Sign in to follow this  
Followers 0
nyinyara

Replacing Hosts File

10 posts in this topic

Hi,

I'm pretty new here and pretty new in AutoIT. I'm testing droppers / trojans they allways edit my hosts file. I'm looking for a simple, understable script which download a hosts file from www.examplesite.abc/download/hosts (the hosts file) and copy to %windirr%system32/drivers/etc

Can anyone help me ?

Thanks,

Share this post


Link to post
Share on other sites



nyinyara,

Welcome to the AutoIt forum. :)

But please pay attention to where you post - this thread is in the "Examples" section which very clearly states "This is NOT a general support forum!". I will move it for you but do take more care in future. ;)

I would also like a little more info on your "testing droppers / trojans" remark - what exactly do you mean by this? Please read the Forum rules (link at bottom right of each page) and make sure you follow them while you are here. :)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Oh, really sorry thats my bad.

Me and some of my friends fighting against warez and botnets, rats, keyloggers etc in Hungary (Central Europe). We disassembling trojans to find where they are redirect and we report them to the dns providers.

We have some test PC's and sometimes its get infected, Its a really new project and some of our coders are really busy they have family, job, hobbies, etc. And they are dont have any experience in AutoIt (I'm try to learning it) thats why I ask some help here.

To backup hosts file everytime is a kind of time waste.

Cheers,

(Sorry for my bad english, its not my native language)

Share this post


Link to post
Share on other sites

Have you thought of using virtual machines instead? That way if something gets changed, all you have to do is restore from a snapshot. It's much easier than trying to clean it after it's been infected in any way.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

My problem with virtual machines is : a lot ot trojan detect it and then they won't run perfectly.

So to edit hosts files manually on more than 15 pc is really uncomfortable.

Can some one help me ?

Thanks.

Edit: And they are mostly old pc's (Pentium 3) they not enough strength to run virtual machine.

Edited by nyinyara

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

MsgBox(-1,"hostfile", "copy hosts on the desktop to the etc folder")
inetget("http://winhelp2002.mvps.org/hosts.txt", @DesktopDir & "/hosts", 1)
ShellExecute("c:\windows\system32\drivers\etc")
ShellExecute("notepad", @DesktopDir & "/hosts")

Edited by pcjunki

Share this post


Link to post
Share on other sites

MsgBox(-1,"hostfile", "copy hosts on the desktop to the etc folder")
inetget("http://winhelp2002.mvps.org/hosts.txt", @DesktopDir & "/hosts", 1)
ShellExecute("c:\windows\system32\drivers\etc")
ShellExecute("notepad", @DesktopDir & "/hosts")

That isn't copying.

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Yes, Its just download the hosts file to my desktop,

So,

MsgBox(-1,"hostfile", "copy hosts on the desktop to the etc folder")

inetget("http://winhelp2002.mvps.org/hosts.txt", @DesktopDir & "/hosts", 1)

FileCopy(@DesktopDir & "/hosts", "C:\Windows\System32\driversetc", 1)

Is it correct ? And it will overwrite the hosts file ?

Edited by nyinyara

Share this post


Link to post
Share on other sites

You can try and download it directly to the destination folder instead of using FileCopy after it's finished. With Xp there shouldn't be much in the way of security issues.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Oh, holy Its working perfectly on Windows XP - thanks for everyone who gave me some help.

Respect For You Guys!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0