• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

File enumeration batch file

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Sat Jun 25, 2005 11:20 pm    Post subject: File enumeration batch file Reply with quote

Does anybody have the know-how to put together a batch file that will list all of the files of a given directory? I can use chkdsk to list all of the files, but that usually isn't necessary. I usually only need to list the system32 folder. I have my own tools that will do this, but I need a means to help our infected users.

Thanks. Smile
Back to top
View user's profile Send private message Visit poster's website
zeedo
SF Reviewer
SF Reviewer


Joined: 01 Sep 2004
Posts: 24
Location: Scotland

Offline

PostPosted: Sat Jun 25, 2005 11:29 pm    Post subject: Reply with quote

Can you be more specific, what do you need that the dir command doesn't do ?
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Sat Jun 25, 2005 11:39 pm    Post subject: Reply with quote

All I need to do is generate a list of all the files in, for instance, the sytem32 folder, time last modified, file size, and dump it to a text file. I know this is probably pretty trivial (and I actually didn't even consider using DIR because I didn't think it would work).

We often use batch files for helping our users, so all they have to do is cut and paste.

Thanks. Smile
Back to top
View user's profile Send private message Visit poster's website
zeedo
SF Reviewer
SF Reviewer


Joined: 01 Sep 2004
Posts: 24
Location: Scotland

Offline

PostPosted: Sat Jun 25, 2005 11:51 pm    Post subject: Reply with quote

you can do this in a hacky way with lots of dir commands, because you can't have multiple options after the /T (for time) argument.

you'd have to do:
Code:

dir /TA
dir /TC
dir /TW


You could do this using a script and WMI, that the users could download as it doesn't realy matter what it's coded in as I'm assuming you expect the user to download and run without interaction

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_tasks__disks_and_file_systems.asp
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Sat Jun 25, 2005 11:58 pm    Post subject: Reply with quote

The goal is to not have the user download anything. Some of the infections we deal with take so many tools that are vicimts are forever downloading. It's much easier to say, ok, open notepad, paste in this line:CHKDSK /V > DISKREPORT.TXT, save it as a .bat file, and post the .txt file it creates in your next response so I can see it.

I think I can do it with chkdsk, but I just have not figured out the proper syntax yet. Perhaps it isn't going to be as easy as I had hoped. Confused
Back to top
View user's profile Send private message Visit poster's website
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Sun Jun 26, 2005 12:12 am    Post subject: Reply with quote

Wait, I must have misunderstood something. You say you just need to produce a file that has a list of filenames in a directory, with their corresponding modification date and size? If so, why not just do:
Code:
dir %windir%\system32 /a > blah.txt
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Sun Jun 26, 2005 12:16 am    Post subject: Reply with quote

Because I didn't know how to do that. Laughing

What can I say... other than at some point in my life I should probably learn how to use batch files, and program in C, and how to conduct penetration testing, win the Nobel Peace Prize, and maybe whistle with my fingers...

So much to learn, so little time.
Back to top
View user's profile Send private message Visit poster's website
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Sun Jun 26, 2005 12:21 am    Post subject: Reply with quote

You mean you haven't yet learned how to spin wool into gold??? Sheesh, what the hell you been doing all these years!!! Capi and I have been doing miraculous wonders for years now! You Yankee's are such slackers! Laughing Laughing
Back to top
View user's profile Send private message Visit poster's website
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Sun Jun 26, 2005 12:32 am    Post subject: Reply with quote

groovicus wrote:
Because I didn't know how to do that. Laughing

What can I say... other than at some point in my life I should probably learn how to use batch files, and program in C, and how to conduct penetration testing, win the Nobel Peace Prize, and maybe whistle with my fingers...

So much to learn, so little time.

I didn't mean to be presumptuous, I just figured since you knew how to redirect output for chkdsk (with the greater-than, '>') you would know that the same works for any program that writes to stdout (that is, to the console).
Back to top
View user's profile Send private message
Groovicus
Trusted SF Member
Trusted SF Member


Joined: 19 May 2004
Posts: 9
Location: Centerville, South Dakota

Offline

PostPosted: Sun Jun 26, 2005 12:39 am    Post subject: Reply with quote

I didn't think you were being presumptuous at all.. I was just feeling a little sheepish for having to ask about simple batch file syntax... Embarassed
Back to top
View user's profile Send private message Visit poster's website
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Mon Jun 27, 2005 10:46 am    Post subject: Reply with quote

Maybe I missed something here - what does the /a do?

I thought /a specified attributes to list only files with those, but needs a second parameter eg /ad for directories or /aa for archive bit set.

You could use /a-d for your purposes to NOT include directories. Up to you.

I would probably include /ogen generally when using DIR (think of melons).
This will Order the results - Group directories at the top and sort by Extension then Name
possibly /o-d might work for you to just sort by date time with newest first if you are looking for suspicious files

so you might have
dir %windir%\system32 /ogen > c:\temp\sorted.txt
or
dir %windir%\system32 /a-d /o-d > c:\temp\no_dirs.txt



how about learning how to do that thing where you blow across your cupped hands and it sounds like an owl?

I think you need this book:
How to Hold a Crocodile
(maybe one of us could review it! Don - do you think this is straying too far from normal infosec topics?)
Back to top
View user's profile Send private message Visit poster's website
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Mon Jun 27, 2005 11:02 am    Post subject: Reply with quote

i think he means

Code:

dir %windir%\system32 /b > blah.txt


'b' makes it just list filenames, no other information.
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Mon Jun 27, 2005 2:29 pm    Post subject: Reply with quote

Eliza wrote:
Maybe I missed something here - what does the /a do?

I thought /a specified attributes to list only files with those, but needs a second parameter eg /ad for directories or /aa for archive bit set.

The parameter for /a is optional; using /a by itself you're telling dir to show files with all attributes, that is, to show hidden and system files along with the regular ones, for example.

By default dir will not show you files marked with either the hidden or the system attribute. Since we're looking for malware and the likes, it would only make sense to include them in the listing...

Regarding the /b option, the reason I did not include it was that groovicus said he wanted more than just the filenames - he wanted filename, size and date of last modification Smile

Quote:
how about learning how to do that thing where you blow across your cupped hands and it sounds like an owl?

Oh I can do that! Holds his hands in a cup and blows accross, making owl-like sounds Laughing
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Mon Jun 27, 2005 3:21 pm    Post subject: Reply with quote

capi wrote:

The parameter for /a is optional; using /a by itself you're telling dir to show files with all attributes, that is, to show hidden and system files along with the regular ones, for example.
...
Regarding the /b option, the reason I did not include it was that groovicus said he wanted more than just the filenames - he wanted filename, size and date of last modification Smile
...
Oh I can do that! Holds his hands in a cup and blows accross, making owl-like sounds


aha!
/a - thanks, that makes sense, I didn't think about h and s being missed out without that switch, and admit I missed the double [[square bracket=optional]] in the syntax file.

/b - I saw why you missed it out and agreed with the reasoning, I was only thinking of using it as a second time round so first time gather all data and then grab filename only to use alongside (assuming you refer to my related answer in a different thread)

owl - that's really rather good! It sounds exactly like a male barn owl in hunting season. superb, well done you!
Im with Stupid!
Back to top
View user's profile Send private message Visit poster's website
browolf
Trusted SF Member
Trusted SF Member


Joined: 19 Apr 2002
Posts: 1


Offline

PostPosted: Tue Jun 28, 2005 11:15 am    Post subject: Reply with quote

oops. didnt see that second post. Embarassed
Back to top
View user's profile Send private message
Richard_Williams_II
Just Arrived
Just Arrived


Joined: 10 Jun 2009
Posts: 0


Offline

PostPosted: Wed Jun 10, 2009 5:49 pm    Post subject: Listing files Reply with quote

Biterscripting ( http://www.biterscripting.com ) command lf will list files.

Code:
lf -n "*" "C:\Windows\System32" > list.txt


will list all files in system32 folder and write that list into text file list.txt.

Code:
lf "*" "C:\Windows\System32"


will list all attrinbutes of the files.

Code:
lf -r "*" "C:\Windows"


will do recursive list (list in subfolders also).

Code:
lf -r "*" "C:\Windows" ($fctime > "20090101")


will list files created ($fctime) Jan 1, 2009.

etc.

Richard
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register