def run(self, session: CbLRSessionBase):
"""
Execute the file transfer.
Args:
session (CbLRSessionBase): The Live Response session being used.
Returns:
File content
"""
if "{WILDMATCH}" in self._file_path:
# split on "{WILDMATCH}" and search for the first match to collect
from cbinterface.helpers import get_os_independent_filepath
file_path_parts = [self.fill_placeholders(fpp) for fpp in self._file_path.split("{WILDMATCH}")]
dir_path = get_os_independent_filepath(file_path_parts[0]).parent
dir_path = f"{dir_path}\\" if "\\" in str(dir_path) else f"{dir_path}/"
LOGGER.info(f"attempting to find item at '{dir_path}' like {file_path_parts}")
for item in session.list_directory(dir_path):
if item["attributes"] == "DIRECTORY":
continue
if [part for part in file_path_parts if part in item["filename"]]:
LOGGER.info(f"found potential match: {item['filename']}")
self._file_path = f"{dir_path}{item['filename']}"
break
self._file_path = self.fill_placeholders(self._file_path)
return session.get_raw_file(self._file_path)
def run(self, session: CbLRSessionBase):
from cbinterface.helpers import get_os_independent_filepath
for process in session.list_processes():
filepath = get_os_independent_filepath(process["path"])
if self.pname.lower() in filepath.name.lower():
LOGGER.info(f"found process to kill: {process['path']} - pid={process['pid']}")
self.nested_commands[process["pid"]] = session.kill_process(process["pid"])
return True
def run(self, session: CbLRSessionBase):
self._command_string = self.fill_placeholders(self._command_string)
self.start_time = time.time()
session.create_process(
self._command_string,
wait_for_output=self.wait_for_output,
remote_output_file_name=self.remote_output_file_name,
working_directory=self.working_directory,
wait_timeout=self.wait_timeout,
wait_for_completion=self.wait_for_completion,
)
self.elapsed_time = timedelta(seconds=(time.time() - self.start_time))
def run(self, session: CbLRSessionBase):
self.sensor_write_filepath = self.fill_placeholders(self.sensor_write_filepath)
try:
with open(self.local_filepath, "rb") as fp:
data = fp.read()
return session.put_file(data, self.sensor_write_filepath)
except Exception as e:
LOGGER.error(f"couldn't put file: {e}")
return False
def run(self, session: CbLRSessionBase):
# store a pointer to the CbR object for later
self._cb = session._cb
if not self.local_filename:
self.local_filename = f"{self.sensor_id}_{self.hostname}.cb.memdump"
if self.compress:
self.local_filename += ".zip"
dump_object = session.start_memdump(compress=self.compress)
self._memdump_id = dump_object.memdump_id
dump_object.wait()
dump_object.get(local_filename)
dump_object.delete()
def run(self, session: CbLRSessionBase):
from cbinterface.helpers import get_os_independent_filepath
from cbinterface.response.sessions import CustomLiveResponseSessionManager
self.local_session_manager = CustomLiveResponseSessionManager(session._cb)
for process in session.list_processes():
filepath = get_os_independent_filepath(process["path"])
if self.pname in filepath.name:
LOGGER.info(f"found process to kill: {process['path']} - pid={process['pid']}")
cmd = KillProcessByID(process["pid"])
self.local_session_manager.submit_command(cmd, self.sensor_id)
return True
def run(self, session: CbLRSessionBase):
return session.delete_registry_key(self.regkey)
def run(self, session: CbLRSessionBase):
return session.kill_process(self.pid)
def run(self, session: CbLRSessionBase):
return session.delete_file(self._file_path)
def run(self, session: CbLRSessionBase):
return session.get_registry_value(self.regkeyvalue)
def run(self, session: CbLRSessionBase):
return session.list_registry_keys(self.regkeypath)
def run(self, session: CbLRSessionBase):
return session.walk(self.dir_path, followlinks=self.followlinks)
def run(self, session: CbLRSessionBase):
return session.list_directory(self.dir_path)
def run(self, session: CbLRSessionBase):
return session.list_processes()