SPOT Windows Survey Script

SPOT is a program that is designed to conduct a remote "reconnaissance" survey of a Windows Operating System host. SPOT does not require any additional user arguments.

SPOT is designed to be compact and run without the knowledge of any remote user. As such, SPOT will only run commands that natively exists on the particular operating system. When run, SPOT will determine the specific Windows Operating System and then run a series of commands that are on that particular O/S to enumerate various configurations and settings.

SPOT will output the results into a XOR'd file located at c:\windows\system32\stdolecat.tlb. This file should then be downloaded and decoded using the spot_decrypt.exe tool

 USAGE

To run spot, simply invoke the tool name on the command line:

Syntax: spot.exe

 SPOT DECRYPT

SPOT output is XOR'd, to decode, use the spot_decode.exe tool. The file to decode must be located in the same directory as the decode executable.

Syntax: spot_decode.exe stdolecat.tlb

The output will be a file named DEC_stdolecat.tlb and can be read in any ASCII reader.

Survey Categories

 Anti Virus Detection

Since SPOT uses only native commands, Anti Virus products should treat this tool as benign and not alert the user.

  SPOT Design and Code Section

SPOT is written in C++ and has been optimized for building via Visual Studio 6.

SPOT is modular, besides the standard header and c code files, SPOT utilizes several ASCII textual batch files to do its thing. Each Operating System has a separate associated file that has various batch commands that will run native commands for that particular system. The newer O/S's have greater survey capabilities due to the inclusion of reg.exe and other programs natively. Older systems such as Windows 2000 are more limited in their capabilities. To add or remove a command for a particular O/S, just modify that particular .txt file.

The scripts are then wrapped up in the code at compile time, allowing a single executable to do the work for us.