Converting A Batch file to AutoIT

[OPS]

Hello and firstly thank you to anyone one who can help, 

 

My dilemma is I have a batch file that does everything I want however I no longer want to use it as its unreliable.

 

The Batch file looks for changes in user accounts, security options, process, among st many other things.

 

Now I have shopped around and found Auto IT I really want to work on getting this converted so that I can better serve my competitors. IT

expandcollapse popup

echo ^<!DOCTYPE HTML PUBLIC^> >score.html
echo ^<html^> >>score.html
echo ^<head^> >>score.html
echo ^<link rel="shortcut icon" href="rsc\favicon.ico"/^> >>score.html
echo ^<meta http-equiv="refresh" content="120"^>
echo ^</head^> >>score.html
echo ^<body^> >>score.html
echo ^<center^>^<h1^>Score Report^</h1^>^</center^> >>score.html
echo ^<center^>^<h2^> Competition Time ^</h^>^</center^> >>score.html
="45"^>^</iframe^>^</CENTER^> >>score.html
echo ^<center^>^<h1^>SCORE REPORT^</h1^>^</center^> >>score.html
echo ^<hr^> >>score.html
echo ^<ol^> >>score.html
REM  --------------------------------------------------------------------USERACCOUNTS
net users "Mike Trono"| findstr /i "account active" | findstr /i "no"
if %errorlevel% == 0 (
  echo  ^<li^>Mike Trono is disabled^</li^> >> Score.html
  
)
 
net users "Jerry Pulaski"| findstr /i "account active" | findstr /i "no"
if %errorlevel% == 0 (
  echo  ^<li^>Jerry Pulaski is disabled^</li^> >> Score.html
  
)
 
net users "Max Hanley"| findstr /i "account active" | findstr /i "yes"
if %errorlevel% == 0 (
  echo  ^<li^>Max Hanley enabled^</li^> >> Score.html
  
)
 
 
net users "Juan Cabrillo"| findstr /i "account active" | findstr /i "yes"
if %errorlevel% == 0 (
  echo  ^<li^>Juan Cabrillois enabled ^</li^> >> Score.html
  
)
 
 
net users "Gomez Adams"| findstr /i "account active" | findstr /i "yes"
if %errorlevel% == 0 (
  echo  ^<li^>Gomez Adams is enabled ^</li^> >> Score.html
  
)
 
 
REM Check if user not a member of administrators group
net localgroup administrators | findstr /i "Gomez Adams"
if %errorlevel% == 1 (
  echo ^<li^>Gomez Adams no longer in Administrators group ^</li^> >> Score.html
)
 
 
REM  -------------------------------------------------------------------- Services 
 
REM Determine if specific service is stopped (use "running" to check if it is started
sc query MpsSvc | findstr /i "state" | findstr /i "running"
if %errorlevel% == 0 (
  echo ^<li^>Firewall service has been started ^</li^> >> Score.html
)
 
REM Determine if specific service is stopped (use "running" to check if it is started
sc query remoteregistry | findstr /i "state" | findstr /i "stopped"
if %errorlevel% == 0 (
  echo ^<li^> Remote Registry service has been stopped ^</li^> >> Score.html
 
) 
 
 
REM Determine if Windows Update is set to Automatic
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update /v AUOptions | findstr /i "0x4"
if %errorlevel% == 0 (
  echo ^<li^> Windows Update set to Automatic ^</li^> >> Score.html
 
)
 
 
REM Check if the firewall is turned on
netsh firewall show state | findstr /i "operational" | findstr /i "enable"
if %errorlevel% == 0 (
  echo ^<li^> Firewall is enabled ^</li^> >> Score.html
 
)
 
REM  -------------------------------------------------------------------- File Locations 
 
REM Checks if a file still exists in its original location
if exist C:\Users\xc\AppData\Local\KGB\REDSTAR.com (
  echo found it
) else (
  echo ^<li^> Removed C:\Users\xc\AppData\Local\KGB\REDSTAR.com ^</li^> >> Score.html
 
)
 
REM Checks if a file still exists in its original location
if exist C:\ProgramData\rvlkl\rvlkl.exe (
  echo found it
) else (
  echo ^<li^> Removed Key Logger ^</li^> >> Score.html
 
)
 
 
 
 
REM  -------------------------------------------------------------------- Security Settings
 
REM see if auditing is active
auditpol.exe /get/category:* | findstr /i "logon" | findstr /i "account" | findstr /i "failure"
if %errorlevel% == 0 (
  echo ^<li^> Audit Account Logon Events checking for failure ^</li^> >> Score.html
 
)
 
 
REM clear file
echo XX > securitysettings
 
REM Check Security Policy Settings
secedit /export /cfg securitysettings
 
 
type securitysettings | findstr /i "RestrictAnonymousSAM=4,1"
if %errorlevel% == 0 (
  echo ^<li^> Network access: Do not allow anonymous enumeration of SAM accounts Enabled ^</li^> >> Score.html
 
)
 
type securitysettings | findstr /i "DontDisplayLastUserName=4,1"
if %errorlevel% == 0 (
  echo ^<li^> Interactive logon: Do not display last user name Enabled ^</li^> >> Score.html
 
)
 
type securitysettings | findstr /i "MinimumPasswordAge=0"
if %errorlevel% == 0 (
  echo ^<li^>  Min Password Age ^</li^> >> Score.html
 
)
 
type securitysettings | findstr /i "PasswordComplexity=1"
if %errorlevel% == 0 (
  echo ^<li^> Password Complexity ^</li^> >> Score.html
 
)
 
type securitysettings | findstr /i "MinimumPasswordLenght=0"
if %errorlevel% == 0 (
  echo ^<li^> Min Password Length ^</li^> >> Score.html
 
)
 
 
type securitysettings | findstr /i "ClearTextPassword=1"
if %errorlevel% == 0 (
  echo ^<li^> Store Using Reversible Encryption ^</li^> >> Score.html
 
)
 
 
type securitysettings | findstr /i "AllocateCDRoms=1,^"1"
if %errorlevel% == 0 (
  echo ^<li^> Only Local Users can Use CD Roms ^</li^> >> Score.html
 
)
 
type securitysettings | findstr /i "LouckoutBadCount=1"
if %errorlevel% == 0 (
  echo ^<li^> Account Lockout Configured ^</li^> >> Score.html
 
)
 
echo ^</ol^> </li>" >>score.html
echo ^<center^>^<h2^> of 24 ^</h2^>^</center^> >>score.html
echo ^</body^> >>score.html
echo ^<footer^> >>score.html
echo ^<img src="rsc\accept-database.png" /^> >>score.html
echo ^</footer^> >>score.html
echo ^</html^> </li>" >>score.html
REM end of file statement

Now I have started by looking at the AutoIT help Files and looked at the wiki and came back with this,

ConsoleWrite(_GetLocalUsers() & @CRLF)
 
;Retrieve Local Machine Users
Func _GetLocalUsers($host = @ComputerName)
    Local $Users = ""
    Local $colUsers = ObjGet("WinNT://" & $host & "")
    If Not IsObj($colUsers) Then Return 0
    Dim $filter[1] = ["user"]
    $colUsers.Filter = $filter
    For $objUser In $colUsers
        $Users &= $objUser.name & @CR
    Next
    $Users = StringTrimRight($Users,1)
    $colUsers = 0
    $filter = 0
    Return $Users
EndFunc   ;==>_GetLocalUsers 

This prints the local users to the console but from there I seem to be confused, I can not seem to find out how to then search them and return a result. 

 

 

I was able to create an html file with the FileWrite command and then add content to it but I saw an html 

FileWrite ( "Score.html", "You have begun the Round" )

I think that this is the html output however I think it only works with IE which is not an issue 

#include <IE.au3>

Local $oIE = _IE_Example("iframe")
Local $oFrame = _IEFrameGetObjByName($oIE, "iFrameTwo")
_IEBodyWriteHTML($oFrame, "Hello <b><font color=red>iFrame!</font></b>")

This is the first of many posts but I hope this clarifies at least slightly what I am doing, Thanks Again! Edited July 3, 2014 by Melba23
Amended title

[Bert]

I read the code. What do you do with this code? I looked at Redstar.com and it is a site that "builds companies". I ask this for there may be a MUCH better way to do what you have in mind. Maybe a GUI that displays info you need for example.

[OPS]

Thanks for taking a look, redstar.com is an ICAR File, its something to test antivirus software  . The batch file looks for changes in the system and then returns a value solved or not solved. Then prints the results to an html file so that it can be viewed. I like the idea of the gui but I would like to offer some consistency between competitions. 

[Melba23]

OPS,

 

"Score.html", "You have begun the Round"

This looks very much like a game - not a great deal like "an ICAR File". Would you care to elaborate?

M23

[OPS]

Well lets begin, This script used to help middle and high school students practice their information security skills, The game is really a competition between thousands of students to see who can solve comprised Host images of computer for score.  

I may have been cryptic about the ICAR file but I was explaining what it is for those who do not know and that's just a small part of the process. 

If you are interested more in the competition here is a link to their website (uscyberpatriot.org) I am a student at University helping some of these kids gain an interest in information security and getting their "Moral Fiber" straightened out...

[Bert]

That is excellent! I see why you would want to convert this.

[Melba23]

OPS,

Fine - thanks for replying in a calm and sensible manner. Looks like a good program.

M23

[OPS]

That is excellent! I see why you would want to convert this.

 

I have had some issues with the batch file I created being stable and wanted an alternative solution, An associate of mine recommended autoit so I began to investigate it.  

 

OPS,

Fine - thanks for replying in a calm and sensible manner. Looks like a good program.

M23

 Thanks

Edited July 3, 2014 by OPS

[Melba23]

OPS,

Your original title might well have deterred a lot of people from replying. I have modified it - and given you a couple of days worth of free plug here.

M23

[jchd]

Yesterday I stated typing something like "The OP seems to be talking about EICAR instead" but I refrained, seeing little relevance with the bulk of the thread. I now understand better. It's EICAR anyway!

[gruntydatsun]

Hello OPS,

A little help for you,

This prints the local users to the console but from there I seem to be confused, I can not seem to find out how to then search them and return a result.

 

This line:

ConsoleWrite(_GetLocalUsers() & @CRLF)

is pushing the output to the console.  You could write it to a variable like:

$var = _GetLocalUsers()

to search that you could use StringInStr or StringRegExp



I'm not sure what you mean on the second issue.

On the third issue, you can build the webpage as a big long string just concatenating each line.  Like this.

$html = '<html><other html stuff>' & @CRLF
$html &= '<more html etc>' & @CRLF
$html &= '<third line of html>'

Then spit it out to a file called  something.htm using FileWrite.

Hope that helps a bit.

[corz]

gruntydatsun is correct, it is far better to collect all the HTML output into a $variable and then spit it out at the end of the operation.

As for collecting up the user names, it seems more sensible to gather them into an array, on which you can then perform standard array functions, search and so on..
 

$MyUsers = _GetLocalUsers()

;Retrieve Local Machine Users
Func _GetLocalUsers($host = @ComputerName)
    Local $count = 1
    Local $Users[2]
    Local $colUsers = ObjGet("WinNT://" & $host & "")
    If Not IsObj($colUsers) Then Return 0
    Dim $filter[1] = ["user"]
    $colUsers.Filter = $filter
    For $objUser In $colUsers
        $Users[$count] = $objUser.name
        $count += 1
        ReDim $Users[$count+1]
    Next
    ReDim $Users[$count]
    $Users[0] = $count-1
    $colUsers = 0
    $filter = 0
    Return $Users
EndFunc   ;==>_GetLocalUsers

That's pretty hackish but would get the job done.

No doubt someone else will come along with something more elegant!

;o) Cor

[Gonnosuke]

I recommend using AutoIt to generate and process WMI queries (keyword: winmgmts).I think you'll find that you can do nearly everything your batch file does except it will be 10x faster and the output will be far more reliable and much easier to manipulate. There are a number of really good examples here on the forums. For example:

http://www.autoitscript.com/wiki/RemoteWmiInfo      (refer to the _wmiInfo function)

'?do=embed' frameborder='0' data-embedContent>>

I wish you the best of luck with your project. It looks like a great program.

-Gonnosuke

Edited July 11, 2014 by Gonnosuke