NTRadmin Advanced Bot Tutorial
29 Pages
English

NTRadmin Advanced Bot Tutorial

-

Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

Advanced Bots Tutorial
NTRglobal
Torres Diagonal Litoral · Josep Pla, 2
Edificio B3, 1ª Planta
08019 Barcelona (Spain)
Tel. +34 93 445 07 00 Fax +34 93 445 07 01
www.ntradmin.com www.ntrglobal.com

Offices in Barcelona - Boston - Dallas - Heidelberg - London - Madrid
Milan - Paris - Poznan - Santiago de Chile - Stockholm - Tokyo

NTRadmin – Advanced Bots Tutorial June 2007 Page 1 of 29
This document is a tutorial describing some advanced bots of
NTRadmin, and it contains information which is the property
of Net Transmit & Receive, S.L. (hereinafter referred to as
“NTR”), a Spanish company with Tax Identification Number
B-62.173.737, corporate registered address in Josep Pla, 2 –
Edificio B3, 1ª Planta, Barcelona, and registered in the
Barcelona Mercantile Registry, Volume 32.317, Sheet 83,
Page B 206.573, First Entry 1ª.

The contents of this document are property of NTR or its
suppliers, having been, in this last case, licensed or
transferred, and protected by both national and international
intellectual and industrial property laws. By virtue of the
previously mentioned, the content of this guide cannot be
copied, distributed, photocopied, reproduced, translated or
summarized, completely or partially, by no means without the
previous written authorization of NTR.

All NTR trademarks, distinguishing signs and logos that
appear in this guide are ownership of NTR and are properly
registered. Similarly, NTR ...

Subjects

Informations

Published by
Reads 91
Language English
Advanced
NTRglobal Torres Diagonal LitoralJosep Pla, 2 Edificio B3, 1ª Planta 08019 Barcelona (Spain) Tel. +34 93 445 07 00 Fax +34 93 445 07 01 www.ntradmin.com www.ntrglobal.com Offices in Barcelona - Boston - Dallas - Heidelberg - London - Madrid Milan - Paris - Poznan - Santiago de Chile - Stockholm - Tokyo  
NTR admin  Advanced Bots Tutorial
June 2007
Bots
Tutorial
 Pa e 1 of 29
 
  
NTR admin  Advanced Bots Tutorial
This document is a tutorial describing some advanced bots of NTRadminand it contains information which is the property, of Transmit & Receive, S.L Net. (hereinafter referred to as NTRa Spanish company with Tax Identification Number”), B-62.173.737, corporate registered address in Josep Pla, 2 – Edificio B3, 1ª Planta, Barcelona, and registered in the Barcelona Mercantile Registry, Volume 32.317, Sheet 83, Page B 206.573, First Entry 1ª.  
The contents of this document are property ofNTR its or suppliers, having been, in this last case, licensed or transferred, and protected by both national and international intellectual and industrial property laws. By virtue of the previously mentioned, the content of this guide cannot be copied, distributed, photocopied, reproduced, translated or summarized, completely or partially, by no means without the previous written authorization ofNTR.  
AllNTR distinguishing signs and logos that trademarks, appear in this guide are ownership ofNTR and are properly registered. Similarly,NTRinforms you that the denominations of other products, services and companies appearing in this document might also be registered trademarks of their respective and legitimate proprietors.  
© 2006Net Transmit & Receive, S.L.
June 2007
 Pa
e 2 of 29
Contents 
Introduction...................................................................................................... 4 Examples of NTRadmin Bots .......................................................................... 4 Deploy and Delete................................................................................... 4 Delete a File 6 ...................................................................................... List Installed Software............................................................................... 7 Shut down 9 ...................................................................................... Physical and Virtual Memory..................................................................... 11 Operating System and Service Pack........................................................... 13 Install Software.................................................................................... 15 Email without Installing the SMTP Service..................................................... 17 Computer's IP Address........................................................................... 19 Executes VBS with WScript...................................................................... 20 Free Disk Space................................................................................... 21 List Today’s Event Log............................................................................ 22 Restore to the Last Secure State................................................................ 27  
NTR admin  Advanced Bots Tutorial
June 2007
 Pa
e 3
of 29
Introduction
If you have already reviewed our Bot Tutorial document and want to learn more about how to create more-complex Bots, this document will provide you with examples of the code of different types of Bot that can be launched on remote computers through the NTRadmin application.   Examples of NTRadmin Bots
Deploy and Delete
 Launches a specific application and deletes its file after completion.   Windows Vista: Yes Windows Server 2003 : Yes Windows XP : Yes Windows 2000 : Yes Windows NT 4.0 : Yes Windows 98 : Yes
On Error Resume Next  Dim sURL Dim sFilename Dim iStatus Dim oShell Dim oFSO  sURL = "#PARAM url#"  _ sFilename = "app.exe"  iStatus = DownloadToFile(sURL, sFilename)  Set oShell = CreateObject("WScript.Shell") oShell.Run sFileName & " #PARAM arguments#", #PARAM show#, true _ _  Set oFSO = CreateObject("Scripting.FileSystemObject") oFSO.DeleteFile(sFilename)  Set oFSO = Nothing Set oShell = Nothing  If Err.Number <> 0 then  RESULTID = Err.Number  RESULT = Err.Description Else  RESULT = "Successful Deploy & delete" End If
_(http file) PARAM url Downloadable Online Storage file to launch over remote computers PARAM_arguments(string) Optional PARAM_url application arguments PARAM_show(integer) 0 – silent 5 – show  
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 4 of 29
  TheDeploy and Delete Bot copies an executable file from NTRadmin's file manager to a computer with the NTRadmin service installed, then executes and deletes that file.  The executable file is specified in the PARAM_URL parameter, which, being of type "http", offers a user-friendly way of selecting the file from the file manager. The process of copying the file from the file manager to the remote computer is achieved through the use of NTRadmin's own DownloadToFile(sURL, sFilename) method, where sURL is the application's path and sFilename is the name assigned to the file (in our case “app.exe”).  Once the Bot has copied the file to the remote system, it executes it.  If the executable takes parameters (for example, exampleapp.exe /user: admin.), they are entered within the PARAM_arguments parameter.  The execution is made through the Run method of the WScript.Shell. This method takes a visibility parameter (PARAM_show) that modifies the way in the which the executable functions:  - 0 the executable will be run on the remote computer without informing the user of the remote computer. - 5 the executable will open a window on the remote computer in order to make its execution totally   transparent to the remote user.  When the file's execution has been completed, the Bot will remove the executable from the remote system, creating an instance of a Scripting.FilesystemObject object and accessing its Delete method (file path).  Execution finishes with a purge of all of the open objects by assigning them to Nothing. This liberates the remote computer's resources for use in other operations.    
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 5 of 29
 Delete a File
 Deletes a file.   Windows Vista: Yes Windows Server 2003 : Yes Windows XP : Yes Windows 2000 : Yes Windows NT 4.0 : Yes Windows 98 : Yes
On Error Resume Next  Dim oFSO  Set oFSO = CreateObject("Scripting.FileSystemObject") _ oFSO.DeleteFile("#PARAM filePath#") Set oFSO = nothing  If Err.Number <> 0 then  RESULTID = Err.Number  RESULT = Err.Description  Error.Clear Else  RESULT = "Successful Delete file" End If
PARAM_filePath (string) Path of file to delete   TheDelete a FileBot deletes a file from the specified remote computer.  It creates aScripting.FileSystemObjectand deletes the file by using the Delete method (passing it the file path). This path is specified within thePARAM_filePathBot parameter.  Execution finishes with a purge of all of the open objects by assigning them to Nothing. This liberates the remote computer's resources for use in other operations.   
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 6 of 29
 List Installed Software
 Displays information, via the Windows Installer, about currently-installed software.   Windows Server 2003 : Yes Windows XP : Yes Windows 2000 : Yes Windows NT 4.0 : Yes, with WMI installed Windows 98 : Yes, with WMI installed
On Error Resume Next Dim oFSO Dim sComputer Dim oWMIService Dim cSoftware Dim sResult  sComputer = "." Set oWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & sComputer & "\root\cimv2")  _ Set cSoftware = oWMIService.ExecQuery("Select * from Win32 Product") For Each oSoftware in cSoftware  sResult = sResult & "Caption: " & oSoftware.Caption & <br>" "  sResult = sResult & "Description:" & oSoftware.Description & "<br>"  sResult sResult & "Identifying Number: " & oSoftware.IdentifyingNumber & = "<br>"  sResult = sResult & "Install Date: " & oSoftware.InstallDate2 & "<br>"  sResult = sResult & "Install Location: " & oSoftware.InstallLocation & "<br>"  sResult = sResult & "Install State: " & oSoftware.InstallState & "<br>"  sResult = sResult & "Name: " & oSoftware.Name & "<br>"  sResult = sResult & "Package Cache: " & oSoftware.PackageCache & "<br>"  sResult = sResult & "SKU Number: " & oSoftware.SKUNumber & "<br>"  sResult = sResult & "Vendor: " & oSoftware.Vendor & "<br>"  sResult = sResult & Version: " & oSoftware.Version & "<br>" "  sResult = sResult & "---------------------------------<br>" Next RESULT = sResult  Set oWMIService = Nothing Set cSoftware = Nothing  If Err.Number <> 0 then  RESULTID = Err.Number   RESULT = Err.Description  Error.Clear End If
  TheList Installed Softwaresoftware installed in the specified remote shows a list of all of the  Bot computer. To achieve that it uses the Microsoft WMI library, which is preinstalled in Windows2000 and above, and can be freely downloaded by users of older versions of the operating system. Once instantiated, this library executes queries written in WQL (the SQL query language of the WMI library), accessing the values of the WIN32_Product class, which contains all of the data of all of the software installed in a computer. The result is written to the variable sResult and is formatted using HTML code in order to present the report in a user-friendly format.  The value of sResult is assigned to NTRadmin's RESULT variable so that the HTML-formatted text is returned to the NTRadmin system as the result of a report.  
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 7 of 29
Execution finishes with a purge of all of the open objects by assigning them to Nothing. This liberates the remote computer's resources for use in other operations.   
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 8 of 29
 Shut Down
 Shuts down the computer.   Windows Vista: Yes Windows Server 2003 : Yes Windows XP : Yes Windows 2000 : Yes Windows NT 4.0 : Yes, with WMI installed Windows 98 : Yes, with WMI installed
On Error Resume Next  Dim sComputer Dim oWMIService Dim cOperatingSystems  sComputer = "."    Set oWMIService = GetObject ("winmgmts:{impersonationLevel=impersonate,(Shutdown)}\\" & sComputer & "\root\cimv2")  Set cOperatingSystems = oWMIService.ExecQuery ("Select * from Win32 OperatingSystem") _  For Each oOperatingSystem in cOperatingSystems  oOperatingSystem.Win32Shutdown(#PARAM Option#) _ Next  Set oWMIService = Nothing Set cOperatingSystems = Nothing  If Err.Number <> 0 then  RESULTID = Err.Number  RESULT = Err.Description  Error.Clear Else  RESULT = "Successful Shut Down" End If
PARAM_Option(integer) Logoff=0 – Shut Down=1 - Reboot=2 – Forced Logoff=4 – Forced Shut Down=5 – Forced Reboot=6 – Power Off=8 – Forced Power Off=12  0 Logoff. Logs off a user from a computer. Logging off stops all processes associated with the security context of the process that called the exit function, logs off the current user from the system and displays the logon dialog box.  1 Shut Down. Shuts down the computer to a point where it is safe to turn off the power. (All file buffers are flushed to disk, and all running processes are stopped). The message “It is now safe to turn off your computer” is displayed to the users. During shutdown, the system sends a message to all running applications. While processing this message, the applications perform cleanups and return a "True" value indicating that they can be terminated.  2 Reboot. Shuts down then restarts the computer.  4 Forced Logoff. Logs off the user of the computer immediately and does not notify applications that the logon session is
NTRa dmin  Advanced Bots Tutorial
June 2007
 Pa e 9 of 29
 5 Forced Shut Down. Shuts down the computer to a point where it is safe to turn off the power. (All file buffers are flushed to disk and all running processes are stopped). The message “It is now safe to turn off your computer” is displayed to the users. When the forced shutdown approach is used, all services, including WMI, are shut down immediately. Because of this, you will not be able to receive a return value if you are running the script on a remote computer.  6 Forced Reboot. Shuts down then restarts the computer. When the forced reboot approach is used, all services, including WMI, are shut down immediately. Because of this, you will not be able to receive a return value if you are running the script on a remote computer.  8 Power Off. Shuts down the computer and turns off the power (if supported by the computer in question).  12 Forced Power Off. Shuts down the computer and turns off the power (if supported by the computer in question). When the forced power off approach is used, all services, including WMI, are shut down immediately. Because of this, you will not be able to receive a return value if you are running the script on a remote computer.   TheShutDownschedules the shutdown of a remote computer.Bot  To achieve that it uses the Microsoft WMI library, which is preinstalled in Windows2000 and above, and can be freely downloaded by users of older versions of the operating system.  Once instantiated, this library executes queries written in WQL (the SQL query language of the WMI library), accessing the values of the WIN32_Product class and saves the results of the query in the cOperatingSystem collection.  The Win32Shutdown method of the Win32 Operating System class is executed during each iteration of the _ loop (with there being one iteration per operating system running on the remote computer) and it is the execution of this method that results in the shutdown. This method takes parameters that are passed within the PARAM_Option. The chosen value determines the type of shutdown, with, for example, 0 meaning that the user should be disconnected from their session, 1, that the computer will be turned off, and 2, that the computer will be restarted.  Execution finishes with a purge of all of the open objects by assigning them to Nothing. This liberates the remote computer's resources for use in other operations.    
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 10 of 29
 Physical and Virtual Memory
 Displays Physical and Virtual Memory information.   Windows Vista: Yes Windows Server 2003 : Yes Windows XP : Yes Windows 2000 : Yes Windows NT 4.0 : Yes, with WMI installed Windows 98 : Yes, with WMI installed
On Error Resume Next  Dim sComputer Dim oWMIService Dim cCSItems Dim sResult  sComputer = "."  Set oWMIService = GetObject("winmgmts:\\" & sComputer & "\root\CIMV2")   Set cCSItems = oWMIService.ExecQuery("SELECT * FROM Win32 ComputerSystem") _  For Each oCSItem In cCSItems  sResult = sResult & "Total Physical Memory: " & oCSItem.TotalPhysicalMemory & "<br> " Next  Set cOSItems = oWMIService.ExecQuery("SELECT * FROM Win32 OperatingSystem") _  For Each oOSItem In cOSItems  sResult = sResult & "Free Physical Memory: " & oOSItem.FreePhysicalMemory & "<br>"  sResult = sResult & "Total Virtual Memory: " & oOSItem.TotalVirtualMemorySize & "<br>"   sResult = sResult & "Free Virtual Memory: " & oOSItem.FreeVirtualMemory & "<br>"  sResult = sResult & "Total Visible Memory Size: " & oOSItem.TotalVisibleMemorySize & "<br>" Next  RESULT = sResult  Set oWMIService = Nothing Set cCSItems = Nonthing Set cOSItems = Nothing  If Err.Number <> 0 then  RESULTID = Err.Number  RESULT = Err.Description  Error.Clear End If
  ThePhysical and Virtual Memoryphysical and virtual memory available on a remoteBot shows the total computer.  To achieve that, it uses the Microsoft WMI library, which is preinstalled in Windows2000 and above, and can be freely downloaded by users of older versions of the operating system. Once instantiated, this library executes queries written in WQL (the SQL query language of the WMI library) on the Win32_ComputerSystem class and saves the results of the query in the cCsItems collection.  
NTR admin  Advanced Bots Tutorial
June 2007
 Pa e 11 of 29