先前有看到有人有類似需求,多年前總公司也有作類似的機制
最近則是我倒楣,被要求要作~~所以就作了公司要求的部分,順勢丟上來分享...
如果有人想要加功能的請回文...我會看狀況把一些東西寫成function讓大家call...
主要功能說明:
利用db.csv檔案作為索引來ping主機是否上線...
若對方不回應icmp封包,則不進行進一步動作...
若有回應則嘗試連接遠端機器,並抓取入前登入者與電腦名稱(一般企業的administrator的帳密應該都一樣,所以可以用administrator的帳密去跑這個script,不限定domain環境,因為他會是WMI impersonate的方式來連接,swbem在企業用到機會不高...有機會再說明)
若有回應但是卻無法存取遠端機器(可能目標為網路設備或者是真的沒權限存取),則會去找netbios name,嘗試把Netbios name去跟ARP記錄對應,對有回應的話,則把ARP table中遠端機器的IP替換為netbios name,不回應則保留原狀
log檔案會在script的同目錄下產生"日期.log"
這個需求可以依照來源與目標來作分析
來源則是可能為
1:ascii file
2:db (有建立資產系統的應該都會用到,但是也可以用script把db匯成ascii檔案來符合這個script所需的格式,有需要的話我再把連db的方式丟出來,目前我是沒有資產表,所以用電腦,如果覺得一次打一堆IP很麻煩,請善用excel來處理這個input file,你應該會很滿意才對)
目標可能是
1:ascii file
2:db
3: [對方的eventLog] -- 我們要抓對方,不可能不在他的電腦留下紀錄,因為很容易被user嗆,所以在允許的狀態下,往目標電腦去寫eventLog其實是一個不錯的方法(政策面,公司大,賤人自然多),更狠一點的,讓對方被抓到後,在他電腦留下互動訊息(POP UP一個訊息給他),逼對方看到他已經被抓包了
db.csv格式如下
每行必須包含兩個欄位,第一欄為IP,第二欄為注解(case insensitive)
script會抓第二欄為DHCP Client來作ping的動作
代碼:
192.168.0.2,Server
192.168.0.3,DHCP client
192.168.0.4,network switch
代碼:
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
ScriptPath = Left(WScript.ScriptFullName,Len(WScript.ScriptFullName) - Len(WScript.ScriptName))
DB = ScriptPath & "db.csv"
logfile = ScriptPath & Replace(FormatDateTime(date()),"/","-") & ".log"
If objFSO.FileExists(DB) Then
Set objTextStream = objFSO.OpenTextFile(DB, 1)
Set objTextOutStream = objFSO.CreateTextFile(logfile, True,False)
Else
WScript.Echo "Input file " & DB & " not found."
WScript.Quit
End If
Set objWMIService = GetObject("winmgmts:")
DomFail = ""
Do Until objTextStream.AtEndOfStream
data = Split(objTextStream.ReadLine,",")
If UBound(data) = 1 Then 'data format is correct and ready to ping remote hosts
If UCase(Trim(data(1))) = UCase("DHCP Client") Then 'check DHCP client Status
If OnLine(objWMIService,Trim(data(0))) Then ' machine on
HostInfo = GetHostInfo(data(0))
If Trim( HostInfo ) = "" Then
DomFail = DomFail & data(0) & ","
Else
objTextOutStream.Write data(0) & vbTab & FormatDateTime(date(),2) & " - " & FormatDateTime(time(),4) & vbCrLf &_
"===============================================================================" & vbCrLf &_
HostInfo & vbCrLf
End If
End If
End If
End If
Loop
If Trim(DomFail) <> "" Then
objTextOutStream.Write vbCrLf & "Hosts are unreachable!" & vbCRLf &_
"===============================================================================" & vbCrLf &_
GetARP_NB_Table(DomFail)
End If
objTextOutStream.Close
objTextStream.Close
Wscript.Quit
Function GetARP_NB_Table(HostList)
Set objShell = CreateObject("WScript.Shell")
Set objExec = objShell.Exec("arp -a")
ARPTable = objExec.StdOut.ReadAll
RTNARPTable = ""
For Each objHost in Split(HostList,",")
If Trim(objHost) <> "" Then
For Each objARP in Split(ARPTable,vbCrLf)
If instr(objARP,objHost) <> 0 Then ' ARP is found
Set objExec = objShell.Exec("nbtstat -A " & objHost )
NBTable = objExec.StdOut.ReadAll
For Each objNB in Split(NBTable,vbCrLf)
If instr(objNB,"<00> UNIQUE") <> 0 Then ' NB is found
objARP = Replace (objARP,"dynamic",Split(Trim(objNB)," ")(0))
End If
Next
RTNARPTable =RTNARPTable & objARP & vbCrLf
End If
Next
End If
Next
GetARP_NB_Table = RTNARPTable
End Function
Function GetHostInfo(RemoteHost)
HostInfo = ""
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate, authenticationLevel=pktPrivacy}!\\" & RemoteHost & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each obj in colItems
HostInfo = "HostName of IP Address [ " & RemoteHost & " ] : " & obj.CSName & vbCrLf
HostInfo = HostInfo & "OSInfo : " & obj.Caption & " - " & obj.CSDVersion & vbCrLf
Next
Set colItems = objWMIService.ExecQuery("Select * from Win32_computerSystem")
For Each obj in colItems
HostInfo = HostInfo & "Current Logon User Account : " & obj.UserName & vbCrLf
Next
GetHostInfo = HostInfo
End Function
Function OnLine(objWMIService,objComputer)
Set colItems = objWMIService.ExecQuery("Select * from Win32_PingStatus Where Address='" & objComputer & "'")
For Each obj in colItems
If obj.StatusCode = 0 Then
OnLine = True
Else
OnLine = False
End If
Next
End Function |
|
分享
收藏
分享
