程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

Introduction to Python penetration testing: WMI process monitoring

編輯:Python

Recently, I received a network security book presented by the electronic industry press 《python Black hat 》, There are a total of 24 An experiment , Today, I will repeat the 22 An experiment ( wmi Process monitoring ), My test environment is windows10 virtual machine (64 position )+conda development environment +python3.7. This experiment can monitor windows Processes running in the system , It is helpful to collect the startup information of each process , It is convenient to analyze the quality of the process ~

1、 stay py37hack Environment , take python Script compiled into exe Executable program

2、 Get into dist Install and run in the directory bhservice service

3、 above 2 Steps can be ignored , Start using... Here WMI Monitor progress , function monitor Script , You can monitor all the processes that run later , Here I tested calc Calculator 、notepad Notepad 、cmd Command line , All successful , Here you can see that the user name of the computer is recorded 、 process PID、 There is also information such as the file location of the process , very nice ~

4、 Have a coffee , wait a while , Open... In the directory where the script is located txt file , Check what the computer did secretly , There are many records here ~

Reference code :

# -*- coding: utf-8 -*-
# @Time : 2022/6/26 7:10 PM
# @Author : ailx10
# @File : process_monitor.py
import os
import sys
import win32api
import win32con
import win32security
import wmi
def log_to_file(message):
with open("process_monitor_log.csv","a") as fd:
fd.write(f"{message}\r\n")
def monitor():
head = "CommandLine,Time,Executable,Parent,PID,PID,User,Privileges"
log_to_file(head)
c = wmi.WMI()
process_watcher = c.Win32_Process.watch_for("creation")
while True:
try:
new_process = process_watcher()
cmdline = new_process.CommandLine
create_date = new_process.CreationDate
executable = new_process.ExecutablePath
parent_pid = new_process.ParentProcessId
pid = new_process.ProcessId
proc_owner = new_process.GetOwner()
privileges = "N/A"
process_log_message = (f"{cmdline},{create_date},{executable},{parent_pid},{pid},{proc_owner},{privileges}")
print(process_log_message)
print()
log_to_file(process_log_message)
except Exception:
pass
if __name__ == "__main__":
monitor()


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved