From 47b49017a163ae1dc8bb51434a44dc75d43acde3 Mon Sep 17 00:00:00 2001 From: Imanol-Mikel Barba Sabariego Date: Mon, 28 Aug 2017 15:47:27 +0200 Subject: [PATCH] Fixed errors --- digger.py | 5 ++--- findfile.py | 8 ++++---- modules/globeimposter2.py | 13 +++++++------ regquery.py | 14 +++++++------- winver.py | 6 +++--- 5 files changed, 23 insertions(+), 23 deletions(-) diff --git a/digger.py b/digger.py index 3762bb6..7f6451e 100644 --- a/digger.py +++ b/digger.py @@ -38,7 +38,7 @@ def getModules(): del module sys.modules.pop(modname) except Exception as e: - print("Exception raised while importing " + modname) + logger.msgLog("Exception raised while importing " + modname + ": " + str(e),"digger",logger.TYPE_ERROR) return choiceList def prepareModule(moduleName): @@ -124,14 +124,13 @@ if __name__ == "__main__": locale.setlocale(locale.LC_ALL, '') d = Dialog(dialog="dialog",autowidgetsize=True) d.set_background_title("Gravedigger") - - moduleList = getModules() code,value = d.inputbox("Input computer's name") if code == d.OK: tomb._MACHINE_NAME= value logger.logSystems.append(ConsoleLogger()) logger.logSystems.append(FileLogger(tomb.getPath() + "log.txt")) logger.msgLog("Beginning excavation of tomb: " + tomb.getPath(),"digger",logger.TYPE_INFO) + moduleList = getModules() d.set_background_title("Gravedigger - " + value) code, tags = d.checklist("Select modules to execute", choices=moduleList + [("all","Execute all modules",False)], diff --git a/findfile.py b/findfile.py index 391b1f3..eefde62 100644 --- a/findfile.py +++ b/findfile.py @@ -5,10 +5,10 @@ def find_pattern_all(pattern, path, casesensitive): result = [] for root, dirs, files in os.walk(path): for name in files: - if sensitive: + if casesensitive: if fnmatch.fnmatchcase(name,pattern): result.append(os.path.join(root, name)) - else: + else: if fnmatch.fnmatch(name.lower(), pattern.lower()): result.append(os.path.join(root, name)) return result @@ -16,10 +16,10 @@ def find_pattern_all(pattern, path, casesensitive): def find_pattern(pattern, path, casesensitive): for root, dirs, files in os.walk(path): for name in files: - if sensitive: + if casesensitive: if fnmatch.fnmatchcase(name,pattern): return os.path.join(root, name) - else: + else: if fnmatch.fnmatch(name.lower(), pattern.lower()): return os.path.join(root, name) return None diff --git a/modules/globeimposter2.py b/modules/globeimposter2.py index 06d2314..a247bb1 100644 --- a/modules/globeimposter2.py +++ b/modules/globeimposter2.py @@ -36,9 +36,10 @@ class RegistryModule(Module): profiles = winver.getUserProfiles(mntpoint) for profile in profiles: hkcu = profile + "/NTUSER.DAT" - value = regquery.queryValue(hkcu,"""Software\Microsoft\Windows\CurrentVersion\RunOnce""","CertificatesCheck") - if(value != None): - logger.msgLog("FOUND Globeimposter 2.0 value in RunOnce: " + value,"globeimposter2",logger.TYPE_WARNING) + if(os.path.isfile(hkcu)): + value = regquery.queryValue(hkcu,"""Software\Microsoft\Windows\CurrentVersion\RunOnce""","CertificatesCheck") + if(value != None): + logger.msgLog("FOUND Globeimposter 2.0 value in RunOnce: " + value,"globeimposter2",logger.TYPE_WARNING) #VSS for vol in self.vars['ntfsvol'].value: @@ -48,9 +49,9 @@ class RegistryModule(Module): except: raise mntpoint += mntid - result = find_pattern("*.725",mntpoint,False) - if(result != None): + result = findfile.find_pattern("*.725",mntpoint,False) + if(result != None): logger.msgLog("FOUND at least one file with 725 extension: " + result,"globeimposter2",logger.TYPE_WARNING) - result = find("RECOVER-FILES.html",mntpoint) + result = findfile.find("RECOVER-FILES.html",mntpoint) if(result != None): logger.msgLog("FOUND ransom letter: " + result,"globeimposter2",logger.TYPE_WARNING) diff --git a/regquery.py b/regquery.py index eb00126..8834735 100644 --- a/regquery.py +++ b/regquery.py @@ -1,26 +1,26 @@ from Registry import Registry -def queryValue(hive,keyPath,valueName): +def queryValue(hive,key,valueName): reg = Registry.Registry(hive) - key = reg.open(keyPath) + key = reg.open(key) try: value = str(key.value(valueName).value) - except Registry.RegistryValueNotFoundException: + except Registry.RegistryParse.RegistryStructureDoesNotExist: value = None return value def getValues(hive,key): valueList = [] reg = Registry.Registry(hive) - key = reg.open(keyPath) - for value in key.values(): - valueList.append(value.value_name) + key = reg.open(key) + for value in key.values(): + valueList.append(value.value) return valueList def getSubkeys(hive,key): subkeyList = [] reg = Registry.Registry(hive) - key = reg.open(keyPath) + key = reg.open(key) for subkey in key.subkeys(): subkeyList.append(subkey.name) return subkeyList diff --git a/winver.py b/winver.py index 0f3879a..094229d 100644 --- a/winver.py +++ b/winver.py @@ -52,11 +52,11 @@ def getWindowsVersion(path): return _WIN_9x def getWindowsDirectory(path): - if DETECTED_WINDOWS_PATH[path] is None: - result = find_pattern("explorer.exe",path,False) + if path not in DETECTED_WINDOWS_PATH: + result = findfile.find_pattern("explorer.exe",path,False) #result,code = runProcess(["find",path,"-xdev","-iname","explorer.exe","-print","-quit"]) #if(result.decode("utf-8") == ""): - if(len(result) == 0): + if result is None: return None #matches = result.decode("utf-8").splitlines() #WARNING: ONLY CONSIDERING FIRST MATCH -- libgit2 0.22.2