程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
您现在的位置: 程式師世界 >> 編程語言 >  >> 更多編程語言 >> Python

File monitoring for introduction to Python penetration testing

編輯:Python

Recently, I received a network security book presented by the electronic industry press 《python Black hat 》, There are a total of 24 An experiment , Today, I will repeat the 23 An experiment ( File monitoring ), My test environment is windows10 virtual machine (64 position )+conda development environment +python3.7, Monitor your own temp All file operations under the directory , Including new 、 modify 、 Delete and other operations ~

1、 Run file monitoring script

2、 stay temp Directory operation file , Here's a demonstration of : newly added 、 modify 、 Delete

3、 File monitoring has a response

Wait a moment , The computer has done a lot of file operations by itself , No monitoring , You don't even know ~

Reference code :

# -*- coding: utf-8 -*-
# @Time : 2022/6/27 8:10 PM
# @Author : ailx10
# @File : file_monitor.py
import os
import tempfile
import threading
import win32con
import win32file
FILE_CREATED = 1
FILE_DELETED = 2
FILE_MODIFIED = 3
FILE_RENAMED_FROM = 4
FILE_RENAMED_TO = 5
FILE_LIST_DIRECTORY = 0x0001
PATH = ["C:\Windows\Temp",tempfile.gettempdir()]
def monitor(path_to_watch):
h_directory = win32file.CreateFile(
path_to_watch,FILE_LIST_DIRECTORY,
win32con.FILE_SHARE_READ|
win32con.FILE_SHARE_WRITE|
win32con.FILE_SHARE_DELETE,
None,win32con.OPEN_EXISTING,win32con.FILE_FLAG_BACKUP_SEMANTICS,None)
while True:
try:
results = win32file.ReadDirectoryChangesW(
h_directory,1024,True,
win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES |
win32con.FILE_NOTIFY_CHANGE_DIR_NAME |
win32con.FILE_NOTIFY_CHANGE_FILE_NAME |
win32con.FILE_NOTIFY_CHANGE_LAST_WRITE |
win32con.FILE_NOTIFY_CHANGE_SECURITY |
win32con.FILE_NOTIFY_CHANGE_SIZE,
None,None)
for action,file_name in results:
full_filename = os.path.join(path_to_watch,file_name)
if action == FILE_CREATED:
print(f"[+] create {full_filename}")
elif action == FILE_DELETED:
print(f"[-] delete {full_filename}")
elif action == FILE_MODIFIED:
print(f"[*] modify {full_filename}")
try:
print("[vvv] dumping contents ...")
with open(full_filename) as f:
contents = f.read()
print(contents)
print("[^^^] dump complete")
except Exception as e:
print("[!!!] dump failed. {e}")
elif action == FILE_RENAMED_FROM:
print(f"[>] renamed to {full_filename}")
elif action == FILE_RENAMED_TO:
print(f"[<] renamed to {full_filename}")
else:
print(f"[?] unknown action on {full_filename}")
except Exception:
pass
if __name__ == "__main__":
for path in PATH:
monitor_thread = threading.Thread(target=monitor,args=(path,))
monitor_thread.start()


  1. 上一篇文章:
  2. 下一篇文章:
Copyright © 程式師世界 All Rights Reserved