Tuesday, April 22, 2014

Using File::Copy to Deploy Files to a Windows UNC Path

Below is script that illustrates the use of File::Copy to copy files to a UNC path on a Windows network.  The example code downloads a copy of the hosts file made available by the Malware Domain List and copies it to the appropriate directory on a Windows machine in order to prevent the machine from being able to successfully resolve those malicious sites.  


use LWP;
use File::Copy;
use strict;
use warnings;

#URL of hosts file
my $URI = 'http://www.malwaredomainlist.com/hostslist/hosts.txt';

#downloads host file
my $ua = LWP::UserAgent->new();
my $request = HTTP::Request->new(GET => $URI);
my $response = $ua->request($request);
my $content = $response->content();
#print $content;

#writes downloaded hosts file to file
open(my $hosts2, ">", "hosts2.txt");
print $hosts2 "$content";
close $hosts2;

#opens file that stores list of PC names
open(my $computers, "<", "computers.txt")
   or die "cannot open < computers.txt: $!";

#copies file to proper location on each computer  
   my $computer=$_;
   print $computer;
   my $path1='hosts2.txt';
   my $path2="\\\\$computer\\C\$\\WINDOWS\\system32\\drivers\\etc\\hosts";
   copy("$path1","$path2") or die "Copy failed: $!";

close $computers;

Sunday, January 26, 2014

Did I Visit a Malicious Site?

A Perl script that will download the Malware Domain List hosts file and compare the domains listed in the file to domains present in the Chrome History database (an SQLite DB).  It will print out a list of any domains in the History DB that are listed on the Malware Domain list.  Note: the script assumes that a copy of the History DB is in the same directory as the script. 


use DBI;
use List::MoreUtils qw(uniq);
use List::Compare;
use LWP::Simple;
use strict;
use warnings;

my @MalDomains;
my @VisitedDomains;

#obtains a list of malicious domains from a the malware domain list hosts file
my $MalHosts = get 'http://www.malwaredomainlist.com/hostslist/hosts.txt';
open( my $hosts, '<', \$MalHosts );
   my $host=$_;     
   #remove loopback from each entry
   if($host=~s/127\.0\.0\.1  //){
      #remove newline
      $host =~ s/\r?\n$//;
      push(@MalDomains, $host);
close $hosts;

#opens the History database and pulls out all visited domains
my $dbh = DBI->connect("dbi:SQLite:dbname=History","","");
my $sth=$dbh->selectall_arrayref( "SELECT url FROM urls" );
foreach my $data (@$sth) {
               (my $url)=@$data;
               #obtain domain from visited URL
               my $url2 = URI->new("$url");
    my $domain = $url2->host;
    push(@VisitedDomains, $domain);

#remove duplicate domains to speed processing
my @UVDomains = uniq(@VisitedDomains);

#finds the intersection of each array
my $lc = List::Compare->new(\@MalDomains, \@UVDomains);
my @intersection = $lc->get_intersection;

print "You browsed the following malicious domains: \n";
               print $_ . "\n";

Friday, January 24, 2014

Calling PowerShell from Within Perl

Recently, I’ve been doing a bit of scripting for use inside a Windows environment and as such became somewhat interested in some of the functionality that is offered up by PowerShell.  As a result I began experimenting with calling PowerShell commands from within a Perl script.  Below is a simple example, that when run with appropriate privileges can take a list of PC names and clear the security log on each PC.  

use strict;
use warnings;

open(my $hosts, "<", "hosts.txt")
   or die "cannot open < hosts.txt: $!";
   my $host=$_;
   system("powershell -Command \"& {Clear-EventLog -Logname Security -ComputerName $host;}\"");

close $hosts;