kpu Posted November 29, 2005 Share Posted November 29, 2005 There might be a better way to do this, but his works pretty good. Some improvements maybe input boxs asking for the username and password to connect with. By the way, is there a place I can upload this here? Or do I need to do it from my own server?expandcollapse popup#include <GuiConstants.au3> #include <File.au3> Dim $aRecords, $pFile, $comboList, $task ;------------------------------------------------------------------------------------ ;Remote Process Lister ;------------------------------------------------------------------------------------ _errorCtl() $pc = InputBox("Task List", "Please type in the PC name or IP", "zfd-cp-30871") If @error = 1 Then Exit EndIf $uid = "Administrator" $pw = "password" $pFile = @TempDir & "\Processes.txt" $kFile = @TempDir & "\killed.txt" $qFile = @TempDir & "\query.txt" ;------------------------------------------------------------------------------------ _GetProcessList() _ComboBoxData() ;------------------------------------------------------------------------------------ ; CODE ;------------------------------------------------------------------------------------ GUICreate("Process Tool", 339, 136, 430, 346) $ComboBox1 = GUICtrlCreateCombo("Click the Drop down to select process", 8, 8, 313, 21) GUICtrlSetLimit(-1, 14) GUICtrlSetData($ComboBox1, $comboList) $btnKillProcess = GUICtrlCreateButton("Kill Process", 152, 80, 81, 17) $Label1 = GUICtrlCreateLabel("Remove Spaces from above line so it only includes process", 8, 32, 280, 13) $Label2 = GUICtrlCreateLabel("Example: Line should only contain this: notepad.exe", 8, 48, 244, 13) $btnCancel = GUICtrlCreateButton("Cancel", 240, 80, 81, 17) GUISetState() While 1 $msg = GUIGetMsg() Select Case $msg = $btnKillProcess $task = GUICtrlRead($ComboBox1) ;MsgBox(32,"",$task) _KillProcess() Case $msg = $btnCancel _CleanUpMess() ExitLoop Case $msg = $GUI_EVENT_CLOSE _CleanUpMess() ExitLoop Case Else ;;; EndSelect WEnd Exit Func _errorCtl();This is used for error control. If UBound(ProcessList(@ScriptName)) > 2 Then $run2 = MsgBox(164, "Warning", "Application is already running!") Exit Else EndIf EndFunc ;==>_errorCtl Func _CleanUpMess() FileDelete($pFile) FileDelete($qFile) FileDelete($kFile) EndFunc ;==>_CleanUpMess Func _ComboBoxData() If Not _FileReadToArray($pFile, $aRecords) Then MsgBox(4096, "Error", "Unable to Read File! Error:" & @error) Exit EndIf For $x = 1 To $aRecords[0] $comboList = $comboList & $aRecords[$x] & "|" Next $comboList = StringTrimRight($comboList, 1) EndFunc ;==>_ComboBoxData Func _GetProcessList() ProgressOn("Compiling Task List", "Please wait...", "0 percent", "", "", 16) RunWait(@ComSpec & " /c " & "tasklist /S " & $pc & " /U " & $uid & " /P " & $pw & " > " & $pFile, "", @SW_HIDE) For $i = 5 To 100 Step 10 Sleep(10) ProgressSet($i, $i & " percent") Next If FileGetSize($pFile) = "0" Then $pw = "";Secondary Password incase first password doesn't work. RunWait(@ComSpec & " /c " & "tasklist /S " & $pc & " /U " & $uid & " /P " & $pw & " > " & $pFile, "", @SW_HIDE) If FileGetSize("Processes.txt") = "0" Then ;------------------------------------------------------------------------------------ $var = Ping($pc, 250) If $var Then; also possible: If @error = 0 Then ... MsgBox(0, "Status", "PC is Online but I'm unable to connect. Roundtrip was:" & $var) FileDelete($pFile) Else MsgBox(32, "Warning!", "Unable to compile a list of Tasks. Please make sure you typed the PC name correcty") FileDelete("Processes.txt") EndIf ;------------------------------------------------------------------------------------ Exit ProgressOff() EndIf EndIf ;------------------------------------------------------------------------------------ ProgressSet(100, "Done", "Complete") Sleep(500) ProgressOff() ;runwait( "notepad.exe " & $pFile) ;WinWaitClose($pFile) ;FileDelete($pFile) EndFunc ;==>_GetProcessList Func _KillProcess() ProgressOn("Compiling Task List", "Please wait...", "0 percent", "", "", 16) RunWait(@ComSpec & " /c " & "taskkill /S " & $pc & " /U " & $uid & " /P " & $pw & " /F /IM " & $task & " /T > " & $kFile, "", @SW_HIDE) If FileGetSize($kFile) = "0" Then $pw = "";Secondary Password incase first password doesn't work. RunWait(@ComSpec & " /c " & "taskkill /S " & $pc & " /U " & $uid & " /P " & $pw & " /F /IM " & $task & " /T > " & $kFile, "", @SW_HIDE) For $i = 5 To 100 Step 10 Sleep(10) ProgressSet($i, $i & " percent") Next If FileGetSize($kFile) = "0" Then $var = Ping($pc, 250) If $var Then; also possible: If @error = 0 Then ... RunWait(@ComSpec & " /c " & 'tasklist /S ' & $pc & ' /U ' & $uid & ' /P ' & $pw & ' /FI "imagename eq ' & $task & '" > ' & $qFile, "", @SW_HIDE) If FileGetSize($qFile) = "0" Then MsgBox(16, "Warning!", "No tasks running with the specified criteria.") FileDelete($qFile) EndIf FileDelete($kFile) Else MsgBox(16, "Warning!", "Unable to connect to the PC. Make sure the name is typed correcty") FileDelete($kFile) EndIf ProgressOff() EndIf EndIf If FileGetSize($kFile) = "0" Then Exit Else $file = FileOpen($kFile, 0) If $file = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit EndIf $line = FileReadLine($file, 1) MsgBox(0, "", $line) FileClose($file) FileDelete($kFile) ProgressSet(100, "Done", "Complete") Sleep(500) ProgressOff() EndIf EndFunc ;==>_KillProcess http://www.kpunderground.com Link to comment Share on other sites More sharing options...
Greenseed Posted November 29, 2005 Share Posted November 29, 2005 i'm not sure about the taskill command! but pskill.exe it the most powerfull tool to kill process! it can kill locked process like lsass.exe i know there is not reason to kill lsass.exe but some rootkit or service won't let you kill it if you past the command to the WMI. pskill it the only i know who kill the process at the SYSTEM level! it free tool. Search for the pstoolkit! there are many nice tool! from unix port to windows! i hope this help you updating your script! GreenseedMCSE+I, CCNA, A+Canada, QuebecMake Love Around You. Link to comment Share on other sites More sharing options...
kpu Posted November 29, 2005 Author Share Posted November 29, 2005 i'm not sure about the taskill command! but pskill.exe it the most powerfull tool to kill process!Yea, I've used it many times but my company blocks that process using McAffee. I just had to have them allow psexec.exe so I can remotely install Cerner. That took long enough. Thanks for your input though! http://www.kpunderground.com Link to comment Share on other sites More sharing options...
Greenseed Posted December 6, 2005 Share Posted December 6, 2005 i know hacker use pstoolkit to make they job done! but it even a powerfull tool for the admin who want to kick that hacker off! and if the admin is too paranoi to let people use pskill my god! the probleme with that method is he is not working to block hacker to enter is domain is trying to block tool hacker use! hacker use best tool available! all powerfull! like PStoolkit, dameware, netcat packet sniffer and many more! but the real probleme is why a hacker can use tool on my domain even if is calc.exe is you use this tools before hacker do you will cut is leg off! im a admin network and i've see many thing at new client! my god! i've tracked some botnet and they are for most of it, realy easy to rehack and destroy! if you use this nice tools, im explaning my self! i got this new job someday! when i see the domain for the first time! i have connected my computer to is network with firewall-1 activated and loggin, packet sniffer and my very best freind Dameware(very use by hacker to admin is hacked domain). my firewall-1 see many attemp connection not really frendly! with dameware i was able to see all hidden service or process by rootkit because my computer was not infected! and with dameware, pstoolkit and kixtart(can be replace by autoit) i was able to remove all bot from all computer of the domain in a little of time. after that i've made a HoneyPot(i have not d'insinfect one computer) and installed a packet sniffer ont it and let his bot make is connection with is irc server. and now i have captured is password and username! im documenting my self on the bot in question! to know about is command! now im connected my self to is irc network with pasword and username! i've captured. when i got ont is irc channel for maintaning the bot i found 6000 of them my god! it can be very dangerous! to play with that! then i send command for changing all bot password! and is botnet was mine! of course i destroyed it! but the hacker is not the probleme! the admin of the network was! im stoping this history there because it make me angry to not know how to tel the story correctely in english! and this is not where we talk about this! and try some exe editor like the one in scite reshacker maybe you can hide pskill from mcafee or simply change the right on that file to make it readable only by you NOT by the SYSTEM account. but if you need advise to protect your windows domain it will be my pleasure to help! like the most powerfull tool to gain access on a system is made by microsoft! it as called AT.exe (Task Sheduler) the probleme is know since NT 3.51 we call it Escalation of security try this in dos "AT timenow /INTERACTIVE regedit.exe when the reg come up check in security you are now in the SYSTEM account! you are the most powerfull user on the system! and now you can decrypt pass on the go! this is a big probleme! in all my domain i lock the command AT with GP and erase with my logonscript! i think this is good paranoi. ok im out bye bye! GreenseedMCSE+I, CCNA, A+Canada, QuebecMake Love Around You. Link to comment Share on other sites More sharing options...
Mosquitos Posted December 6, 2005 Share Posted December 6, 2005 hacker use best tool available! all powerfull! like PStoolkit, dameware, netcat packet sniffer and many more! Now i know why my bitdefender and antispywaretools make an alert if i wanna use dameware Sapiente vince, rex, noli vincere ferro! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now