113 lines
2.8 KiB
Python
113 lines
2.8 KiB
Python
import psutil
|
|
import os
|
|
import pwd
|
|
import sys
|
|
from collections import defaultdict
|
|
|
|
mypid=os.getpid()
|
|
|
|
#Check if run as root
|
|
white_list_pname = [ "systemd", "kthreadd", "apport-gtk"]
|
|
white_list_pid =[]
|
|
|
|
if (os.geteuid()) != 0:
|
|
print("[-] Not Root")
|
|
else:
|
|
#whitelist this python script and all parents
|
|
cursor=psutil.Process()
|
|
ende=0
|
|
while cursor != None:
|
|
white_list_pid.append(cursor.pid)
|
|
cursor=cursor.parent()
|
|
print(white_list_pid)
|
|
|
|
mydict = defaultdict(list)
|
|
ps_dict = defaultdict(list)
|
|
|
|
def on_terminate(proc):
|
|
print("[+] Terminating Child: %s" % (str(proc)))
|
|
|
|
def killpid(pid):
|
|
parent = psutil.Process(pid)
|
|
|
|
print(len(parent.children()))
|
|
children=parent.children(recursive=True)
|
|
for child in children:
|
|
try:
|
|
child.terminate()
|
|
except Exception as e :
|
|
print("[-] FAILED - Terminating Child: %s" % (str(child)))
|
|
print("[-] ERROR: %s" % str(e))
|
|
|
|
|
|
gone, still_alive = psutil.wait_procs(children, timeout=3, callback=on_terminate)
|
|
|
|
for child in still_alive:
|
|
try:
|
|
child.kill()
|
|
except Exception as e :
|
|
print("[-] FAILED - Terminating Child: %s" % (str(child)))
|
|
print("[-] ERROR: %s" % str(e))
|
|
else:
|
|
print("[+] Terminating Child: %s" % (str(child)))
|
|
try:
|
|
parent.terminate()
|
|
parent.wait(timeout=3)
|
|
parent.kill()
|
|
except Exception as e:
|
|
print("[-] FAILED - Killing Process: %s" % (str(parent)))
|
|
print("[-] ERROR: %s" % str(e))
|
|
else:
|
|
print("[+] Process Killes: %s" % (str(parent)))
|
|
|
|
|
|
|
|
def printproc(p: psutil.Process):
|
|
return "{0}({1})".format(p.name(),p.pid())
|
|
|
|
|
|
def printchild(p: psutil.Process):
|
|
output=printproc(p) + "-"
|
|
for c in p.children():
|
|
output+=printproc(c)
|
|
|
|
|
|
#Fill ps_dict with processes
|
|
for proc in psutil.process_iter():
|
|
try:
|
|
pinfo = proc.as_dict(attrs=['pid','uids','ppid','name','create_time','terminal','username'])
|
|
except psutil.NoSuchProcess:
|
|
pass
|
|
else:
|
|
pid=str(pinfo['pid'])
|
|
ps_dict[pid]=pinfo
|
|
|
|
|
|
#Walk ps_dict and fill in missing information
|
|
for key in ps_dict:
|
|
p=ps_dict[key]
|
|
ppid=str(p['ppid'])
|
|
if ppid in ps_dict:
|
|
pp=ps_dict[ppid]
|
|
p['ppname'] = pp['name']
|
|
p['ppusername'] = pp['username']
|
|
p['ppuids'] = pp['uids']
|
|
p['ppcreate_time'] = pp['create_time']
|
|
|
|
|
|
#Kill all escalators
|
|
to_kill=[]
|
|
|
|
for key in ps_dict:
|
|
p=ps_dict[key]
|
|
if 'ppusername' in p and 'real=0' in str(p['uids']) and p['username'] not in p['ppusername']:
|
|
if p['name'] not in white_list_pname:
|
|
print("[+] Escalted Process found: %s (%s)" % (str(p['name']),str(p['pid'])))
|
|
printchild(psutil.Process(p['pid']))
|
|
|
|
|
|
|
|
for pid in to_kill:
|
|
if pid not in white_list_pid:
|
|
killpid(pid)
|