Авторизация 
Verdict: A highly efficient, lightweight forensic tool for system administrators, but requires caution regarding security hygiene.
get-keys.bat is an automation tool for credential harvesting. It leverages native Windows utilities to find "keys"—whether they are registry keys, encryption keys, or literal passwords—minimizing the attacker's footprint by avoiding the need to download external malware.
If you have the specific code snippet, paste it here, and I can provide an exact line-by-line analysis of what that specific version does. get-keys.bat
@echo off
setlocal enabledelayedexpansion
rem Default patterns (uses PowerShell for regex)
set regex1=[A-Z0-9]5(-[A-Z0-9]5)4
set guid=\?[0-9A-Fa-f]8(-[0-9A-Fa-f]4)3-[0-9A-Fa-f]12\?
rem Parse args (simple)
set scanAll=1
set exportDir=
if "%1"==" /help" goto :help
rem Example: scan Program Files and AppData
echo Scanning common locations...
for %%D in ("%ProgramFiles%","%ProgramFiles(x86)%","%APPDATA%","%LOCALAPPDATA%") do (
if exist %%~D (
echo Searching %%~D
powershell -NoProfile -Command ^
"Get-ChildItem -Path '%%~D' -Recurse -ErrorAction SilentlyContinue -Include *.txt,*.ini,*.conf,*.xml,*.lic | `
Select-String -Pattern '%regex1%','%guid%' -AllMatches | `
ForEach-Object ForEach-Object $_.Value ) "
)
)
rem Example registry read (best-effort; non-destructive)
echo Checking registry for common keys...
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v DigitalProductId >nul 2>&1
if %errorlevel%==0 (
echo Found DigitalProductId key (binary) — decoding not implemented in this script.
)
echo Done.
endlocal
goto :eof
:help
echo Usage: get-keys.bat [/scanall] [/files:<paths>] [/regex:<pattern>] [/export:<folder>] [/quiet]
goto :eof
Notes:
While the specific code varies, these scripts generally follow a "living off the land" philosophy, using built-in Windows tools to find data. Verdict: A highly efficient, lightweight forensic tool for
Possible reasons:
This is a community-vetted, safe script that attempts three methods and displays the result clearly. get-keys
@echo off title Product Key Retrieval Tool color 0A echo ============================================== echo get-keys.bat - Product Key Finder echo ============================================== echo.:: Method 1: Check for BIOS OEM Key (Modern PCs) echo [1] Checking UEFI/BIOS for embedded key... for /f "tokens=*" %%a in ('wmic path SoftwareLicensingService get OA3xOriginalProductKey /value') do call set %%a >nul 2>&1 if defined OA3xOriginalProductKey ( echo [+] BIOS Embedded Key Found: %OA3xOriginalProductKey% echo. ) else ( echo [-] No BIOS embedded key found. echo. )
:: Method 2: Try PowerShell Method echo [2] Attempting PowerShell extraction... powershell -command "Get-WmiObject -Class SoftwareLicensingService | Select-Object -Property OA3xOriginalProductKey" > "%temp%\pskey.txt" 2>nul findstr /C:"-" "%temp%\pskey.txt" >nul if %errorlevel% equ 0 ( echo [+] PowerShell Extraction Successful: type "%temp%\pskey.txt" | findstr /V "OA3xOriginalProductKey" ) else ( echo [-] PowerShell method failed. ) del "%temp%\pskey.txt" 2>nul echo.
:: Method 3: Registry Fallback (Requires Decoder) echo [3] Checking Registry (Decoding may take a moment)... echo [+] Creating temporary decoder... echo Set WshShell = CreateObject("WScript.Shell") > "%temp%\keydecode.vbs" echo MsgBox ConvertToKey(WshShell.RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId")) >> "%temp%\keydecode.vbs" echo Function ConvertToKey(Key) >> "%temp%\keydecode.vbs" echo Const KeyOffset = 52 >> "%temp%\keydecode.vbs" echo i = 28 >> "%temp%\keydecode.vbs" echo Chars = "BCDFGHJKMPQRTVWXY2346789" >> "%temp%\keydecode.vbs" echo Do >> "%temp%\keydecode.vbs" echo Cur = 0 >> "%temp%\keydecode.vbs" echo x = 14 >> "%temp%\keydecode.vbs" echo Do >> "%temp%\keydecode.vbs" echo Cur = Cur * 256 >> "%temp%\keydecode.vbs" echo Cur = Key(x + KeyOffset) + Cur >> "%temp%\keydecode.vbs" echo Key(x + KeyOffset) = (Cur \ 24) And 255 >> "%temp%\keydecode.vbs" echo Cur = Cur Mod 24 >> "%temp%\keydecode.vbs" echo x = x -1 >> "%temp%\keydecode.vbs" echo Loop While x ^>= 0 >> "%temp%\keydecode.vbs" echo i = i -1 >> "%temp%\keydecode.vbs" echo KeyOutput = Mid(Chars, Cur + 1, 1) ^& KeyOutput >> "%temp%\keydecode.vbs" echo If (((29 - i) Mod 6) = 0) And (i ^<> -1) Then >> "%temp%\keydecode.vbs" echo i = i -1 >> "%temp%\keydecode.vbs" echo KeyOutput = "-" ^& KeyOutput >> "%temp%\keydecode.vbs" echo End If >> "%temp%\keydecode.vbs" echo Loop While i ^>= 0 >> "%temp%\keydecode.vbs" echo ConvertToKey = KeyOutput >> "%temp%\keydecode.vbs" echo End Function >> "%temp%\keydecode.vbs" cscript //nologo "%temp%\keydecode.vbs" del "%temp%\keydecode.vbs" 2>nul echo. echo ============================================== echo Script completed. Press any key to exit. pause >nul