempdir\kixforms.dll"
   While $count < 6 and @Error = 0
      If Exist ("$tempdir\kixforms.dll")
         Shell 'regsvr32.exe /s "$tempdir\kixforms.dll"'
         $count = 6
      Else
         sleep 1
         $count = $count + 1
      Endif
   Loop
   $NullForm = CreateObject("Kixtart.Form")
      If $NullForm
         $NullForm = 0
         Exit 0
      Else
         Exit 1
      Endif
ENDFUNCTION

; ------------------------------------------
;    Cleans Up And Restores KixForms To Original State
; ------------------------------------------
FUNCTION KixFormsTempClean($tempdir)
   If $OrigFound
      Shell 'regsvr32.exe /u /s "$tempdir\kixforms.dll"'
      Sleep 0.5
      Run 'regsvr32.exe /s "$OrigKixFormsLocation"'
      Exit 0
   Else
      Run 'regsvr32.exe /u /s "$tempdir\kixforms.dll"'
      Exit 0
   Endif
ENDFUNCTION

_________________
-Shane
Back to top
View user's profile Send private message MSN Messenger
Radimus
KiXforms Enthusiast
KiXforms Enthusiast


Joined: 05 Mar 2003
Posts: 157
Location: Tampa, Florida

PostPosted: Thu Sep 11, 2003 9:02 pm    Post subject: Reply with quote

I use FileFinder (available on my website) to scan for file version of rpcrt4.dll

I have also a custom inhouse version that scans IP subnets instead of OUs
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
sptomey
KiXforms Enthusiast
KiXforms Enthusiast


Joined: 18 Mar 2003
Posts: 158

PostPosted: Thu Sep 11, 2003 9:15 pm    Post subject: Reply with quote

I haven't found any faster way, than using the microsoft rpc scanner, to find a list of UP workstations in a specific subnet. Im sure there are other 3rd party scanners that are faster...But some of the securiy buffs here would probably frown on NMap traffic on the network Laughing
_________________
-Shane
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    KiXforms Forum Index -> Script Archive All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group