Enumerating the If... Then: Scripts

Friday, February 20, 2009

batch: remote command prompt with the quickness

Tested.
In use at work.

tini.exe, from ntsecurity.nu, is a telnet server that is a remote command prompt.

Embedded in this script is starting and stopping a process remotely using wmic.


@echo off

:BOF
cls
set /p targethost=Target host:

if [%targethost%] == [] GOTO YOUSTUPID
pause

copy tini.exe \\%targethost%\c$\windows\system32\
WMIC /node:"%targethost%" PROCESS CALL Create "c:\windows\system32\tini.exe"

echo.
echo.

echo In new window, hit enter.
echo.

start "Tiny interactive network telnet" telnet %targethost% 7777

echo To kill remote command prompt...
pause

WMIC /node:"%targethost%" PROCESS where name="tini.exe" CALL Terminate 0

goto EOF


:YOUSTUPID

echo.
echo You must enter a target host
pause
goto BOF

posted by matt at 12:00 PM | 0 comments

Monday, February 02, 2009

python: TrendMicro Updater + drive scanner + report emailer

Tested.
In use at work.

import urllib, sys, zipfile, time, os, subprocess


def main():
    WebPageToSearch = "http://www.trendmicro.com/download/viruspattern.asp"
    ToFind_start = "http://www.trendmicro.com/ftp/products/pattern/lpt"
    ToFind_end = ".zip"

    LocalVirusDefPath = r"C:\Program Files\Trend Micro\Client Server Security Agent" + "\\"

    AntiVirusExec = r"C:\Program Files\Trend Micro\Client Server Security Agent\vscanwin32.com"

    AntiVirusArgs = ["/S","/C","/Q","/LD"]

    AntiVirusDriveToScan = ["d:"]

    if os.path.exists("detect.log"):
        os.remove("detect.log")

    TrendMicroDefURL = urllib.urlopen(WebPageToSearch).read()

    VirusDefURL = ""
    for i in range(TrendMicroDefURL.find(ToFind_start),TrendMicroDefURL.find(ToFind_end) + 4):
            VirusDefURL = VirusDefURL + TrendMicroDefURL[i]


    #http://www.trendmicro.com/ftp/products/pattern/lpt795.zip
    Filename = VirusDefURL.split("/")
    Filename = Filename[len(Filename)-1]
    LocalPath = LocalVirusDefPath + Filename

    if os.path.exists(LocalVirusDefPath + Filename):
        print "File exists: " + LocalVirusDefPath + Filename
    else:
        print "Retriving " + VirusDefURL + " to " + LocalPath + "..."
        urllib.urlretrieve(VirusDefURL, LocalPath)

    DefFile = LocalVirusDefPath + "lpt$vpn." + Filename[3:Filename.find(".zip")]

    if os.path.exists(DefFile):
        print "File exists: " + DefFile
    else:
        print "Extracting..."
        zipFile = zipfile.ZipFile(LocalPath, 'r')
        zipFile.extractall(LocalVirusDefPath)
        for name in zipFile.namelist():
            print name

        zipFile = None
##        os.remove(DefFile)

    for drive in AntiVirusDriveToScan:
        print "Performing virus scan on the " + drive + " drive..."
        cmd = [AntiVirusExec, AntiVirusArgs, drive]
        procexec = subprocess.Popen( cmd )


    TaskListCheck( "vscanwin32", True )
    EnumerateFile ( "detect.log" )
    print "Report will be emailed to email@domain.com"


def TaskListCheck( passSearchStr, ShallIWait ):
    cmd = r"c:\windows\system32\tasklist.exe"
    TaskListCheck = True

    if ShallIWait == True:
        while TaskListCheck:
            procexec = subprocess.Popen ( cmd, stdout=subprocess.PIPE, universal_newlines=True)
            stdout_value = (procexec.communicate()[0]).lower()
            if stdout_value.find(passSearchStr) > 0:
                print passSearchStr + " found."
                time.sleep(5)
            else:
                TaskListCheck = False
    else:
        procexec = subprocess.Popen ( cmd, stdout=subprocess.PIPE, universal_newlines=True)
        stdout_value = (procexec.communicate()[0]).lower()
        if stdout_value.find(passSearchStr) > 0:
            TaskListCheck = True
        else:
            TaskListCheck = False

def EnumerateFile( passFileName ):
    objFile = open ( passFileName )

    MailMsg = "Scan completed.  The following is a list of infected files:/n"

    for line in objFile:
        MailMsg = MailMsg + line
    objFile.close

    from socket import gethostname
    Mailer( "email@domain.com", "email@domain.com", "Virus Scan Results for " + gethostname(), MailMsg)


def Mailer( passFromAddr, passToAddr, passSubject, passMessage ):

    import smtplib

    FROM = passFromAddr
    TO = passToAddr
    SUBJECT = passSubject
    TEXT = passMessage

    message = "From: %s\r\nTo: %s\r\nSubject: %s\r\n\r\n %s" % (FROM, TO, SUBJECT, TEXT)

    server = smtplib.SMTP( "www.domain.com" )
    errStatus = server.sendmail(FROM, TO, message)
    for errorItem in errStatus:
        print ""
        print "SMTP Error: " + errorItem
    server.quit()
    return

main()

posted by matt at 2:50 PM | 0 comments