Jump to content

[Solved] FileFindNextFile grabbing unintended file

EmilyLove

By EmilyLove,
in AutoIt General Help and Support

 Share

Recommended Posts

EmilyLove Universalist

EmilyLove

Posted
  • Author
Posted

I'll keep it in my toolkit for now. Unfortunately, I still meet people that use Windows XP. Makes me scream. I explain to them how vulnerable they are. I show them the AT admin trick. (if you don't know, on Windows XP machines, you can run At.exe in command line to schedule a system level command prompt. This works even as a guest or limited user.)

 

 

Link to comment
Share on other sites
bloopie Seeker

bloopie

Posted
Posted
Quote

Unfortunately, I still meet people that use Windows XP. Makes me scream. I explain to them how vulnerable they are.

Yes indeed...we see plenty of people still running XP at BC, and it's really a shame just how many!

...Leaving CF in your toolkit is of course, your choice...but as an automated removal tool (such as AdwCleaner/JRT/Mbam (mbam missing from that toolkit??)), it's real potential is very limited.

I'm aware of the AT trick, however it's really unnecessary from a 'hackers' standpoint on an XP machine in the first place. ...Even novice hackers can usually gain system level access (if the service packs are not FULLY patched) through the ms08_067 vulnerability, and some others on Service Pack 3 as well!!...the whole OS has just been around for too long and way too widely used. There are vulnerabilities all over the place (java/FF/chrome/adobe...the list goes on and on).

Don't get me wrong, XP is probably hands-down the best OS that was ever made (judging by it's popularity, longevity, and user friendliness)!!! ....it's just...when you're around that long, nefarious people try to find the loopholes is all...and so they found PLENTY of them!

...Malware in the XP days was just so interesting, and served a great balance between understanding the infections, and fighting them...that's why I call them the good old days! :thumbsup: 

==========

Anyway, good work on that script you're using for the downloads! I'm not yet very knowledgeable on the .com objects either I'm sorry to say! :>

Best of luck to you!

bloopie

Malware Response Instructor @ BC

unite_orange.png

avatar_2159.gif

Link to comment
Share on other sites
EmilyLove Universalist

EmilyLove

Posted
  • Author
Posted
22 minutes ago, bloopie said:

Yes indeed...we see plenty of people still running XP at BC, and it's really a shame just how many!

...Leaving CF in your toolkit is of course, your choice...but as an automated removal tool (such as AdwCleaner/JRT/Mbam (mbam missing from that toolkit??)), it's real potential is very limited.

I'm aware of the AT trick, however it's really unnecessary from a 'hackers' standpoint on an XP machine in the first place. ...Even novice hackers can usually gain system level access (if the service packs are not FULLY patched) through the ms08_067 vulnerability, and some others on Service Pack 3 as well!!...the whole OS has just been around for too long and way too widely used. There are vulnerabilities all over the place (java/FF/chrome/adobe...the list goes on and on).

Don't get me wrong, XP is probably hands-down the best OS that was ever made (judging by it's popularity, longevity, and user friendliness)!!! ....it's just...when you're around that long, nefarious people try to find the loopholes is all...and so they found PLENTY of them!

...Malware in the XP days was just so interesting, and served a great balance between understanding the infections, and fighting them...that's why I call them the good old days! :thumbsup: 

==========

Anyway, good work on that script you're using for the downloads! I'm not yet very knowledgeable on the .com objects either I'm sorry to say! :>

Best of luck to you!

bloopie

6

Thanks. Can't help feeling a bit taunted by this. (I know this probably wasn't your intention.) Wanted to clarify I am using all of those tools and then some. Those urls I posted were the ones that used chrome to download in order to update them. The rest of them use inetget. Here is a full list of the tools I have in my toolkit.

7-Zip (for auto-updating)
AdwCleaner
CCleaner
ChipGenius (for USB flash drive repairs)
ClamWin
ComboFix
ESET Online Scanner
FRST
GoogleChrome (for auto updating and researching in a clean environment)
herdProtect
HijackThis
KasperskyTDSSKiller
Malwarebytes AntiMalware Chameleon
Malwarebytes AntiRootkit
Malwarebytes FileASSASSIN
Malwarebytes RegASSASSIN
Malwarebytes Junkware Removal Tool
Malwarebytes StartUpLite
McAfee Stinger
Microsoft Safety Scanner (use my custom AutoIt loader to download the latest version since it auto-expires after 7 days.)
Notepad++
Process Explorer
Process Monitor
RogueKiller
SFCFix
Spybot
Tor Browser (when chrome cannot get online) (Will auto update in a future release)
Update AV Tools (my AutoIt script that auto-updates all the tools on this list, except the ones that are auto-updated by PortableApps.com Platform, the flash drive repair tools, and Tor Browser)
VIPRERescue

I zipped them all up for you if you wanted to use my toolkit as well. Using the PortableApps Platform as a hub/menu to launch everything.
You can download the toolkit HERE.

P.S. What's on your toolkit that isn't on mine?

 

 

Link to comment
Share on other sites
bloopie Seeker

bloopie

Posted
Posted
Quote

Thanks. Can't help feeling a bit taunted by this. (I know this probably wasn't your intention.)

No, no no...please! That was not at all my intention! :( I'm very sorry if that's the way I came off! In fact, my intention was to maybe help you.

Although, it's getting very late here and I must be off to bed, I'll be in touch tomorrow evening. I hope you don't mind.

(Maybe we should move this to PM as we're way off topic anyway now?) You have my full apologies in any case! Have a good evening!

bloopie

Malware Response Instructor @ BC

unite_orange.png

avatar_2159.gif

Link to comment
Share on other sites
Danyfirex Universalist

Danyfirex

Posted
Posted

Hello. If you want to download using InetGet.

  

;~ "http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/"
;~ "http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/"
;~ "http://www.bleepingcomputer.com/download/combofix/dl/12/"
;~ "http://www.bleepingcomputer.com/download/adwcleaner/dl/125/"
;~ "http://go.vipreantivirus.com/?linkid=1605"
;~ "https://www.piriform.com/ccleaner/download/portable/downloadfile"


Local $sURL_FarbarRecoveryScan = "http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/"
Local $sURL_FarbarRecoveryScan2 = "http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/"
Local $sURL_ComboFix = "http://www.bleepingcomputer.com/download/combofix/dl/12/"
Local $sURL_AdwCleaner = "http://www.bleepingcomputer.com/download/adwcleaner/dl/125/"
Local $sURL_Vipre = "http://go.vipreantivirus.com/?linkid=1605"
Local $sURL_CCleaner = "https://www.piriform.com/ccleaner/download/portable/downloadfile"

ConsoleWrite(_GetBleepingcomputerHotLink($sURL_FarbarRecoveryScan) & @CRLF)
ConsoleWrite(_GetBleepingcomputerHotLink($sURL_FarbarRecoveryScan2) & @CRLF)
ConsoleWrite(_GetBleepingcomputerHotLink($sURL_ComboFix) & @CRLF)
ConsoleWrite(_GetBleepingcomputerHotLink($sURL_AdwCleaner) & @CRLF)
ConsoleWrite(_GetVipreHotLink($sURL_Vipre) & @CRLF)
ConsoleWrite($sURL_CCleaner & @CRLF)


;here download each one hotlink urls
;cclenaner is hot link already.
;~ InetGet("https://www.piriform.com/ccleaner/download/portable/downloadfile", "CcleanerPortable.zip")


Func _GetBleepingcomputerHotLink($sUrl)
    Local $sData = BinaryToString(InetRead($sUrl))
    Local $aReg = StringRegExp($sData, 'url=(.*?)">', 3)
    If IsArray($aReg) Then Return $aReg[0]
EndFunc   ;==>_GetBleepingcomputerHotLink

Func _GetVipreHotLink($sUrl)
    Local Const  $WinHttpRequestOption_EnableRedirects=6
    Local $oHttp = ObjCreate("winhttp.winhttprequest.5.1")
    $oHttp.Option($WinHttpRequestOption_EnableRedirects) = False
    $oHttp.open("GET", $sUrl)
    $oHttp.Send()
    Local $sHotLink = $oHttp.GetResponseHeader("Location")
    Return $sHotLink
EndFunc   ;==>_GetVipreHotLink

Saludos

:hyper: Danysys.com :ninja:

autoit_scripter_blue_userbar.png

       AutoIt...

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Link to comment
Share on other sites
Danyfirex Universalist

Danyfirex

Posted
Posted

Probably page uses cookie. I'll check later. 

 

Saludos

:hyper: Danysys.com :ninja:

autoit_scripter_blue_userbar.png

       AutoIt...

 

UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker

Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection   PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...