Stolen laptop tracking with C1

zabolyx · June 15, 2017, 3:54pm

So… a machine got stolen last night… looking for ideas.

I’ve setup a user to assign to stolen devices, profile that locks down external devices, not wanting to wipe as I would like to try to track the machine.

I found some (stole) code that I’ve snagged and modified to pull network info… what else can I do? Suggestions (I don’t know python) or if anyone has an idea to put out there on things that can be done to get more info. Heck, even getting a procedure to push Prey or similar to the device and start pulling webcam shots would be nice.

I just have it pull the local IP info and then it pulls the public IP so that it can be used to help track down the machine.


import os;
import ctypes
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
with disable_file_system_redirection():
    out=os.popen('ipconfig /all').read();
    print(out);
with disable_file_system_redirection():
    out=os.popen('nslookup myip.opendns.com. resolver1.opendns.com').read();
    print(out);

nct · June 15, 2017, 6:16pm

Obviously this relies on the machine being connected to the internet before it is redisked.

mkannan · June 16, 2017, 9:54am

Hi @zabolyx
We will analyze this request and come up with better options.

Thanks,

Saikiran · July 5, 2017, 5:50am

Hi @zabolyx

The following Script tracks the Location i.e (Country, State, City, Longitude, and Latitude) and Also gives the system information

Please refer the following URL for your reference

https://scripts.itarian.com/frontend/web/topic/track-the-desktop-or-laptop

zabolyx · July 6, 2017, 7:28pm

Awesome. Sorry I hadn’t had a chance to get back on here. Beautiful job.

fischerit · August 12, 2019, 5:57pm

I’m also looking for the something like this. A client of ours had a computer stolen and its still showing up online. The link @Saikiran posted no longer works.

Jimmy · August 12, 2019, 6:00pm

@fischerit ,

We’ve updated the link. https://scripts.itarian.com/frontend/web/topic/track-the-desktop-or-laptop .

fischerit · August 12, 2019, 6:17pm

Ok the link works now and its somewhat the same script. I updated what I found and everything works now. I will still need to find other options as this only shows the general city.