So… a machine got stolen last night… looking for ideas.
I’ve setup a user to assign to stolen devices, profile that locks down external devices, not wanting to wipe as I would like to try to track the machine.
I found some (stole) code that I’ve snagged and modified to pull network info… what else can I do? Suggestions (I don’t know python) or if anyone has an idea to put out there on things that can be done to get more info. Heck, even getting a procedure to push Prey or similar to the device and start pulling webcam shots would be nice.
I just have it pull the local IP info and then it pulls the public IP so that it can be used to help track down the machine.
import os;
import ctypes
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
with disable_file_system_redirection():
out=os.popen('ipconfig /all').read();
print(out);
with disable_file_system_redirection():
out=os.popen('nslookup myip.opendns.com. resolver1.opendns.com').read();
print(out);