def main(cb, args):
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
# THIS COULD EASILY BE TURNED INTO A LOOP SO THAT YOU CONTINUOUSLY POLL FOR A SPECIFIC PROCESS AND KILL IT
processes = lrh.process_list()
for process in processes:
path = process.get('path')
if path.lower().endswith('iexplore.exe'):
lrh.kill(process.get('pid'))
print "Killed: %s|%s|%s" % (process.get('path'),
process.get('command_line', ''),
process.get('username', ''))
lrh.stop()
def main(cb, args):
filepath = args.get('filepath')
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
print "[*] Attempting to delete file: %s" % filepath
results = lrh.del_file(filepath)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
lrh.stop()
def main(cb, args):
lfile = args.get('lfile')
rfile = args.get('rfile')
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
print "[*] Attempting to upload file: %s" % lfile
results = lrh.put_file(rfile, lfile)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
lrh.stop()
def main(cb, args):
sensor_id = int(args.get("sensorid"))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
# THIS COULD EASILY BE TURNED INTO A LOOP SO THAT YOU CONTINUOUSLY POLL FOR A SPECIFIC PROCESS AND KILL IT
processes = lrh.process_list()
for process in processes:
path = process.get("path")
if path.lower().endswith("iexplore.exe"):
lrh.kill(process.get("pid"))
print "Killed: %s|%s|%s" % (
process.get("path"),
process.get("command_line", ""),
process.get("username", ""),
)
lrh.stop()
def main(cb, args):
filepath = args.get('filepath')
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
print "[*] Attempting to delete file: %s" % filepath
results = lrh.del_file(filepath)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
lrh.stop()
def main(cb, args):
lfile = args.get('lfile')
rfile = args.get('rfile')
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
print "[*] Attempting to upload file: %s" % lfile
results = lrh.put_file(rfile, lfile)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
lrh.stop()
def LRcollection(self, host):
'prints to console & Performs Live Response for a system- accepts\
target hostname as argument. checks online status and if online\
pushes collection script and attempts to execute lr.exe on host'
lfile = 'lr.exe'
rfile = 'C:\lr.exe'
sensor_id = host
lrh = LiveResponseHelper(self.cbConnection, sensor_id)
lrh.start()
print "[*] Attempting to upload file: %s" % lfile
results = lrh.put_file(rfile, lfile)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
print "attempting to execute %s" % rfile
print lrh.execute("C:\lr.exe -y -gm2")
time.sleep(7)
print "attempting to execute bat script"
print lrh.execute("""C:\lr\\tr3-collect.bat SC-31148 C 4 AKIAI3RI4ODHYKG5NOBA LZ+x53B9gGUbbycvzg2fIgx63VI9/URO4ZXx+aXK p@ssw0rd""")
for process in lrh.process_list():
print process['pid']
print process['command_line']
print process['path']
lrh.stop()
