diff --git a/CODE/CMD_Disabled_Bypass.py b/CODE/CMD_Disabled_Bypass.py
new file mode 100644
index 0000000..7e67e70
--- /dev/null
+++ b/CODE/CMD_Disabled_Bypass.py
@@ -0,0 +1,28 @@
+import pyautogui
+import time
+
+# Wait a bit to ensure the script is ready to run
+time.sleep(2)
+
+# Simulate pressing Win+R to open the Run dialog
+pyautogui.hotkey('win', 'r')
+
+# Wait a bit for the Run dialog to appear
+time.sleep(1)
+
+# Type the command to enable the command prompt
+pyautogui.write('cmd.exe /k "REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 0 /f"')
+
+# Press Enter to execute the command
+pyautogui.press('enter')
+
+# Wait a bit for the command to execute and the command prompt to open
+time.sleep(5)
+
+# Simulate pressing Alt+F4 to close the command prompt window
+pyautogui.hotkey('alt', 'f4')
+
+# Wait a bit to ensure the command prompt window is closed
+time.sleep(2)
+
+print("Command executed to enable the command prompt and the window has been closed.")
diff --git a/CODE/DebugBeta.py b/CODE/DebugBeta.py
index 62bd598..1bab35e 100644
--- a/CODE/DebugBeta.py
+++ b/CODE/DebugBeta.py
@@ -1,5 +1,6 @@
import os
import sys
+import re
import subprocess
@@ -26,6 +27,54 @@ def open_debug_file():
pass # Placeholder for adding content to DEBUG.md
+def check_vm():
+ # Command to check for virtual machine indicators in the system model information
+ command = "systeminfo | findstr /C:\"System Model\""
+
+ try:
+ # Execute the command and capture the output
+ result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True, text=True)
+
+ # Use regular expressions to check for virtual machine indicators
+ if re.search(r"VirtualBox|VBOX|VMWare", result.stdout):
+ message = "Running in a virtual machine."
+ else:
+ message = "Not running in a virtual machine."
+
+ # Write the message to a file only once, after the check is complete
+ with open(os.path.join(os.getcwd(), "DEBUG.md"), "a") as debug_file:
+ debug_file.write(f"SYSTEM: {message}
")
+ except subprocess.CalledProcessError as e:
+ # Handle errors from the subprocess call
+ message = f"Error executing command: {e.stderr}"
+ with open(os.path.join(os.getcwd(), "DEBUG.md"), "a") as debug_file:
+ debug_file.write(f"ERROR: {message}
")
+
+
+def cmd_raw(command, check):
+ # The command to be executed
+ try:
+ # Execute the command and capture the output
+ result = subprocess.run(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True, text=True)
+
+ if check == "bool": # If check is "bool", return the command output or an empty string if it's empty
+ output = result.stdout.strip() # Remove leading/trailing whitespace
+ if output: # If the output is not empty
+ return output
+ else:
+ return "" # Return an empty string if the output is empty
+ else: # Write the command output to a file
+ with open(os.path.join(os.getcwd(), "DEBUG.md"), "a") as debug_file:
+ debug_file.write(f"SYSTEM: {result.stdout}
")
+ except subprocess.CalledProcessError as e:
+ if check == "bool": # If check is "bool", return an empty string or an error message
+ return "" # Return an empty string
+ else: # Handle errors from the subprocess call
+ message = f"Error executing command: {e.stderr}"
+ with open(os.path.join(os.getcwd(), "DEBUG.md"), "a") as debug_file:
+ debug_file.write(f"ERROR: {message}
")
+
+
def check_version_file(version_file_path):
if not os.path.exists(version_file_path):
with open(os.path.join(os.getcwd(), "DEBUG.md"), "a") as debug_file:
@@ -108,6 +157,20 @@ def main():
check_uac_status()
check_admin_privileges()
check_powershell_execution_policy()
+ check_vm()
+ cmd_raw("systeminfo", "null")
+ cmd_raw("wmic bios get serialnumber", "null")
+ cmd_raw("wmic computersystem get model", "null")
+ cmd_raw("wmic computersystem get manufacturer", "null")
+ if cmd_raw("driverquery | findstr /C:\"vmxnet\"", "bool") == "":
+ with open(os.path.join(os.getcwd(), "DEBUG.md"), "a") as debug_file:
+ debug_file.write(
+ "SYSTEM: No VM Drivers Found.
")
+ else:
+ cmd_raw("driverquery | findstr /C:\"vmxnet\"", "null")
+ cmd_raw("wmic cpu get caption, name, deviceid, numberofcores, maxclockspeed, status", "null")
+ cmd_raw("wmic computersystem get totalphysicalmemory", "null")
+ cmd_raw("systeminfo | findstr /C:\"System Model\" /C:\"Manufacturer\"", "null")
if __name__ == "__main__":
diff --git a/CODE/Logicytics.py b/CODE/Logicytics.py
index b38e9ca..4dd22a0 100644
--- a/CODE/Logicytics.py
+++ b/CODE/Logicytics.py
@@ -54,7 +54,7 @@ def is_admin():
def main():
set_execution_policy()
checks()
- for script_path in ["./Copy_System_Files.py", "./Browser_And_Policies_Miner.ps1", "./Window_Features_Lister.bat",
+ for script_path in ["./CMD_Disabled_Bypass.py", "./Copy_System_Files.py", "./Browser_And_Policies_Miner.ps1", "./Window_Features_Lister.bat",
"./Antivirus_Finder.ps1", "./Simple_Password_Miner.py", "./Copy_Media.py",
"./System_Info_Grabber.py", "./Zipper.py"]:
execute_code(script_path)
diff --git a/CODE/Window_Defender_Crippler.bat b/CODE/Window_Defender_Crippler.bat
new file mode 100644
index 0000000..e7ff2ab
--- /dev/null
+++ b/CODE/Window_Defender_Crippler.bat
@@ -0,0 +1,18 @@
+@echo off
+setlocal
+
+:: Debugging: Echo the path to MpCmdRun.exe to verify it's being resolved correctly
+echo Checking MpCmdRun.exe path: C:\Program Files\Windows Defender\MpCmdRun.exe
+
+:: Check if Windows Defender signatures are removed
+for /f "tokens=*" %%a in ('"C:\Program Files\Windows Defender\MpCmdRun.exe" -ShowSignatureUpdates') do (
+ if "%%a"=="No signature updates are available." (
+ echo Signature updates are already removed. Reinstalling now...
+ "C:\Program Files\Windows Defender\MpCmdRun.exe" -UpdateSignature
+ ) else (
+ echo Signature updates are available. Removing now...
+ "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
+ )
+)
+
+endlocal
diff --git a/Credit.md b/Credit.md
index 2e2e038..2c2bd14 100644
--- a/Credit.md
+++ b/Credit.md
@@ -4,10 +4,16 @@ This project is built on the shoulders of giants and inspired by the work of man
## Bootstrap by twbs
-We are grateful for the foundational work provided by Bootstrap, a popular open-source toolkit for developing responsive, mobile-first projects on the web. Bootstrap's comprehensive documentation and community support have been invaluable in shaping our project contributing.md and Issue Templates.
+We are grateful for the work provided by Bootstrap, a popular open-source toolkit for developing responsive, mobile-first projects on the web. Bootstrap's comprehensive documentation has been valuable in shaping our project contributing.md and Issue Templates.
- [Bootstrap GitHub Repository](https://github.com/twbs/bootstrap)
+## winPEAS-ng by peas
+
+We are grateful for the foundational work provided by winPEAS, a perfect open-source tool for scanning dynamic window systems in a responsive, colorful manner. winPEAS's comprehensive documentation has been invaluable in helping indirectly shape our project by allowing escalation and post-exploitation actions.
+
+- [winPEAS-ng GitHub Repository](https://github.com/peass-ng)
+
## evil3ad for Collect-MemoryDump
We would like to extend our sincere thanks to evil3ad for the development and incorporation of Collect-MemoryDump into our main project. This tool has been instrumental in automating the process of memory dump collection, significantly improving our efficiency and effectiveness in forensic investigations.
@@ -16,7 +22,7 @@ We would like to extend our sincere thanks to evil3ad for the development and in
## Magnet Forensics
-Magnet Forensics has been a crucial dependency for our tool, providing essential functionalities that have enriched our capabilities. We are grateful for the following tools from Magnet Forensics that have been integrated into our workflow:
+Magnet Forensics has been a crucial dependency for our tool, providing essential functionalities that have enriched our abilities. We are grateful for the following tools from Magnet Forensics that have been integrated into our workflow:
- [MAGNET DumpIt for Windows](https://www.magnetforensics.com/resources/magnet-dumpit-for-windows/)
- [MAGNET Encrypted Disk Detector](https://www.magnetforensics.com/resources/encrypted-disk-detector/)
diff --git a/EXPLAIN/CMD Disabled Bypass Explained.md b/EXPLAIN/CMD Disabled Bypass Explained.md
new file mode 100644
index 0000000..ee12379
--- /dev/null
+++ b/EXPLAIN/CMD Disabled Bypass Explained.md
@@ -0,0 +1,27 @@
+# Python Script Explanation
+
+This Python script uses the `pyautogui` library to automate the process of enabling the Command Prompt on a Windows system through the Registry Editor. It follows these steps:
+
+1. **Wait**: The script starts by waiting for 2 seconds to ensure it's ready to run. This delay can be adjusted based on the system's responsiveness.
+
+2. **Open Run Dialog**: It simulates pressing the `Win+R` keys to open the Run dialog box, which is used to execute commands directly from the Windows desktop.
+
+3. **Wait for Run Dialog**: After opening the Run dialog, the script waits for 1 second to ensure the dialog is ready to accept input.
+
+4. **Type Command**: It then uses `pyautogui.write` to type a command into the Run dialog. This command uses `REG add` to modify the Windows Registry and set the `DisableCMD` value under `HKCU\Software\Policies\Microsoft\Windows\System` to `0`, effectively enabling the Command Prompt. The `/k` switch is used to keep the Command Prompt window open after executing the command.
+
+5. **Execute Command**: After typing the command, the script simulates pressing the `Enter` key to execute the command.
+
+6. **Wait for Command Execution**: It waits for 5 seconds to allow the command to execute and the Command Prompt window to open. This delay can vary based on system performance and the time it takes for the Registry change to take effect.
+
+7. **Close Command Prompt**: Once the Command Prompt window is open, the script simulates pressing `Alt+F4` to close the window.
+
+8. **Wait for Window Closure**: Finally, it waits for 2 seconds to ensure the Command Prompt window is closed before proceeding.
+
+9. **Print Completion Message**: The script prints a message indicating that the command has been executed to enable the Command Prompt, and the window has been closed.
+
+## Usage
+
+This script is useful for automating the process of enabling the Command Prompt on a Windows system, which can be particularly helpful in environments where the Command Prompt is disabled by default. It provides a quick and efficient way to re-enable the Command Prompt without manually navigating through the Registry Editor or Group Policy settings.
+
+However, it's important to note that modifying the Windows Registry can have significant effects on the system's behavior and security. Therefore, this script should be used with caution and understanding of the implications. Additionally, the use of `pyautogui` for automating keyboard and mouse inputs can be affected by screen resolution, DPI settings, and other factors, so it may require adjustments for different systems or environments.
\ No newline at end of file
diff --git a/EXPLAIN/Windows Defender Crippler Explained.md b/EXPLAIN/Windows Defender Crippler Explained.md
new file mode 100644
index 0000000..ab8bcd8
--- /dev/null
+++ b/EXPLAIN/Windows Defender Crippler Explained.md
@@ -0,0 +1,55 @@
+# Batch Script Explanation
+
+This batch script is designed to manage the Windows Defender signatures on a Windows system. It checks if Windows Defender signatures are already removed and then either reinstalls them or removes all signature updates, depending on the current state. Here's a detailed breakdown of its functionality:
+
+## Script Breakdown
+
+### `@echo off`
+
+This command turns off the display of commands in the command prompt window, making the output cleaner and easier to read.
+
+### `setlocal`
+
+This command starts a new local environment for the batch file. Variables and environment changes made within this script will not affect the global environment.
+
+### `for /f "tokens=*"`
+
+This loop iterates over the output of the command enclosed in parentheses. The `tokens=*` option ensures that the entire line is treated as a single token, allowing the script to work with the full output of the command.
+
+### `"%Program Files%\Windows Defender\MpCmdRun.exe" -ShowSignatureUpdates`
+
+This command runs the Windows Defender `MpCmdRun.exe` utility with the `-ShowSignatureUpdates` option, which checks for available signature updates. The output of this command is processed by the `for` loop.
+
+### `if "%%a"=="No signature updates are available."`
+
+This conditional statement checks if the output from the `MpCmdRun.exe` command indicates that no signature updates are available. If this condition is true, it means that Windows Defender signatures are already removed.
+
+### `echo Signature updates are already removed. Reinstalling now...`
+
+If the signatures are already removed, the script echoes a message indicating that it will now reinstall the signatures.
+
+### `"%Program Files%\Windows Defender\MpCmdRun.exe" -UpdateSignature`
+
+This command runs the `MpCmdRun.exe` utility with the `-UpdateSignature` option, which reinstalls the Windows Defender signatures.
+
+### `else`
+
+If the signatures are not already removed, the script proceeds to the `else` block.
+
+### `echo Signature updates are available. Removing now...`
+
+This message indicates that the script will now remove all signature updates.
+
+### `"%Program Files%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All`
+
+This command runs the `MpCmdRun.exe` utility with the `-RemoveDefinitions -All` options, which removes all signature updates from Windows Defender.
+
+### `endlocal`
+
+This command ends the local environment started by `setlocal`, returning control to the global environment.
+
+## Usage
+
+This script is useful for managing Windows Defender signatures, especially in scenarios where you need to ensure that all signature updates are removed or reinstated. It provides a straightforward way to check the current state of Windows Defender signatures and perform the necessary action based on that state.
+
+However, it's important to use such scripts with caution, as removing or reinstalling Windows Defender signatures can affect the system's security and functionality. Always ensure that you understand the implications of these actions and consider the security requirements of your system.
\ No newline at end of file
diff --git a/EXTRA/GodMode.py b/EXTRA/GodMode.py
new file mode 100644
index 0000000..2caff8e
--- /dev/null
+++ b/EXTRA/GodMode.py
@@ -0,0 +1,23 @@
+import pyautogui
+
+
+def open_run_dialog():
+ # Press Windows + R
+ pyautogui.hotkey('win', 'r')
+
+
+def type_and_execute_command():
+ # Type the command
+ command = "shell:::{ED7BA470-8E54-465E-825C-99712043E01C}"
+ pyautogui.write(command)
+ # Press Enter to execute the command
+ pyautogui.press('enter')
+
+
+def main():
+ open_run_dialog()
+ type_and_execute_command()
+
+
+if __name__ == "__main__":
+ main()
diff --git a/EXTRA/What Is This.md b/EXTRA/What Is This.md
index 6e81616..58216ba 100644
--- a/EXTRA/What Is This.md
+++ b/EXTRA/What Is This.md
@@ -18,7 +18,7 @@ All tools are archived, to use them extract them to the same directory... Still
3. **Following On-Screen Instructions:** After executing the script, follow the on-screen instructions provided by the tool. This process can take approximately 1 hour to complete, depending on the system's specifications and the amount of data being processed.
-### God_Mode for Setting manipulation
+### GodMode for Setting manipulation
**Tool Description:** `God_Mode.py` by DefinetlyNotAI is a utility designed to automatically open god-mode without leaving traces. It's a powerful tool that can be used for educational purposes to manipulate certain settings usually scattered in the control panel.
diff --git a/EXTRA/winPEAS.rar b/EXTRA/winPEAS.rar
new file mode 100644
index 0000000..b0393be
Binary files /dev/null and b/EXTRA/winPEAS.rar differ
diff --git a/README.md b/README.md
index df1c22d..e382a69 100644
--- a/README.md
+++ b/README.md
@@ -2,11 +2,9 @@
Welcome to **Logicytics** (Spelled Loj-ee-cit-iks), a powerful tool designed to harvest and collect a wide range of windows system data for forensics, it is a actively worked on project that uses python as its main language, its whole idea is it effectively gathers as much sensitive data as possible and outputs it into a ZIP file. This guide will help you get started with using DataVoyager effectively.
-This Software is around `32MB` as in version `1.1.2`.
-
## Prerequisites
-Before running Logicytics, it's recommended to first disable User Account Control (UAC) to ensure smooth operation. You can do this by running the `UACPY.py` script as an administrator in the Command Prompt (cmd). Here's how:
+Before running Logicytics, it's recommended to first disable User Account Control (UAC) to ensure smooth operation as well as enable cmd. You can do this by running the `UACPY.py` script as an administrator in the Command Prompt (cmd). Here's how:
1. Open Command Prompt as an administrator. You can do this by searching for `cmd` in the Start menu, right-clicking on it, and selecting "Run as administrator".
2. Navigate to the directory where `UACPY.py` is located.
@@ -15,7 +13,10 @@ Before running Logicytics, it's recommended to first disable User Account Contro
```powershell
python UACPY.py
```
-
+or
+```powershell
+.\UACPY.py
+```
Please note that this assumes you have Python installed on your system and that the `UACPY.py` script is located in the directory you navigate to in step 2. If Python is not installed or if you encounter any issues, you may need to install Python or adjust the command to point to your Python executable if it's not in your system's PATH.
It's also recommended to install all needed libraries, Here is how:
@@ -28,6 +29,13 @@ It's also recommended to install all needed libraries, Here is how:
pip install -r requirements.txt
```
+Finally its recommended to cripple windows defender, you can try to do so by running the following command (Please note it might not always work, and you will need ADMIN to run the script!):
+
+```powershell
+.\Window_Defender_Crippler.bat
+```
+
+Running it again will re-install those signatures, so after completing your job, re-run this file again.
## Running Logicytics
To run the main program, you need to execute `Logicytics.py` with administrative privileges (Note its not needed to run as admin, but half of it's functionality would be disabled). Follow these steps:
@@ -39,6 +47,10 @@ To run the main program, you need to execute `Logicytics.py` with administrative
```cmd
python Logicytics.py
```
+or
+```powershell
+.\Logicytics.py
+```
## Running Debugger
@@ -52,6 +64,10 @@ To run the debugger program (Still in beta versions), you need to execute `Debug
```cmd
python DebugBeta.py
```
+or
+```powershell
+.\DebugBeta.py
+```
Make sure the `.structure` file is present, if you don't have it, redownload the `structure.py` found in the SYSTEM directory of the this repo.
@@ -76,4 +92,4 @@ Make sure the `.structure` file is present, if you don't have it, redownload the
Logicytics is a powerful tool for system data analysis. By following the instructions above, you can ensure a smooth and effective data collection process. Remember, the key to successful data harvesting is patience and adherence to the guidelines provided. Happy data mining!
-And We are not responsible for any illegal usage of this product.
+We are not responsible for any illegal usage of this product.
diff --git a/SYSTEM/Logicystics.structure b/SYSTEM/Logicystics.structure
index b812439..7892ef3 100644
--- a/SYSTEM/Logicystics.structure
+++ b/SYSTEM/Logicystics.structure
@@ -8,9 +8,9 @@
=structure.py
=CODE\Antivirus_Finder.ps1
=CODE\Browser_And_Policies_Miner.ps1
+=CODE\CMD_Disabled_Bypass.py
=CODE\Copy_Media.py
=CODE\Copy_System_Files.py
-=CODE\DEBUG.md
=CODE\DebugBeta.py
=CODE\Logicytics.py
=CODE\Simple_Password_Miner.py
@@ -18,10 +18,12 @@
=CODE\Tree_Command.bat
=CODE\UAC.ps1
=CODE\UACPY.py
+=CODE\Window_Defender_Crippler.bat
=CODE\Window_Features_Lister.bat
=CODE\Zipper.py
=EXPLAIN\Antivirus Finder Explained.md
=EXPLAIN\Browser And Policies Miner Explained.md
+=EXPLAIN\CMD Disabled Bypass Explained.md
=EXPLAIN\Copy Media Explained.md
=EXPLAIN\Copy System Files Explained.md
=EXPLAIN\DebugBeta Explained.md
@@ -32,4 +34,5 @@
=EXPLAIN\UAC Explained.md
=EXPLAIN\UACPY Explained.md
=EXPLAIN\Window Features Lister Explained.md
+=EXPLAIN\Windows Defender Crippler Explained.md
=EXPLAIN\Zipper Explained.md
diff --git a/requirements.txt b/requirements.txt
index 410f7aa..599cc3f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,4 +13,4 @@ socket
re
uuid
psutil
-wmi
+wmi
\ No newline at end of file