Link to home
Start Free TrialLog in
Avatar of urobins
urobins

asked on

Autorun script from USB drive

I am doing some security testing at my company and had read about people loading USB drives with a script that auto-runs when inserted and sending email etc back.  I was hoping to try this and see how closely my users follow policy.

Does anyone know how I could code a script that would report username/computer name and either email it to me or create a log file on the network?  I just want to see who takes these and plugs them in so we can lecture them.   Thanks for any help.  I have been toying with a VB script that can report the info I need, but I don't know how to tell it to email or autorun.  Thanks for any help you guys can give!

Avatar of omgang
omgang
Flag of United States of America image
Dim objNet, strUserID, strComputerName

'get currently logged on username and local computer name
Set objNet = CreateObject("WScript.Network")
strUserID = objNet.UserName
strComputerName = objNet.ComputerName
Set objNet = Nothing




In the function below you need to supply a value for strSMTPGateway; it can be an IP addy or something like mail.mydomain.com

The function is designed to take input parameters for sender address, recipient, subject, message body, etc.; you should revise it to explicitly assign values for those in the function.

Note - the SMTP gateway address will be the weak link of the script; if your users plug in the USB drive outside your network then the e-mail message will most likely fail (because the message will be received from outside the domain of your gateway and will be seen as an attempted relay)

Function SendEmail(strFrom, strTo, strSubj, strMsg, blImportanceHigh, blPriorityHigh)
'send e-mail message to specified address(es)

Dim objMessage, objCon

Set objMessage = CreateObject("CDO.Message")
Set objCon = CreateObject("CDO.Configuration")
'variable strSMTPGateway assigned in main script config section
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTPGateway
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objCon.Fields.Update
Set objMessage.Configuration = objCon
objMessage.Subject = strSubj
objMessage.From = strFrom
'variable strEmailRecipAddy assigned in main script config section
objMessage.To = strTo
'variable strFullMessage assigned in main script
objMessage.TextBody = strMsg
'check boolean variable to see if we should set importance High for this message
If blImportanceHigh = True Then
'set message importance - high,normal,low
objMessage.Fields.Item("urn:schemas:mailheader:importance").Value = "high"
End If
'check boolean variable to see if we should set priority 1 for this message
If blPriorityHigh = True Then
'set message priority - 1, 0 , -1
objMessage.Fields.Item("urn:schemas:mailheader:priority").Value = 1
End If

objMessage.Fields.Update()
objMessage.Send
Set objMessage = Nothing
Set objCon = Nothing
End Function


OM Gang
Avatar of urobins
urobins

ASKER

Thanks, I'll give this a shot and report back how it went.  I appreciate the help.
Avatar of urobins
urobins

ASKER

This looks good, yeah actually if they plug them in outside the network we don't really care so much.  We really just care about inside so this should work, I will try it in the AM and see how it goes.  THanks again.
Avatar of urobins
urobins

ASKER

Just curious how would I go about building this?  Kind of new to scripting would I need to use two files?  or can this go into one vbs?

Thanks again!

Sorry I didn't make it in to work yesterday just trying this now.
Avatar of omgang
omgang
Flag of United States of America image
Single script.

Try this one out.  You need to change the values for
strSender
strRecip
strSubject
strMessage

and in the function
strSMTPGateway - this will be the mail server you want to send via

Save the script as a .vbs file.

OM Gang
Dim objNet, strUserID, strComputerName, strMessage
Dim strSender, strRecip, strSubject
 
'get currently logged on username and local computer name 
Set objNet = CreateObject("WScript.Network") 
strUserID = objNet.UserName 
strComputerName = objNet.ComputerName 
Set objNet = Nothing
 
strSender = "omgang@ee.com"
strRecip = "urobins@ee.com"
strSubject = "USB Drive Use Notification"
 
strMessage = "Danger U Robins! User " & strUserID & " just utilized a USB drive on machine " _
    & strComputerName & "."
 
Call SendEmail(strSender, strRecip, strSubject, strMessage, True, True)
 
WScript.Quit
 
Function SendEmail(strFrom, strTo, strSubj, strMsg, blImportanceHigh, blPriorityHigh) 
'send e-mail message to specified address(es) 
 
Dim objMessage, objCon, strSMTPGateway
 
Set objMessage = CreateObject("CDO.Message") 
Set objCon = CreateObject("CDO.Configuration")
 
    'address for mail server
strSMTPGateway = "mail.ee.com"
 
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTPGateway 
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 
objCon.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60 
objCon.Fields.Update 
Set objMessage.Configuration = objCon 
objMessage.Subject = strSubj 
objMessage.From = strFrom 
objMessage.To = strTo 
objMessage.TextBody = strMsg 
'check boolean variable to see if we should set importance High for this message 
If blImportanceHigh = True Then 
'set message importance - high,normal,low 
objMessage.Fields.Item("urn:schemas:mailheader:importance").Value = "high" 
End If 
'check boolean variable to see if we should set priority 1 for this message 
If blPriorityHigh = True Then 
'set message priority - 1, 0 , -1 
objMessage.Fields.Item("urn:schemas:mailheader:priority").Value = 1 
End If 
 
objMessage.Fields.Update() 
objMessage.Send 
Set objMessage = Nothing 
Set objCon = Nothing 
End Function

Open in new window

Avatar of urobins
urobins

ASKER

Thanks, I'll give this a shot.  I appreciate the help!
Avatar of urobins
urobins

ASKER

Thanks the script works great if I click it to launch it, when I try to use the autorun.inf off of the usb it attempts to launch but tells me that the file is not a win32 application, any ideas on how I can get it to launch?  Do I need to save this as an exe somehow?
Avatar of urobins
urobins

ASKER

Actually I got it figured out I think.  I appreciate the help.  1 last question if you don't mind is there a way to also store this info locally on the machine in a text file like the c drive?  That way if a user does this at home it will store a file I can scan on when they reconnect?  Thanks again for all of your help!
ASKER CERTIFIED SOLUTION
Avatar of omgang
omgang
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of urobins
urobins

ASKER

Thanks, yeah the hard drive is what we are going for so that we can scan laptops :)  Thanks again I appreciate it, I'll give this a shot!
Avatar of urobins
urobins

ASKER

OMGang was very helpful and polite the whole time, he really helped me to understand what I was doing.  thanks!  Excellent Expert!
Avatar of urobins
urobins

ASKER

Thanks this worked great with a few mods it does exactly what i need!
Avatar of omgang
omgang
Flag of United States of America image
Thank you!
OM Gang