API tools faq
paste
Advertisement
opexxx

vssown.vbs

opexxx
Feb 23rd, 2014
746
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.81 KB | None | 0 0
raw download clone embed print report
  1. REM Volume Shadow Copy Management from CLI.
  2. REM Part of the presentation "Lurking in the Shadows" by Mark Baggett and Tim "LaNMaSteR53" Tomes.
  3. REM Co-developed by Mark Baggett (@MarkBaggett) and Tim Tomes (@lanmaster53).
  4.  
  5. Set args = WScript.Arguments
  6.  
  7. if args.Count < 1 Then
  8. wscript.Echo "Usage: cscript vssown.vbs [option]"
  9. wscript.Echo
  10. wscript.Echo " Options:"
  11. wscript.Echo
  12. wscript.Echo " /list - List current volume shadow copies."
  13. wscript.Echo " /start - Start the shadow copy service."
  14. wscript.Echo " /stop - Halt the shadow copy service."
  15. wscript.Echo " /status - Show status of shadow copy service."
  16. wscript.Echo " /mode - Display the shadow copy service start mode."
  17. wscript.Echo " /mode [Manual|Automatic|Disabled] - Change the shadow copy service start mode."
  18. wscript.Echo " /create [drive_letter] - Create a shadow copy."
  19. wscript.Echo " /delete [id|*] - Delete a specified or all shadow copies."
  20. wscript.Echo " /mount [path] [device_object] - Mount a shadow copy to the given path."
  21. wscript.Echo " /execute [\path\to\file] - Launch executable from within an umounted shadow copy."
  22. wscript.Echo " /store - Display storage statistics."
  23. wscript.Echo " /size [bytes] - Set drive space reserved for shadow copies."
  24. REM build_off
  25. wscript.Echo " /build [filename] - Print pasteable script to stdout."REM no_build
  26. REM build_on
  27. wscript.Quit(0)
  28. End If
  29.  
  30. strComputer = "."
  31. Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
  32.  
  33. Select Case args.Item(0)
  34.  
  35. Case "/list"
  36. Wscript.Echo "SHADOW COPIES"
  37. Wscript.Echo "============="
  38. Wscript.Echo
  39. Set colItems = objWMIService.ExecQuery("Select * from Win32_ShadowCopy")
  40. For Each objItem in colItems
  41. Wscript.Echo "[*] ID: " & objItem.ID
  42. Wscript.Echo "[*] Client accessible: " & objItem.ClientAccessible
  43. Wscript.Echo "[*] Count: " & objItem.Count
  44. Wscript.Echo "[*] Device object: " & objItem.DeviceObject
  45. Wscript.Echo "[*] Differential: " & objItem.Differential
  46. Wscript.Echo "[*] Exposed locally: " & objItem.ExposedLocally
  47. Wscript.Echo "[*] Exposed name: " & objItem.ExposedName
  48. Wscript.Echo "[*] Exposed remotely: " & objItem.ExposedRemotely
  49. Wscript.Echo "[*] Hardware assisted: " & objItem.HardwareAssisted
  50. Wscript.Echo "[*] Imported: " & objItem.Imported
  51. Wscript.Echo "[*] No auto release: " & objItem.NoAutoRelease
  52. Wscript.Echo "[*] Not surfaced: " & objItem.NotSurfaced
  53. Wscript.Echo "[*] No writers: " & objItem.NoWriters
  54. Wscript.Echo "[*] Originating machine: " & objItem.OriginatingMachine
  55. Wscript.Echo "[*] Persistent: " & objItem.Persistent
  56. Wscript.Echo "[*] Plex: " & objItem.Plex
  57. Wscript.Echo "[*] Provider ID: " & objItem.ProviderID
  58. Wscript.Echo "[*] Service machine: " & objItem.ServiceMachine
  59. Wscript.Echo "[*] Set ID: " & objItem.SetID
  60. Wscript.Echo "[*] State: " & objItem.State
  61. Wscript.Echo "[*] Transportable: " & objItem.Transportable
  62. Wscript.Echo "[*] Volume name: " & objItem.VolumeName
  63. Wscript.Echo
  64. Next
  65. wscript.Quit(0)
  66.  
  67. Case "/start"
  68. Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='VSS'")
  69. For Each objService in colListOfServices
  70. objService.StartService()
  71. Wscript.Echo "[*] Signal sent to start the " & objService.Name & " service."
  72. Next
  73. wscript.Quit(0)
  74.  
  75. Case "/stop"
  76. Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='VSS'")
  77. For Each objService in colListOfServices
  78. objService.StopService()
  79. Wscript.Echo "[*] Signal sent to stop the " & objService.Name & " service."
  80. Next
  81. wscript.Quit(0)
  82.  
  83. Case "/status"
  84. Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='VSS'")
  85. For Each objService in colListOfServices
  86. Wscript.Echo "[*] " & objService.State
  87. Next
  88. wscript.Quit(0)
  89.  
  90. Case "/mode"
  91. Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='VSS'")
  92. For Each objService in colListOfServices
  93. if args.Count < 2 Then
  94. Wscript.Echo "[*] " & objService.Name & " service set to '" & objService.StartMode & "' start mode."
  95. Else
  96. mode = LCase(args.Item(1))
  97. if mode = "manual" or mode = "automatic" or mode = "disabled" Then
  98. errResult = objService.ChangeStartMode(mode)
  99. Wscript.Echo "[*] " & objService.Name & " service set to '" & mode & "' start mode."
  100. Else
  101. Wscript.Echo "[*] '" & mode & "' is not a valid start mode."
  102. End If
  103. END If
  104. Next
  105. wscript.Quit(errResult)
  106.  
  107. Case "/create"
  108. VOLUME = args.Item(1) & ":\"
  109. Const CONTEXT = "ClientAccessible"
  110. Set objShadowStorage = objWMIService.Get("Win32_ShadowCopy")
  111. Wscript.Echo "[*] Attempting to create a shadow copy."
  112. errResult = objShadowStorage.Create(VOLUME, CONTEXT, strShadowID)
  113. wscript.Quit(errResult)
  114.  
  115. Case "/delete"
  116. id = args.Item(1)
  117. Set colItems = objWMIService.ExecQuery("Select * From Win32_ShadowCopy")
  118. For Each objItem in colItems
  119. if objItem.ID = id Then
  120. Wscript.Echo "[*] Attempting to delete shadow copy with ID: " & id
  121. errResult = objItem.Delete_
  122. ElseIf id = "*" Then
  123. Wscript.Echo "[*] Attempting to delete shadow copy " & objItem.DeviceObject & "."
  124. errResult = objItem.Delete_
  125. End If
  126. Next
  127. wscript.Quit(errResult)
  128.  
  129. Case "/mount"
  130. Set WshShell = WScript.CreateObject("WScript.Shell")
  131. link = args.Item(1)
  132. sc = args.Item(2) & "\"
  133. cmd = "cmd /C mklink /D " & link & " " & sc
  134. WshShell.Run cmd, 2, true
  135. Wscript.Echo "[*] " & sc & " has been mounted to " & link & "."
  136. wscript.Quit(0)
  137.  
  138. Case "/execute"
  139. file = args.Item(1)
  140. Set colItems = objWMIService.ExecQuery("Select * From Win32_ShadowCopy")
  141. Set objProcess = objWMIService.Get("Win32_Process")
  142. For Each objItem in colItems
  143. path = Replace(objItem.DeviceObject,"?",".") & file
  144. intReturn = objProcess.Create(path)
  145. if intReturn <> 0 Then
  146. wscript.Echo "[*] Process could not be created from " & path & "."
  147. wscript.Echo "[*] ReturnValue = " & intReturn
  148. Else
  149. wscript.Echo "[!] Process created from " & path & "."
  150. wscript.Quit(0)
  151. End If
  152. Next
  153. wscript.Quit(0)
  154.  
  155. Case "/store"
  156. Wscript.Echo "SHADOW STORAGE"
  157. Wscript.Echo "=============="
  158. Wscript.Echo
  159. Set colItems = objWMIService.ExecQuery("Select * from Win32_ShadowStorage")
  160. For Each objItem in colItems
  161. Wscript.Echo "[*] Allocated space: " & FormatNumber(objItem.AllocatedSpace / 1000000,0) & "MB"
  162. Wscript.Echo "[*] Maximum size: " & FormatNumber(objItem.MaxSpace / 1000000,0) & "MB"
  163. Wscript.Echo "[*] Used space: " & FormatNumber(objItem.UsedSpace / 1000000,0) & "MB"
  164. Wscript.Echo
  165. Next
  166. wscript.Quit(0)
  167.  
  168. Case "/size"
  169. storagesize = CDbl(args.Item(1))
  170. Set colItems = objWMIService.ExecQuery("Select * from Win32_ShadowStorage")
  171. For Each objItem in colItems
  172. objItem.MaxSpace = storagesize
  173. objItem.Put_
  174. Next
  175. Wscript.Echo "[*] Shadow storage space has been set to " & FormatNumber(storagesize / 1000000,0) & "MB."
  176. wscript.Quit(0)
  177.  
  178. REM build_off
  179. Case "/build"
  180. build = 1
  181. Const ForReading = 1
  182. Set objFSO = CreateObject("Scripting.FileSystemObject")
  183. Set objTextFile = objFSO.OpenTextFile("vssown.vbs", ForReading)
  184. Do Until objTextFile.AtEndOfStream
  185. strNextLine = objTextFile.Readline
  186. if InStr(strNextLine,"REM build_off") = 3 Then
  187. build = 0
  188. End If
  189. if strNextLine <> "" and build = 1 Then
  190. strNextLine = Replace(strNextLine,"&","^&")
  191. strNextLine = Replace(strNextLine,">","^>")
  192. strNextLine = Replace(strNextLine,"<","^<")
  193. wscript.Echo "echo " & strNextLine & " >> " & args.Item(1)
  194. End If
  195. if InStr(strNextLine,"REM build_on") = 3 Then
  196. build = 1
  197. End If
  198. Loop
  199. wscript.Quit(0)
  200. REM build_on
  201.  
  202. End Select
  203. Hide details
  204. Change log
  205. r6 by tjt1980 on Oct 18, 2012 Diff
  206. updated credits for vssown.vbs.
  207. Go to:
  208. Older revisions
  209. r1 by tjt1980 on Aug 21, 2012 Diff
  210. All revisions of this file
  211. File info
  212. Size: 8744 bytes, 202 lines
  213. View raw file
  214. File properties
  215. svn:executable
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!