def main(cb, args):
filepath = args.get('filepath')
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
print "[*] Attempting to delete file: %s" % filepath
results = lrh.del_file(filepath)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
lrh.stop()
def main(cb, args):
lfile = args.get('lfile')
rfile = args.get('rfile')
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
print "[*] Attempting to upload file: %s" % lfile
results = lrh.put_file(rfile, lfile)
print "\n[+] Results:\n============"
for i in results:
print i + ' = ' + str(results[i])
lrh.stop()
def main(cb, args):
sensor_id = int(args.get('sensorid'))
lrh = LiveResponseHelper(cb, sensor_id)
lrh.start()
# THIS COULD EASILY BE TURNED INTO A LOOP SO THAT YOU CONTINUOUSLY POLL FOR A SPECIFIC PROCESS AND KILL IT
processes = lrh.process_list()
for process in processes:
path = process.get('path')
if path.lower().endswith('iexplore.exe'):
lrh.kill(process.get('pid'))
print "Killed: %s|%s|%s" % (process.get('path'),
process.get('command_line', ''),
process.get('username', ''))
lrh.stop()