import os from subprocess import PIPE, Popen import ctypes import sys import difflib,filecmp class disable_file_system_redirection: _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection def __enter__(self): self.old_value = ctypes.c_long() self.success = self._disable(ctypes.byref(self.old_value)) def __exit__(self, type, value, traceback): if self.success: self._revert(self.old_value) class ExecutionPolicy: def __enter__(self): with disable_file_system_redirection(): #getting current executionpolicy self.old_policy = os.popen('powershell "Get-ExecutionPolicy"').read().strip() #setting execution policy to RemoteSigned os.popen('powershell "Set-ExecutionPolicy RemoteSigned"').read() def __exit__(self, type, value, traceback): with disable_file_system_redirection(): #setting execution policy back to previous policy os.popen('powershell "Set-ExecutionPolicy %s"'%(self.old_policy)).read() def alert(arg): sys.stderr.write("%d%d%d" % (arg, arg, arg)) def ecmd(command): from subprocess import Popen, PIPE import ctypes with disable_file_system_redirection(): obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE) out, err = obj.communicate() ret=obj.returncode return ret,out,err text = "" PScontent = r""" function Get-LocalAdministrators { param ($strcomputer) $admins = Get-WmiObject win32_groupuser -computer $strcomputer $admins = $admins |? {$_.groupcomponent -like '*"Administrators"'} $admins | ForEach-Object { $_.partcomponent -match ".+Domain\=(.+)\,Name\=(.+)$" > $nul $matches[1].trim('"') + "\" + $matches[2].trim('"') } } Get-LocalAdministrators localhost """ ps_name='admin_list_file.ps1' ps_path=os.path.join(os.environ['TEMP'], ps_name) with open(ps_path, 'wb') as wr: wr.write(PScontent) with ExecutionPolicy(): ret,out,err = ecmd('powershell "%s"'%ps_path) LG_admins = [x.strip() for x in out.strip().splitlines()] file_dir= os.path.join(os.environ['ProgramData'],'AdminList') if not os.path.exists(file_dir): os.makedirs(file_dir) print("running this script for the first time on this machine") fileToSend1=os.path.join(file_dir,'adminlist1.txt') fileToSend2=os.path.join(file_dir,'adminlist2.txt') file1=fileToSend1 file2=fileToSend2 def files(): if os.path.exists(fileToSend1): fnd=1 else: fnd=2 return fnd def write(): f=files() os.chdir(file_dir) if f==2: with open(fileToSend1, 'w+') as f: for i in LG_admins: f.write("%s\n"%(i)) with open(fileToSend2, 'w+') as f: for i in LG_admins: f.write("%s\n"%(i)) if f==1: with open(fileToSend2, 'w+') as f: for i in LG_admins: f.write("%s\n"%(i)) def compare(): global text ale=0 with open(file1) as file: data=file.read() with open(file2) as file: data2=file.read() text1Lines = data.splitlines(1) text2Lines = data2.splitlines(1) diffInstance = difflib.Differ() if len(text1Lines)==len(text2Lines): diffList = list(diffInstance.compare(text2Lines, text1Lines)) li=[] li1=[] for line in diffList: if line.startswith('+'): k=line.strip().strip('+') li.append(k) if line.startswith('-'): k1=line.strip().strip('-') li1.append(k1) if li and li1: ale=1 for i in li : for j in li1 : print('old user "%s" from the localgroup administrators has been replaced with new user "%s"'%(i.strip(),j.strip())) else: print("No changes in local administrators group") ale=0 else: diffList = list(diffInstance.compare(text2Lines, text1Lines)) for line in diffList: if line[0] == '-': print('new user "%s" has been added to localgroup administrators'%(line.strip('-').strip())) ale=1 diffList = list(diffInstance.compare(text1Lines, text2Lines)) for line in diffList: if line[0] == '-': print('"%s" user has been removed from localgroup administrators'%(line.strip('-').strip())) ale=1 return ale write() def remove(): os.remove(fileToSend1) os.rename(fileToSend2,fileToSend1) c=compare() if c==1: alert(1) remove() os.remove(ps_path) else: alert(0) remove() os.remove(ps_path)