def main(cb, args): sensor_id = int(args.get('sensorid')) lrh = LiveResponseHelper(cb, sensor_id) lrh.start() # THIS COULD EASILY BE TURNED INTO A LOOP SO THAT YOU CONTINUOUSLY POLL FOR A SPECIFIC PROCESS AND KILL IT processes = lrh.process_list() for process in processes: path = process.get('path') if path.lower().endswith('iexplore.exe'): lrh.kill(process.get('pid')) print "Killed: %s|%s|%s" % (process.get('path'), process.get('command_line', ''), process.get('username', '')) lrh.stop()
def main(cb, args): filepath = args.get('filepath') sensor_id = int(args.get('sensorid')) lrh = LiveResponseHelper(cb, sensor_id) lrh.start() print "[*] Attempting to delete file: %s" % filepath results = lrh.del_file(filepath) print "\n[+] Results:\n============" for i in results: print i + ' = ' + str(results[i]) lrh.stop()
def main(cb, args): lfile = args.get('lfile') rfile = args.get('rfile') sensor_id = int(args.get('sensorid')) lrh = LiveResponseHelper(cb, sensor_id) lrh.start() print "[*] Attempting to upload file: %s" % lfile results = lrh.put_file(rfile, lfile) print "\n[+] Results:\n============" for i in results: print i + ' = ' + str(results[i]) lrh.stop()
def main(cb, args): sensor_id = int(args.get("sensorid")) lrh = LiveResponseHelper(cb, sensor_id) lrh.start() # THIS COULD EASILY BE TURNED INTO A LOOP SO THAT YOU CONTINUOUSLY POLL FOR A SPECIFIC PROCESS AND KILL IT processes = lrh.process_list() for process in processes: path = process.get("path") if path.lower().endswith("iexplore.exe"): lrh.kill(process.get("pid")) print "Killed: %s|%s|%s" % ( process.get("path"), process.get("command_line", ""), process.get("username", ""), ) lrh.stop()
def LRcollection(self, host): 'prints to console & Performs Live Response for a system- accepts\ target hostname as argument. checks online status and if online\ pushes collection script and attempts to execute lr.exe on host' lfile = 'lr.exe' rfile = 'C:\lr.exe' sensor_id = host lrh = LiveResponseHelper(self.cbConnection, sensor_id) lrh.start() print "[*] Attempting to upload file: %s" % lfile results = lrh.put_file(rfile, lfile) print "\n[+] Results:\n============" for i in results: print i + ' = ' + str(results[i]) print "attempting to execute %s" % rfile print lrh.execute("C:\lr.exe -y -gm2") time.sleep(7) print "attempting to execute bat script" print lrh.execute("""C:\lr\\tr3-collect.bat SC-31148 C 4 AKIAI3RI4ODHYKG5NOBA LZ+x53B9gGUbbycvzg2fIgx63VI9/URO4ZXx+aXK p@ssw0rd""") for process in lrh.process_list(): print process['pid'] print process['command_line'] print process['path'] lrh.stop()