The GatherNetworkinfo.vbs Script

I recently read the whitepaper“Using Windows Script Host and COM to Hack Windows” that is mentioning the GatherNetworkinfo.vbs script I hadn’t paid attention to yet. The gathernetworkinfo.vbs script comes by default with every Windows 7 installation and is located within the C:\Windows\System32\ folder.

The script does collect various networking information about the Windows 7 system and its configuration and dumps the information into the C:\Windows\System32\Config folder.

On a system where the script hasn’t been executed yet the Config folder looks as following:

2011-06-20 21h42_17

Now open a command prompt with elevated rights and run cscript c:\windows\system32\gathernetworkinfo.vbs When the script has completed you will see that additional files have been added to the Config folder.

2011-06-20 21h47_28

The structure of the script is quite easy to understand. Within the first part of the script all functions are defined, the second part defines the output file names and the last part actually calls the individual data collection functions including the output file parameter.

The script is also defined within a scheduled task called Nettrace which is not scheduled to run automatically.

2011-06-20 21h57_23

3 thoughts on “The GatherNetworkinfo.vbs Script

  1. Hello Alex,
    I’m really glad that you published the informations I was looking for. Thank you.
    When I was investigating my system I found the script gathernetworkinfo.vbs. Though I’m not familiar with .vbs I could follow your explanations very good.
    However, what I find really strange is, that it’s obviously not a script common users run and that it’s not clear who the informations uses in case it’s executed.
    The scheduled task is implemented but never will be executed by default and there aren’t plenty informations about the script.

    Do you have an idea who the script uses or what it’s basically good for? Of course, the informations might be very helpful, so in general it’s good script.

    Thank you in advance,

    Chris

  2. At first i thought it was a freaking malware, but upon opening it and inspecting its contents it looked quite harmless but gathering network info through a vbs seemed like i had been hacked, so i looked it up, turns out it was a safe microsoft file that comes with windows 7, how unprofessional of Microsoft!

  3. GatherNetworkinfo.vbs is defined by default in Task Scheduler.

    Go to Administrative Tools -> Task Scheduler and drill down the Task Scheduler Library -> Microsoft -> Windows -> NetTrace and there it is ready to execute and enabled for running.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Spam Protection by WP-SpamFree