Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3f5682c

Browse files
committed
add removing persistent malware tutorial
1 parent72dc592 commit3f5682c

File tree

3 files changed

+120
-0
lines changed

3 files changed

+120
-0
lines changed

‎README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
6767
-[How to Build Spyware in Python](https://thepythoncode.com/article/how-to-build-spyware-in-python). ([code](ethical-hacking/spyware))
6868
-[How to Exploit Command Injection Vulnerabilities in Python](https://thepythoncode.com/article/how-to-exploit-command-injection-vulnerabilities-in-python). ([code](ethical-hacking/exploit-command-injection))
6969
-[How to Make Malware Persistent in Python](https://thepythoncode.com/article/how-to-create-malware-persistent-in-python). ([code](ethical-hacking/persistent-malware))
70+
-[How to Remove Persistent Malware in Python](https://thepythoncode.com/article/removingg-persistent-malware-in-python). ([code](ethical-hacking/remove-persistent-malware))
7071

7172
-###[Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
7273
-###[Natural Language Processing](https://www.thepythoncode.com/topic/nlp)
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
#[How to Remove Persistent Malware in Python](https://thepythoncode.com/article/removingg-persistent-malware-in-python)
Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
importos
2+
importplatform
3+
importsubprocess
4+
importtempfile
5+
6+
# Windows-specific imports
7+
ifplatform.system()=="Windows":
8+
importwinreg
9+
10+
# Get Windows start-up entries and display
11+
deflist_windows_startup_entries():
12+
key=winreg.OpenKey(winreg.HKEY_CURRENT_USER,r"Software\Microsoft\Windows\CurrentVersion\Run")
13+
entries= []
14+
try:
15+
i=0
16+
whileTrue:
17+
entry_name,entry_value,entry_type=winreg.EnumValue(key,i)
18+
entries.append((i+1,entry_name,entry_value))
19+
i+=1
20+
exceptOSError:
21+
pass
22+
winreg.CloseKey(key)
23+
returnentries
24+
25+
# Remove Windows start-up entries
26+
defremove_windows_startup_entry(index,entries):
27+
key=winreg.OpenKey(winreg.HKEY_CURRENT_USER,r"Software\Microsoft\Windows\CurrentVersion\Run",0,winreg.KEY_SET_VALUE)
28+
try:
29+
entry_name,entry_value=entries[index-1][1],entries[index-1][2]
30+
winreg.DeleteValue(key,entry_name)
31+
print(f"[+] Entry{entry_name} has been removed successfully.")
32+
33+
ifos.path.isfile(entry_value):
34+
os.remove(entry_value)
35+
print(f"[+] File '{entry_value}' has been deleted successfully.")
36+
else:
37+
print(f"[-] File '{entry_value}' not found or unable to delete.")
38+
exceptIndexError:
39+
print("[-] Invalid entry index.")
40+
exceptOSErrorase:
41+
print(f"[-] Error removing entry:{e}")
42+
finally:
43+
winreg.CloseKey(key)
44+
45+
# Get the cron tab entries
46+
deflist_linux_crontab_entries():
47+
try:
48+
output=subprocess.check_output(["crontab","-l"],stderr=subprocess.STDOUT).decode('utf-8').strip()
49+
ifoutput:
50+
entries=output.split("\n")
51+
return [(i+1,entry)fori,entryinenumerate(entries)]
52+
else:
53+
return []
54+
exceptsubprocess.CalledProcessErrorase:
55+
if"no crontab"ine.output.decode('utf-8'):
56+
return []
57+
else:
58+
raise
59+
60+
defremove_linux_crontab_entry(index,entries):
61+
try:
62+
entry=entries[index-1][1]
63+
all_entries= [e[1]foreinentriesife[1]!=entry]
64+
65+
withtempfile.NamedTemporaryFile(delete=False)astmp_file:
66+
tmp_file.write("\n".join(all_entries).encode('utf-8'))
67+
tmp_file.write(b"\n")
68+
tmp_file_path=tmp_file.name
69+
70+
subprocess.check_output(["crontab",tmp_file_path],stderr=subprocess.STDOUT)
71+
os.unlink(tmp_file_path)
72+
print(f"[+] Entry '{entry}' has been removed successfully.")
73+
exceptIndexError:
74+
print("[-] Invalid entry index.")
75+
exceptExceptionase:
76+
print(f"[-] Error removing crontab entry:{e}")
77+
78+
defmain():
79+
os_name=platform.system()
80+
ifos_name=="Windows":
81+
entries=list_windows_startup_entries()
82+
ifnotentries:
83+
print("[-] No startup entries found.")
84+
else:
85+
print("[+] Startup entries:")
86+
forindex,name,valueinentries:
87+
print(f"{index}.{name}:{value}")
88+
89+
print("\n")
90+
choice=int(input("[!] Enter the number of the entry you want to remove (0 to exit): "))
91+
ifchoice==0:
92+
return
93+
elif0<choice<=len(entries):
94+
remove_windows_startup_entry(choice,entries)
95+
else:
96+
print("[-] Invalid choice.")
97+
elifos_name=="Linux":
98+
entries=list_linux_crontab_entries()
99+
ifnotentries:
100+
print("[-] No crontab entries found.")
101+
else:
102+
print("[+] Crontab entries:")
103+
forindex,entryinentries:
104+
print(f"{index}.{entry}")
105+
106+
print("\n")
107+
choice=int(input("[!] Enter the number of the entry you want to remove (0 to exit): "))
108+
ifchoice==0:
109+
return
110+
elif0<choice<=len(entries):
111+
remove_linux_crontab_entry(choice,entries)
112+
else:
113+
print("[-] Invalid choice.")
114+
else:
115+
print(f"[-] Unsupported operating system:{os_name}")
116+
117+
if__name__=="__main__":
118+
main()

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp