File enumeration batch file

Networking/Security Forums -> Programming and More

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sat Jun 25, 2005 11:20 pm    Post subject: File enumeration batch file
    ----
Does anybody have the know-how to put together a batch file that will list all of the files of a given directory? I can use chkdsk to list all of the files, but that usually isn't necessary. I usually only need to list the system32 folder. I have my own tools that will do this, but I need a means to help our infected users.

Thanks. Smile

Author: zeedoLocation: Scotland PostPosted: Sat Jun 25, 2005 11:29 pm    Post subject:
    ----
Can you be more specific, what do you need that the dir command doesn't do ?

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sat Jun 25, 2005 11:39 pm    Post subject:
    ----
All I need to do is generate a list of all the files in, for instance, the sytem32 folder, time last modified, file size, and dump it to a text file. I know this is probably pretty trivial (and I actually didn't even consider using DIR because I didn't think it would work).

We often use batch files for helping our users, so all they have to do is cut and paste.

Thanks. Smile

Author: zeedoLocation: Scotland PostPosted: Sat Jun 25, 2005 11:51 pm    Post subject:
    ----
you can do this in a hacky way with lots of dir commands, because you can't have multiple options after the /T (for time) argument.

you'd have to do:
Code:

dir /TA
dir /TC
dir /TW


You could do this using a script and WMI, that the users could download as it doesn't realy matter what it's coded in as I'm assuming you expect the user to download and run without interaction

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_tasks__disks_and_file_systems.asp

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sat Jun 25, 2005 11:58 pm    Post subject:
    ----
The goal is to not have the user download anything. Some of the infections we deal with take so many tools that are vicimts are forever downloading. It's much easier to say, ok, open notepad, paste in this line:CHKDSK /V > DISKREPORT.TXT, save it as a .bat file, and post the .txt file it creates in your next response so I can see it.

I think I can do it with chkdsk, but I just have not figured out the proper syntax yet. Perhaps it isn't going to be as easy as I had hoped. Confused

Author: capiLocation: Portugal PostPosted: Sun Jun 26, 2005 12:12 am    Post subject:
    ----
Wait, I must have misunderstood something. You say you just need to produce a file that has a list of filenames in a directory, with their corresponding modification date and size? If so, why not just do:
Code:
dir %windir%\system32 /a > blah.txt

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sun Jun 26, 2005 12:16 am    Post subject:
    ----
Because I didn't know how to do that. Laughing

What can I say... other than at some point in my life I should probably learn how to use batch files, and program in C, and how to conduct penetration testing, win the Nobel Peace Prize, and maybe whistle with my fingers...

So much to learn, so little time.

Author: alt.don PostPosted: Sun Jun 26, 2005 12:21 am    Post subject:
    ----
You mean you haven't yet learned how to spin wool into gold??? Sheesh, what the hell you been doing all these years!!! Capi and I have been doing miraculous wonders for years now! You Yankee's are such slackers! Laughing Laughing

Author: capiLocation: Portugal PostPosted: Sun Jun 26, 2005 12:32 am    Post subject:
    ----
groovicus wrote:
Because I didn't know how to do that. Laughing

What can I say... other than at some point in my life I should probably learn how to use batch files, and program in C, and how to conduct penetration testing, win the Nobel Peace Prize, and maybe whistle with my fingers...

So much to learn, so little time.

I didn't mean to be presumptuous, I just figured since you knew how to redirect output for chkdsk (with the greater-than, '>') you would know that the same works for any program that writes to stdout (that is, to the console).

Author: GroovicusLocation: Centerville, South Dakota PostPosted: Sun Jun 26, 2005 12:39 am    Post subject:
    ----
I didn't think you were being presumptuous at all.. I was just feeling a little sheepish for having to ask about simple batch file syntax... Embarassed

Author: AdamVLocation: Leeds, UK PostPosted: Mon Jun 27, 2005 10:46 am    Post subject:
    ----
Maybe I missed something here - what does the /a do?

I thought /a specified attributes to list only files with those, but needs a second parameter eg /ad for directories or /aa for archive bit set.

You could use /a-d for your purposes to NOT include directories. Up to you.

I would probably include /ogen generally when using DIR (think of melons).
This will Order the results - Group directories at the top and sort by Extension then Name
possibly /o-d might work for you to just sort by date time with newest first if you are looking for suspicious files

so you might have
dir %windir%\system32 /ogen > c:\temp\sorted.txt
or
dir %windir%\system32 /a-d /o-d > c:\temp\no_dirs.txt



how about learning how to do that thing where you blow across your cupped hands and it sounds like an owl?

I think you need this book:
How to Hold a Crocodile
(maybe one of us could review it! Don - do you think this is straying too far from normal infosec topics?)

Author: browolf PostPosted: Mon Jun 27, 2005 11:02 am    Post subject:
    ----
i think he means

Code:

dir %windir%\system32 /b > blah.txt


'b' makes it just list filenames, no other information.

Author: capiLocation: Portugal PostPosted: Mon Jun 27, 2005 2:29 pm    Post subject:
    ----
Eliza wrote:
Maybe I missed something here - what does the /a do?

I thought /a specified attributes to list only files with those, but needs a second parameter eg /ad for directories or /aa for archive bit set.

The parameter for /a is optional; using /a by itself you're telling dir to show files with all attributes, that is, to show hidden and system files along with the regular ones, for example.

By default dir will not show you files marked with either the hidden or the system attribute. Since we're looking for malware and the likes, it would only make sense to include them in the listing...

Regarding the /b option, the reason I did not include it was that groovicus said he wanted more than just the filenames - he wanted filename, size and date of last modification Smile

Quote:
how about learning how to do that thing where you blow across your cupped hands and it sounds like an owl?

Oh I can do that! Holds his hands in a cup and blows accross, making owl-like sounds Laughing

Author: AdamVLocation: Leeds, UK PostPosted: Mon Jun 27, 2005 3:21 pm    Post subject:
    ----
capi wrote:

The parameter for /a is optional; using /a by itself you're telling dir to show files with all attributes, that is, to show hidden and system files along with the regular ones, for example.
...
Regarding the /b option, the reason I did not include it was that groovicus said he wanted more than just the filenames - he wanted filename, size and date of last modification Smile
...
Oh I can do that! Holds his hands in a cup and blows accross, making owl-like sounds


aha!
/a - thanks, that makes sense, I didn't think about h and s being missed out without that switch, and admit I missed the double [[square bracket=optional]] in the syntax file.

/b - I saw why you missed it out and agreed with the reasoning, I was only thinking of using it as a second time round so first time gather all data and then grab filename only to use alongside (assuming you refer to my related answer in a different thread)

owl - that's really rather good! It sounds exactly like a male barn owl in hunting season. superb, well done you!
Im with Stupid!

Author: browolf PostPosted: Tue Jun 28, 2005 11:15 am    Post subject:
    ----
oops. didnt see that second post. Embarassed

Author: Richard_Williams_II PostPosted: Wed Jun 10, 2009 5:49 pm    Post subject: Listing files
    ----
Biterscripting ( http://www.biterscripting.com ) command lf will list files.

Code:
lf -n "*" "C:\Windows\System32" > list.txt


will list all files in system32 folder and write that list into text file list.txt.

Code:
lf "*" "C:\Windows\System32"


will list all attrinbutes of the files.

Code:
lf -r "*" "C:\Windows"


will do recursive list (list in subfolders also).

Code:
lf -r "*" "C:\Windows" ($fctime > "20090101")


will list files created ($fctime) Jan 1, 2009.

etc.

Richard



Networking/Security Forums -> Programming and More


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group