View previous topic :: View next topic |
Author |
Message |
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Sat Jun 25, 2005 11:20 pm Post subject: File enumeration batch file |
|
|
Does anybody have the know-how to put together a batch file that will list all of the files of a given directory? I can use chkdsk to list all of the files, but that usually isn't necessary. I usually only need to list the system32 folder. I have my own tools that will do this, but I need a means to help our infected users.
Thanks.
|
|
Back to top |
|
|
zeedo SF Reviewer
Joined: 01 Sep 2004 Posts: 24 Location: Scotland
|
Posted: Sat Jun 25, 2005 11:29 pm Post subject: |
|
|
Can you be more specific, what do you need that the dir command doesn't do ?
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Sat Jun 25, 2005 11:39 pm Post subject: |
|
|
All I need to do is generate a list of all the files in, for instance, the sytem32 folder, time last modified, file size, and dump it to a text file. I know this is probably pretty trivial (and I actually didn't even consider using DIR because I didn't think it would work).
We often use batch files for helping our users, so all they have to do is cut and paste.
Thanks.
|
|
Back to top |
|
|
zeedo SF Reviewer
Joined: 01 Sep 2004 Posts: 24 Location: Scotland
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Sat Jun 25, 2005 11:58 pm Post subject: |
|
|
The goal is to not have the user download anything. Some of the infections we deal with take so many tools that are vicimts are forever downloading. It's much easier to say, ok, open notepad, paste in this line:CHKDSK /V > DISKREPORT.TXT, save it as a .bat file, and post the .txt file it creates in your next response so I can see it.
I think I can do it with chkdsk, but I just have not figured out the proper syntax yet. Perhaps it isn't going to be as easy as I had hoped.
|
|
Back to top |
|
|
capi SF Senior Mod
Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
|
Posted: Sun Jun 26, 2005 12:12 am Post subject: |
|
|
Wait, I must have misunderstood something. You say you just need to produce a file that has a list of filenames in a directory, with their corresponding modification date and size? If so, why not just do:
Code: |
dir %windir%\system32 /a > blah.txt |
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Sun Jun 26, 2005 12:16 am Post subject: |
|
|
Because I didn't know how to do that.
What can I say... other than at some point in my life I should probably learn how to use batch files, and program in C, and how to conduct penetration testing, win the Nobel Peace Prize, and maybe whistle with my fingers...
So much to learn, so little time.
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Sun Jun 26, 2005 12:21 am Post subject: |
|
|
You mean you haven't yet learned how to spin wool into gold??? Sheesh, what the hell you been doing all these years!!! Capi and I have been doing miraculous wonders for years now! You Yankee's are such slackers!
|
|
Back to top |
|
|
capi SF Senior Mod
Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
|
Posted: Sun Jun 26, 2005 12:32 am Post subject: |
|
|
groovicus wrote: |
Because I didn't know how to do that.
What can I say... other than at some point in my life I should probably learn how to use batch files, and program in C, and how to conduct penetration testing, win the Nobel Peace Prize, and maybe whistle with my fingers...
So much to learn, so little time. |
I didn't mean to be presumptuous, I just figured since you knew how to redirect output for chkdsk (with the greater-than, '>') you would know that the same works for any program that writes to stdout (that is, to the console).
|
|
Back to top |
|
|
Groovicus Trusted SF Member
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
|
Posted: Sun Jun 26, 2005 12:39 am Post subject: |
|
|
I didn't think you were being presumptuous at all.. I was just feeling a little sheepish for having to ask about simple batch file syntax...
|
|
Back to top |
|
|
AdamV SF Mod
Joined: 06 Oct 2004 Posts: 24 Location: Leeds, UK
|
Posted: Mon Jun 27, 2005 10:46 am Post subject: |
|
|
Maybe I missed something here - what does the /a do?
I thought /a specified attributes to list only files with those, but needs a second parameter eg /ad for directories or /aa for archive bit set.
You could use /a-d for your purposes to NOT include directories. Up to you.
I would probably include /ogen generally when using DIR (think of melons).
This will Order the results - Group directories at the top and sort by Extension then Name
possibly /o-d might work for you to just sort by date time with newest first if you are looking for suspicious files
so you might have
dir %windir%\system32 /ogen > c:\temp\sorted.txt
or
dir %windir%\system32 /a-d /o-d > c:\temp\no_dirs.txt
how about learning how to do that thing where you blow across your cupped hands and it sounds like an owl?
I think you need this book:
How to Hold a Crocodile
(maybe one of us could review it! Don - do you think this is straying too far from normal infosec topics?)
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Mon Jun 27, 2005 11:02 am Post subject: |
|
|
i think he means
Code: |
dir %windir%\system32 /b > blah.txt
|
'b' makes it just list filenames, no other information.
|
|
Back to top |
|
|
capi SF Senior Mod
Joined: 21 Sep 2003 Posts: 16777097 Location: Portugal
|
Posted: Mon Jun 27, 2005 2:29 pm Post subject: |
|
|
Eliza wrote: |
Maybe I missed something here - what does the /a do?
I thought /a specified attributes to list only files with those, but needs a second parameter eg /ad for directories or /aa for archive bit set. |
The parameter for /a is optional; using /a by itself you're telling dir to show files with all attributes, that is, to show hidden and system files along with the regular ones, for example.
By default dir will not show you files marked with either the hidden or the system attribute. Since we're looking for malware and the likes, it would only make sense to include them in the listing...
Regarding the /b option, the reason I did not include it was that groovicus said he wanted more than just the filenames - he wanted filename, size and date of last modification
Quote: |
how about learning how to do that thing where you blow across your cupped hands and it sounds like an owl? |
Oh I can do that! Holds his hands in a cup and blows accross, making owl-like sounds
|
|
Back to top |
|
|
AdamV SF Mod
Joined: 06 Oct 2004 Posts: 24 Location: Leeds, UK
|
Posted: Mon Jun 27, 2005 3:21 pm Post subject: |
|
|
capi wrote: |
The parameter for /a is optional; using /a by itself you're telling dir to show files with all attributes, that is, to show hidden and system files along with the regular ones, for example.
...
Regarding the /b option, the reason I did not include it was that groovicus said he wanted more than just the filenames - he wanted filename, size and date of last modification
...
Oh I can do that! Holds his hands in a cup and blows accross, making owl-like sounds |
aha!
/a - thanks, that makes sense, I didn't think about h and s being missed out without that switch, and admit I missed the double [[square bracket=optional]] in the syntax file.
/b - I saw why you missed it out and agreed with the reasoning, I was only thinking of using it as a second time round so first time gather all data and then grab filename only to use alongside (assuming you refer to my related answer in a different thread)
owl - that's really rather good! It sounds exactly like a male barn owl in hunting season. superb, well done you!
|
|
Back to top |
|
|
browolf Trusted SF Member
Joined: 19 Apr 2002 Posts: 1
|
Posted: Tue Jun 28, 2005 11:15 am Post subject: |
|
|
oops. didnt see that second post.
|
|
Back to top |
|
|
Richard_Williams_II Just Arrived
Joined: 10 Jun 2009 Posts: 0
|
Posted: Wed Jun 10, 2009 5:49 pm Post subject: Listing files |
|
|
Biterscripting ( http://www.biterscripting.com ) command lf will list files.
Code: |
lf -n "*" "C:\Windows\System32" > list.txt |
will list all files in system32 folder and write that list into text file list.txt.
Code: |
lf "*" "C:\Windows\System32" |
will list all attrinbutes of the files.
Code: |
lf -r "*" "C:\Windows" |
will do recursive list (list in subfolders also).
Code: |
lf -r "*" "C:\Windows" ($fctime > "20090101") |
will list files created ($fctime) Jan 1, 2009.
etc.
Richard
|
|
Back to top |
|
|
|