This is a survey script - that is, once tasked with surveying a potentially compromised Windows host, use this as one of your first tools to determine what has gone wrong.
This was basically born out of my frustration with the WMIC tool for Windows failing to format its output in an acceptable manner. Thus, I have committed to the silly idea of using Python, the Python WMI module, and Py2exe in order to code in Python, access Win32 APIs, and package it all up into an executable runnable on any Windows host.
- Make sure you have Python 2.7, the Python WMI module and py2exe. If this is your first time installing all of this, you'll probably also need pywin32 extensions. Other versions of the above may work but are untested.
- Run the batch script - it will create a 'dist' directory and within it, the win_survey_script.exe executable.
- Run win_survey_script.exe on the compromised machine to determine what's going wrong - it will create a win_survey_results.txt in the same directory.