BADREDDINE
Light Weight
- Депозит
- $0
Welcome everyone,
I'm currently working on a project where I need to collect digital hash values for analysis software tools, especially packet sniffers. If anyone knows where I can get these hashes or make them readily available, could you please share them in the comments? Your assistance will be instrumental .
Python:
Скопировать в буфер обмена
import os
# Prevent WireShark from accessing the network
#But this is not good because it requires an administrator's order
os.system('netsh advfirewall firewall add rule name="Block WireShark" dir=out action=block program="path_to_wireshark.exe"')
Python:
Скопировать в буфер обмена
blocked_apps = ["wireshark.exe", "tshark.exe"]
Relying solely on the name of the executable file to identify blocked programs is not a robust enough approach, because the file name can easily be changed.
So, instead of relying on the file name, we want to rely on hashes.
Python:
Скопировать в буфер обмена
from threading import Thread
from time import sleep
from hashlib import md5
from psutil import process_iter,NoSuchProcess,AccessDenied,ZombieProcess,Process
def compute_hash(file_path,algorithm=md5):
hash_func=algorithm()
with open(file_path,'rb')as f:
for chunk in iter(lambda:f.read(4096),b''):hash_func.update(chunk)
return hash_func.hexdigest()
def hash_checker():
blocked_hashes=['abcdef1234567867...']
while True:
for process in process_iter(attrs=['pid','exe']):
try:
if process.info['exe']and compute_hash(process.info['exe'])in blocked_hashesrocess(process.info['pid']).terminate()
except(NoSuchProcess,AccessDenied,ZombieProcess,FileNotFoundError)ass
sleep(5)
hash_check_thread=Thread(target=hash_checker)
hash_check_thread.start()
Thank you for your cooperation.
warm regards,
[BADREDDINE]
Последнее редактирование: 13.10.2023
I'm currently working on a project where I need to collect digital hash values for analysis software tools, especially packet sniffers. If anyone knows where I can get these hashes or make them readily available, could you please share them in the comments? Your assistance will be instrumental .
Python:
Скопировать в буфер обмена
import os
# Prevent WireShark from accessing the network
#But this is not good because it requires an administrator's order
os.system('netsh advfirewall firewall add rule name="Block WireShark" dir=out action=block program="path_to_wireshark.exe"')
Python:
Скопировать в буфер обмена
blocked_apps = ["wireshark.exe", "tshark.exe"]
Relying solely on the name of the executable file to identify blocked programs is not a robust enough approach, because the file name can easily be changed.
So, instead of relying on the file name, we want to rely on hashes.
Python:
Скопировать в буфер обмена
from threading import Thread
from time import sleep
from hashlib import md5
from psutil import process_iter,NoSuchProcess,AccessDenied,ZombieProcess,Process
def compute_hash(file_path,algorithm=md5):
hash_func=algorithm()
with open(file_path,'rb')as f:
for chunk in iter(lambda:f.read(4096),b''):hash_func.update(chunk)
return hash_func.hexdigest()
def hash_checker():
blocked_hashes=['abcdef1234567867...']
while True:
for process in process_iter(attrs=['pid','exe']):
try:
if process.info['exe']and compute_hash(process.info['exe'])in blocked_hashesrocess(process.info['pid']).terminate()
except(NoSuchProcess,AccessDenied,ZombieProcess,FileNotFoundError)ass
sleep(5)
hash_check_thread=Thread(target=hash_checker)
hash_check_thread.start()
Thank you for your cooperation.
warm regards,
[BADREDDINE]
Последнее редактирование: 13.10.2023