| RID: | ",Number(user_rid).toString(10)," (",user_rid,")"," | "); - - // RegistryKeyTypeToString returns the rid prepended with "0x". We have to remove that for further processing - user_rid=String(user_rid).substr(2); + user_rid_dec=Number(user_rid).toString(10); // Get user's V key and print various infos + user_rid=String(user_rid).substr(2); // Remove "0x" var v_key=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\",user_rid),"V"); - print_v_info(v_key.value,"Full name:",0x18); - print_v_info(v_key.value,"Comment:",0x24); - print_v_info(v_key.value,"Home directory:",0x48); - print_v_info(v_key.value,"Home directory drive:",0x54); - print_v_info(v_key.value,"Logon script path:",0x60); - print_v_info(v_key.value,"Profile path:",0x6c); + var full_name=Get_v_info(v_key.value,0x18); + var comment=Get_v_info(v_key.value,0x24); + var home_dir=Get_v_info(v_key.value,0x48); + var home_dir_drive=Get_v_info(v_key.value,0x54); + var logon_script_path=Get_v_info(v_key.value,0x60); + var profile_path=Get_v_info(v_key.value,0x6c); // Get user's F key and print various infos var f_key=GetRegistryKeyValue(String().concat("\\SAM\\Domains\\Account\\Users\\",user_rid),"F"); - print_table_row("Last login time:",RegistryKeyValueToVariant(f_key.value,"filetime",8)); - print_table_row("Last pw change:",RegistryKeyValueToVariant(f_key.value,"filetime",24)); - print_table_row("Last failed login:",RegistryKeyValueToVariant(f_key.value,"filetime",40)); - print_table_row("Account expires:",RegistryKeyValueToVariant(f_key.value,"filetime",32)); - print_table_row("Total logins:",RegistryKeyValueToVariant(f_key.value,"uint16",66)); - print_table_row("Failed logins:",RegistryKeyValueToVariant(f_key.value,"uint16",64)); + var last_login_time=RegistryKeyValueToVariant(f_key.value,"filetime",8); + var last_pw_change=RegistryKeyValueToVariant(f_key.value,"filetime",24); + var last_failed_login=RegistryKeyValueToVariant(f_key.value,"filetime",40); + var account_expires=RegistryKeyValueToVariant(f_key.value,"filetime",32); + var total_logins=RegistryKeyValueToVariant(f_key.value,"uint16",66); + var failed_logins=RegistryKeyValueToVariant(f_key.value,"uint16",64); + var acc_flags=Number(RegistryKeyValueToVariant(f_key.value,"uint16",56)); - print("
| Account flags: | "); - if(acc_flags&0x0001) print("Disabled "); - if(acc_flags&0x0002) print("HomeDirReq "); - if(acc_flags&0x0004) print("PwNotReq "); - if(acc_flags&0x0008) print("TempDupAcc "); - // I don't think this would be useful to show - //if(acc_flags&0x0010) print("NormUserAcc "); - if(acc_flags&0x0020) print("MnsAcc "); - if(acc_flags&0x0040) print("DomTrustAcc "); - if(acc_flags&0x0080) print("WksTrustAcc "); - if(acc_flags&0x0100) print("SrvTrustAcc "); - if(acc_flags&0x0200) print("NoPwExpiry "); - if(acc_flags&0x0400) print("AccAutoLock "); - print(" (",acc_flags,")"); - println(" |
");
- println(" Unable to enumerate users!
");
- println(" Are you sure you are running this report against the correct registry hive?");
- println("
");
+ println(" Unable to enumerate users!
");
+ println(" Are you sure you are running this report against the correct registry hive?");
+ println("
");
- println(" Unable to enumerate users!
");
- println(" Are you sure you are running this report against the correct registry hive?");
- println("
| RID: | ",Number(user_rid).toString(10)," (",user_rid,")"," |
| Account flags: | "); if(acc_flags&0x0001) print("Disabled "); if(acc_flags&0x0002) print("HomeDirReq "); if(acc_flags&0x0004) print("PwNotReq "); if(acc_flags&0x0008) print("TempDupAcc "); // I don't think this would be useful to show //if(acc_flags&0x0010) print("NormUserAcc "); if(acc_flags&0x0020) print("MnsAcc "); if(acc_flags&0x0040) print("DomTrustAcc "); if(acc_flags&0x0080) print("WksTrustAcc "); if(acc_flags&0x0100) print("SrvTrustAcc "); if(acc_flags&0x0200) print("NoPwExpiry "); if(acc_flags&0x0400) print("AccAutoLock "); print(" (",acc_flags,")"); println(" |
");
println(" Unable to enumerate users!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
"); println("
| Active control set: | ",cur_controlset," |
| W32Time startup method: | ",w32time_startup_method," |
| W32Time NTP servers: | ",w32time_time_servers," |
");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
| Storage driver enabled: | Yes |
| Storage driver enabled: | No |
| Storage driver enabled: | Unknown |
| Storage driver enabled: | Unknown |
");
- println(" Devices
");
var storage_roots=GetRegistryNodes(cur_controlset+"\\Enum\\USBSTOR");
if(IsValid(storage_roots)) {
+ println("
| Mount point(s): | ");
- var br=0;
- for(var iii=0;iii | ");
+ search_string="#"+device_parent_id+"&";
} else {
// Since Vista, Unique IDs are used
- // Find mount point(s)
- print("
| Mount point(s): | ");
- var br=0;
- for(var iii=0;iii |
");
+ println(" ");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("
| Storage driver enabled: | Yes |
| Storage driver enabled: | No |
| Storage driver enabled: | Unknown |
| Storage driver enabled: | Unknown |
"); - - var storage_roots=GetRegistryNodes(cur_controlset+"\\Enum\\USBSTOR"); - if(IsValid(storage_roots)) { - println("
");
- println(" Unable to determine current control set!
");
- println(" Are you sure you are running this report against the correct registry hive?");
- println("
");
println(" Devices
");
var storage_roots=GetRegistryNodes(cur_controlset+"\\Enum\\USBSTOR");
if(IsValid(storage_roots)) {
for(var i=0;i
");
var storage_subroots=GetRegistryNodes(cur_controlset+"\\Enum\\USBSTOR\\"+storage_roots[i]);
for(ii=0;iiMount point(s): ");
var br=0;
for(var iii=0;iii Mount point(s): ");
var br=0;
for(var iii=0;iii
");
}
}
} else {
println(" This registry hive does not contain a list of attached USB storage devices!");
}
println("
");
println(" Unable to determine current control set!
");
println(" Are you sure you are running this report against the correct registry hive?");
println("