BEQLEUNXP1NB103 - Windows - Files
Jump to navigation
Jump to search
%USERPROFILE%\StartFunctions.sh
(cygwin bash script)
Download [{{#filelink: StartFunctions.sh}} this file]. {{#fileanchor: fstab}}
# Function handy for the start script
#
# include with
#
# . "$USERPROFILE/StartFunctions.sh"
function kill_win_process_pid()
{
WINPID=$1
/bin/kill -f $WINPID # Don't use bash's kill built-in !
}
function kill_win_process_name()
{
WINPROC=$1
WINPID=$(ps -sW | grep "$WINPROC" | sed -re "s/^ +([0-9]*) .*$/\1/")
/bin/kill -f $WINPID # Don't use bash's kill built-in !
}
function kill_win_service ()
{
WIN_SVC=$1
cmd /c "tasklist /svc >%TEMP%\\$$"
WINPID=$(grep "$WIN_SVC" "$TEMP/$$" | sed -re "s/^.* ([0-9]*) .*$/\1/")
rm "$TEMP/$$"
/bin/kill -f $WINPID # Don't use bash's kill built-in !
}
function hijack ()
{
EXENAME="$1"
[ $DEBUG ] && echo "Hijacking executable \"${EXENAME}\"..." >/dev/stderr
regtool set -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\${EXENAME}\\Debugger" '"C:\BIN\WIJACK.EXE"'
regtool remove -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\${EXENAME}\\AutorunsDisabled"
}
function disable_hijack ()
{
EXENAME="$1"
[ $DEBUG ] && echo "Disabling hijack for executable \"${EXENAME}\"..." >/dev/stderr
regtool add -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\${EXENAME}\\AutorunsDisabled"
regtool set -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\${EXENAME}\\AutorunsDisabled\\Debugger" '"C:\BIN\WIJACK.EXE"'
regtool unset -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\${EXENAME}\\Debugger"
}
#Usage: if ( is_service_enabled "wuauserv" ) ; then echo service is enabled; fi
function is_service_enabled ()
{
SERVICE="$1"
regtool list -l "\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\${SERVICE}" | grep -q "AutorunsDisabled"
return $(( ! $? ))
}
#Usage: if ( is_service_disabled "wuauserv" ) ; then echo service is disabled; fi
function is_service_disabled ()
{
SERVICE="$1"
regtool list -l "\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\${SERVICE}" | grep -q "AutorunsDisabled"
}
#Usage: if ( is_service_started "Automatic Updates" ) ; then echo service is started; fi
function is_service_started ()
{
SERVICE="$1"
net start | grep -q "${SERVICE}"
}
#Usage: if ( is_service_stopped "Automatic Updates" ) ; then echo service is stopped; fi
function is_service_stopped ()
{
SERVICE="$1"
net start | grep -q "${SERVICE}"
return $(( ! $? ))
}
#Usage: enable_service "wuauserv"
function enable_service ()
{
# Will restore a service that was disabled through Autoruns (Service is set to Automatic again)
SERVICE="$1"
[ $DEBUG ] && echo "Restoring service \"${SERVICE}\"..." >/dev/stderr
regtool unset -q "\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\${SERVICE}\\AutorunsDisabled"
regtool set -q "\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\${SERVICE}\\Start" 2
}
#Usage: disable_service "wuauserv"
function disable_service ()
{
# Will disable a service as if it was disabled through Autoruns (Service will be listed in Autoruns disabled entries)
SERVICE="$1"
[ $DEBUG ] && echo "Disabling service \"${SERVICE}\"..." >/dev/stderr
regtool set -q "\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\${SERVICE}\\AutorunsDisabled" 1
regtool set -q "\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\${SERVICE}\\Start" 4
}
#Usage: start_service "wuauserv" OR start_service "Automatic Updates"
function start_service ()
{
SERVICE="$1"
[ $DEBUG ] && echo -n "Starting service \"${SERVICE}\"..." >/dev/stderr
net start "${SERVICE}" >/dev/null 2>&1
RES=$?
[ $DEBUG ] && ( [ $RES -eq 0 ] && echo "Success" || echo "Failed" )
}
function stop_service ()
{
SERVICE="$1"
[ $DEBUG ] && echo -n "Stopping service \"${SERVICE}\"..." >/dev/stderr
net stop "${SERVICE}" >/dev/null 2>&1
RES=$?
[ $DEBUG ] && ( [ $RES -eq 0 ] && echo "Success" || echo "Failed" )
}
function enable_hkcu_run ()
{
REGVALUE=$1
REGDATA=$(regtool get -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled\\${REGVALUE}") || return $?
[ $DEBUG ] && echo -n "Restoring HKCU run ${REGVALUE}=${REGDATA}" >/dev/stderr
regtool set -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\${REGVALUE}" "${REGDATA}"
regtool unset -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled\\${REGVALUE}"
}
function disable_hkcu_run ()
{
REGVALUE=$1
REGDATA=$(regtool get -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\${REGVALUE}") || return $?
[ $DEBUG ] && echo -n "Disabling HKCU run ${REGVALUE}=${REGDATA}" >/dev/stderr
regtool add -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled"
regtool set -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled\\${REGVALUE}" "${REGDATA}"
regtool unset -q "\\HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\${REGVALUE}"
}
function enable_hklm_run ()
{
REGVALUE=$1
REGDATA=$(regtool get -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled\\${REGVALUE}") || return $?
[ $DEBUG ] && echo -n "Restoring HKLM run ${REGVALUE}=${REGDATA}" >/dev/stderr
regtool set -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\${REGVALUE}" "${REGDATA}"
regtool unset -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled\\${REGVALUE}"
}
function disable_hklm_run ()
{
REGVALUE=$1
REGDATA=$(regtool get -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\${REGVALUE}") || return $?
[ $DEBUG ] && echo -n "Disabling HKLM run ${REGVALUE}=${REGDATA}" >/dev/stderr
regtool add -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled"
regtool set -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\AutorunsDisabled\\${REGVALUE}" "${REGDATA}"
regtool unset -q "\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\${REGVALUE}"
}
function parse_parameters ()
{
# Evaluate command-line parameters
until [[ ! "$*" ]]; do
if [[ ${1:0:2} = '--' ]]; then
local PAIR=${1:2}
local PARAMETER=$(echo ${PAIR%=*} | tr [:lower:]- [:upper:]_)
eval P_$PARAMETER="${PAIR##*=}"
else
if [[ $1 = '-d' ]]; then DEBUG=$((DEBUG+1)); fi
fi
shift
done
}
%USERPROFILE%\Start.sh
(cygwin bash script)
Download [{{#filelink: Start.sh}} this file]. {{#fileanchor: fstab}}
#! /bin/bash
# ===== ENABLE / DISABLE McAfee Framework Services =====================================================================
"$USERPROFILE/McAfee.sh" -d
# ===== ENABLE / DISABLE Windows Automatic Update ======================================================================
"$USERPROFILE/WinUpdate.sh" -d
# ===== ENABLE / DISABLE ManageSoft Services ===========================================================================
"$USERPROFILE/ManageSoft.sh" -d
# ===== ENABLE / DISABLE Bluetooth Services ===========================================================================
# "$USERPROFILE/BlueTooth.sh" -d
# ===== ENABLE / DISABLE Miscellaneous Non-Essential Services ==========================================================
"$USERPROFILE/Miscellaneous.sh" -d
# ===== Update Outlook Registry Settings ===============================================================================
"$USERPROFILE/Outlook.sh"
# ===== Mount TrueCrypt disks ==========================================================================================
# echo ===========================================================================
# echo MOUNT TRUECRYPT DISKS
# echo ===========================================================================
# echo.
# "C:\Program Files\TrueCrypt\truecrypt.exe" /v F:\Profiles\beq06659\PGP\NXP.tc /k F:\Profiles\beq06659\PGP\tckeyfile /a D /q
# net share D$=D:\
# ===== Launching SSH Agent ============================================================================================
echo ===========================================================================
echo LAUNCHING SSH AGENT
echo ===========================================================================
bash -lc "echo Launching SSH Agent..." # Create a login shell to force launching SSH Agent
# ===== Launching SSHPROXY =============================================================================================
echo ===========================================================================
echo LAUNCHING SSHPROXY
echo ===========================================================================
bash -lc "sshproxy start" # Login shell because sshproxy is in ~/bin + need sshagent context
# ===== Detect changes on noekeon.org ==================================================================================
echo ===========================================================================
echo DETECT CHANGES ON NOEKEON.ORG
echo ===========================================================================
bash -lc "ssh noekeonsshtunnel '~/private/changemonitor/monitor-all.sh'" #Login shell, we need sshagent context
%USERPROFILE%\BlueTooth.sh
(cygwin bash script)
Download [{{#filelink: StartFunctions.sh}} this file]. {{#fileanchor: fstab}}
%USERPROFILE%\ManageSoft.sh
(cygwin bash script)
Download [{{#filelink: StartFunctions.sh}} this file]. {{#fileanchor: fstab}}
%USERPROFILE%\McAfee.sh
(cygwin bash script)
Download [{{#filelink: StartFunctions.sh}} this file]. {{#fileanchor: fstab}}
%USERPROFILE%\Miscellaneous.sh
(cygwin bash script)
Download [{{#filelink: StartFunctions.sh}} this file]. {{#fileanchor: fstab}}
%USERPROFILE%\Outlook.sh
(cygwin bash script)
Download [{{#filelink: StartFunctions.sh}} this file]. {{#fileanchor: fstab}}