def process_kill( pid ): # Instance a Process object. process = Process( pid ) # Kill the process. process.kill()
def kill_cryptolocker( pname, pid ): # Instance a Process object. process = Process( pid ) # Kill the process. process.kill() proc = "(" + pname + ":" + str(gpid) + ")" if turkish: txt = u"[*] Cryptolocker işlemcisi durduruldu! " + proc log(txt) print u"[*] Cryptolocker işlemcisi durduruldu! " + proc else: txt = "[*] Terminated Cryptolocker process! " + proc log(txt) print "[*] Terminated Cryptolocker process! " + proc if root.state() != "normal": os.system(filename) sys.exit(1)
mdlog.print_console(mdlog.INFO_LEVEL,"[*] Enumerating suspicious Reverse_Process") for proc in suspicious_veil_procList: try: print "Suspicious %d",proc.pid if (proc.pid not in inScopeList): traceFlag = find_meterpreter_trace(proc.pid,VEIL_MEMORY_TRACE_LINE_LIMIT) except Exception,e: mdlog.print_console(mdlog.ERROR_LEVEL,("[-] Error in tracing " + str(e))) time.sleep(3) #sleep for another access if (traceFlag): try: mdlog.print_console(mdlog.INFO_LEVEL,"[*] kill suspicious reverse_https_Meterpreter " + str(proc.pid) + " " + str(proc.name) + " " + str(proc.connections())) vprocess = Process(proc.pid) # Kill the process. vprocess.kill() time.sleep(2) #sleep for smooth debugger console except Exception,e: mdlog.print_console(mdlog.ERROR_LEVEL,("[-] Error in suspicious reverse_http managing " + str(e))) mdlog.print_console(mdlog.INFO_LEVEL,"[*] Enumerating CMD_Process") est_pids = retrieve_ps_id(est_conn_procList) for proc in cmd_procList: pid = proc.pid parent_pid = proc.ppid() if (parent_pid in est_pids and (proc.pid not in inScopeList)): print proc.pid, proc.name, proc.connections() try: mdlog.print_console(mdlog.INFO_LEVEL,"[*] shell " + str(proc.pid) + " " + str(proc.name) + " " + str(proc.connections())) myhandler = md_shell.hook_handler()
def main(argv): script = os.path.basename(argv[0]) params = argv[1:] print "Process killer" print "by Mario Vilas (mvilas at gmail.com)" print if len(params) == 0 or '-h' in params or '--help' in params or \ '/?' in params: print "Usage:" print " %s <process ID or name> [process ID or name...]" print print "If a process name is given instead of an ID all matching processes are killed." exit() # Scan for active processes. # This is needed both to translate names to IDs, and to validate the user-supplied IDs. s = System() s.request_debug_privileges() s.scan_processes() # Parse the command line. # Each ID is validated against the list of active processes. # Each name is translated to an ID. # On error, the program stops before killing any process at all. targets = set() for token in params: try: pid = HexInput.integer(token) except ValueError: pid = None if pid is None: matched = s.find_processes_by_filename(token) if not matched: print "Error: process not found: %s" % token exit() for (process, name) in matched: targets.add(process.get_pid()) else: if not s.has_process(pid): print "Error: process not found: 0x%x (%d)" % (pid, pid) exit() targets.add(pid) targets = list(targets) targets.sort() count = 0 # Try to terminate the processes using the TerminateProcess() API. next_targets = list() for pid in targets: next_targets.append(pid) try: # Note we don't really need to call open_handle and close_handle, # but it's good to know exactly which API call it was that failed. process = Process(pid) process.open_handle() try: process.kill(-1) next_targets.pop() count += 1 print "Terminated process %d" % pid try: process.close_handle() except WindowsError, e: print "Warning: call to CloseHandle() failed: %s" % str(e) except WindowsError, e: print "Warning: call to TerminateProcess() failed: %s" % str(e) except WindowsError, e: print "Warning: call to OpenProcess() failed: %s" % str(e)
def main(argv): script = os.path.basename(argv[0]) params = argv[1:] print "Process killer" print "by Mario Vilas (mvilas at gmail.com)" print if len(params) == 0 or '-h' in params or '--help' in params or \ '/?' in params: print "Usage:" print " %s <process ID or name> [process ID or name...]" % script print print "If a process name is given instead of an ID all matching processes are killed." exit() # Scan for active processes. # This is needed both to translate names to IDs, and to validate the user-supplied IDs. s = System() s.request_debug_privileges() s.scan_processes() # Parse the command line. # Each ID is validated against the list of active processes. # Each name is translated to an ID. # On error, the program stops before killing any process at all. targets = set() for token in params: try: pid = HexInput.integer(token) except ValueError: pid = None if pid is None: matched = s.find_processes_by_filename(token) if not matched: print "Error: process not found: %s" % token exit() for (process, name) in matched: targets.add(process.get_pid()) else: if not s.has_process(pid): print "Error: process not found: 0x%x (%d)" % (pid, pid) exit() targets.add(pid) targets = list(targets) targets.sort() count = 0 # Try to terminate the processes using the TerminateProcess() API. next_targets = list() for pid in targets: next_targets.append(pid) try: # Note we don't really need to call open_handle and close_handle, # but it's good to know exactly which API call it was that failed. process = Process(pid) process.open_handle() try: process.kill(-1) next_targets.pop() count += 1 print "Terminated process %d" % pid try: process.close_handle() except WindowsError, e: print "Warning: call to CloseHandle() failed: %s" % str(e) except WindowsError, e: print "Warning: call to TerminateProcess() failed: %s" % str(e) except WindowsError, e: print "Warning: call to OpenProcess() failed: %s" % str(e)
def stoping_process(pid): process = Process(pid) process.kill() print "Kill process"
proc.pid, VEIL_MEMORY_TRACE_LINE_LIMIT) except Exception, e: mdlog.print_console(mdlog.ERROR_LEVEL, ("[-] Error in tracing " + str(e))) time.sleep(3) #sleep for another access if (traceFlag): try: mdlog.print_console( mdlog.INFO_LEVEL, "[*] kill suspicious reverse_https_Meterpreter " + str(proc.pid) + " " + str(proc.name) + " " + str(proc.connections())) vprocess = Process(proc.pid) # Kill the process. vprocess.kill() time.sleep(2) #sleep for smooth debugger console except Exception, e: mdlog.print_console( mdlog.ERROR_LEVEL, ("[-] Error in suspicious reverse_http managing " + str(e))) mdlog.print_console(mdlog.INFO_LEVEL, "[*] Enumerating CMD_Process") est_pids = retrieve_ps_id(est_conn_procList) for proc in cmd_procList: pid = proc.pid parent_pid = proc.ppid() if (parent_pid in est_pids and (proc.pid not in inScopeList)): print proc.pid, proc.name, proc.connections()
def process_kill(pid): process = Process(pid) print process.get_command_line() process.kill()
def kill_processes(current_process): sp = Process(proc_id) sp.kill(0) current_process.kill(0)
def main(argv): script = os.path.basename(argv[0]) params = argv[1:] print("Process killer") print("by Mario Vilas (mvilas at gmail.com)") print if len(params) == 0 or '-h' in params or '--help' in params or \ '/?' in params: print("Usage:") print(" %s <process ID or name> [process ID or name...]" % script) print print( "If a process name is given instead of an ID all matching processes are killed." ) exit() # Scan for active processes. # This is needed both to translate names to IDs, and to validate the user-supplied IDs. s = System() s.request_debug_privileges() s.scan_processes() # Parse the command line. # Each ID is validated against the list of active processes. # Each name is translated to an ID. # On error, the program stops before killing any process at all. targets = set() for token in params: try: pid = HexInput.integer(token) except ValueError: pid = None if pid is None: matched = s.find_processes_by_filename(token) if not matched: print("Error: process not found: %s" % token) exit() for (process, name) in matched: targets.add(process.get_pid()) else: if not s.has_process(pid): print("Error: process not found: 0x%x (%d)" % (pid, pid)) exit() targets.add(pid) targets = list(targets) targets.sort() count = 0 # Try to terminate the processes using the TerminateProcess() API. next_targets = list() for pid in targets: next_targets.append(pid) try: # Note we don't really need to call open_handle and close_handle, # but it's good to know exactly which API call it was that failed. process = Process(pid) process.open_handle() try: process.kill(-1) next_targets.pop() count += 1 print("Terminated process %d" % pid) try: process.close_handle() except WindowsError as e: print("Warning: call to CloseHandle() failed: %s" % str(e)) except WindowsError as e: print("Warning: call to TerminateProcess() failed: %s" % str(e)) except WindowsError as e: print("Warning: call to OpenProcess() failed: %s" % str(e)) targets = next_targets # Try to terminate processes by injecting a call to ExitProcess(). next_targets = list() for pid in targets: next_targets.append(pid) try: process = Process(pid) process.scan_modules() try: module = process.get_module_by_name('kernel32') pExitProcess = module.resolve('ExitProcess') try: process.start_thread(pExitProcess, -1) next_targets.pop() count += 1 print("Forced process %d exit" % pid) except WindowsError as e: print( "Warning: call to CreateRemoteThread() failed %d: %s" % (pid, str(e))) except WindowsError as e: print( "Warning: resolving address of ExitProcess() failed %d: %s" % (pid, str(e))) except WindowsError as e: print("Warning: scanning for loaded modules failed %d: %s" % (pid, str(e))) targets = next_targets # Attach to every process. # print(a message on error, but don't stop.) next_targets = list() for pid in targets: try: win32.DebugActiveProcess(pid) count += 1 print("Attached to process %d" % pid) except WindowsError as e: next_targets.append(pid) print("Warning: error attaching to %d: %s" % (pid, str(e))) targets = next_targets # Try to call the DebugSetProcessKillOnExit() API. # # Since it's defined only for Windows XP and above, # on earlier versions we just ignore the error, # since the default behavior on those platforms is # already what we wanted. # # This must be done after attaching to at least one process. # # http://msdn.microsoft.com/en-us/library/ms679307(VS.85).aspx try: win32.DebugSetProcessKillOnExit(True) except AttributeError: pass except WindowsError as e: print("Warning: call to DebugSetProcessKillOnExit() failed: %s" % str(e)) if count == 0: print("Failed! No process was killed.") elif count == 1: print("Successfully killed 1 process.") else: print("Successfully killed %d processes." % count) # Exit the current thread. # This will kill all the processes we have attached to. exit()
def pre_Sleep(self, event, ra, dwMilliseconds): process = Process(event.get_pid()) self.extract_quant_payload(process) process.kill()