added various scripts

2017-09-18 11:47:26 +02:00
parent a1857f4a5b
commit 555d0ef695
25 changed files with 678 additions and 1 deletions
--- a/ps_.py
+++ b/ps_.py
@@ -0,0 +1,112 @@
+import psutil
+import os
+import pwd
+import sys
+from collections import defaultdict
+
+mypid=os.getpid()
+
+#Check if run as root
+white_list_pname = [ "systemd", "kthreadd", "apport-gtk"]
+white_list_pid =[]
+
+if (os.geteuid()) != 0:
+    print("[-] Not Root")
+else:
+    #whitelist this python script and all parents
+    cursor=psutil.Process()
+    ende=0
+    while cursor != None:
+        white_list_pid.append(cursor.pid)
+        cursor=cursor.parent()
+    print(white_list_pid)
+
+mydict = defaultdict(list)
+ps_dict = defaultdict(list)
+
+def on_terminate(proc):
+    print("[+] Terminating Child: %s" % (str(proc)))
+
+def killpid(pid):
+    parent = psutil.Process(pid)
+
+    print(len(parent.children()))
+    children=parent.children(recursive=True)
+    for child in children:
+        try:
+            child.terminate()
+        except Exception as e :
+            print("[-] FAILED - Terminating Child: %s" % (str(child)))
+            print("[-] ERROR: %s" % str(e))
+
+
+    gone, still_alive = psutil.wait_procs(children, timeout=3, callback=on_terminate)
+
+    for child in still_alive:
+        try:
+            child.kill()
+        except Exception as e :
+            print("[-] FAILED - Terminating Child: %s" % (str(child)))
+            print("[-] ERROR: %s" % str(e))
+        else:
+            print("[+] Terminating Child: %s" % (str(child)))
+    try:
+        parent.terminate()
+        parent.wait(timeout=3)
+        parent.kill()
+    except Exception as e:
+        print("[-] FAILED - Killing Process: %s" % (str(parent)))
+        print("[-] ERROR: %s" % str(e))
+    else:
+        print("[+] Process Killes: %s" % (str(parent)))
+
+
+
+def printproc(p: psutil.Process):
+    return "{0}({1})".format(p.name(),p.pid())
+
+
+def printchild(p: psutil.Process):
+    output=printproc(p) + "-"
+    for c in p.children():
+        output+=printproc(c)
+
+
+#Fill ps_dict with processes
+for proc in psutil.process_iter():
+    try:
+        pinfo = proc.as_dict(attrs=['pid','uids','ppid','name','create_time','terminal','username'])
+    except psutil.NoSuchProcess:
+        pass
+    else:
+        pid=str(pinfo['pid'])
+        ps_dict[pid]=pinfo
+
+
+#Walk ps_dict and fill in missing information
+for key in ps_dict:
+    p=ps_dict[key]
+    ppid=str(p['ppid'])
+    if ppid in ps_dict:
+        pp=ps_dict[ppid]
+        p['ppname'] = pp['name']
+        p['ppusername'] = pp['username']
+        p['ppuids'] = pp['uids']
+        p['ppcreate_time'] = pp['create_time']
+
+
+#Kill all escalators
+to_kill=[]
+
+for key in ps_dict:
+    p=ps_dict[key]
+    if 'ppusername' in p and 'real=0' in str(p['uids']) and p['username'] not in p['ppusername']:
+        if p['name'] not in white_list_pname:
+            print("[+] Escalted Process found: %s (%s)" % (str(p['name']),str(p['pid'])))
+            printchild(psutil.Process(p['pid']))
+
+
+
+for pid in to_kill:
+    if pid not in white_list_pid:
+        killpid(pid)