There is an old command line tool my company uses to deploy log files to various servers.... whoever wrote it made it very very repetitive.
There is a lot of prompting that happens and I want to automate this process. We have a long term goal of replacing this .exe file down the line but for now automation works for the short term..
Example
./logdeploy.exe
Enter the destination folder:
I would like the powershell script to just automatically enter the folder, since its literally the same folder. because this exe is going to ask for it at least 20 times throughout this process, so copy paste just gets anyoing.
Is this even possible to do?
If there really is no way around simulating interactive user input in order to automate your external program, a solution is possible under the following assumption:
Your external program reads interactive responses from stdin (the standard input stream).
While doing so is typical, it's conceivable that a given program's security-sensitive prompts such as for passwords deliberately accept input from the terminal only, as so to expressly prevent automating responses.
If the first assumption holds, the specific method that must be used to send the response strings via stdin depends on whether the external program clears the keyboard buffer before each prompt.
(a) If it does not, you can simply send all strings in a single operation.
(b) If it does, you need to insert delays between sending the individual strings, so as to ensure that input is only sent when the external program is actively prompting for input.
This approach is inherently brittle, because in the absence of being able to detect when the external program is read to read a prompt response, you have to guess how much time needs to elapse between sending responses - and that time may vary based on many runtime conditions.
It's best to use longer delays for better reliability, which, however, results in increased runtime overall.
Implementation of (a):
As zett42 and Mathias R. Jessen suggest, use the following to send strings C:\foo and somepass 20 times to your external program's stdin stream:
('C:\foo', 'somepass') * 20 | ./logdeploy.exe
Again, this assumes that ./logdeploy.exe buffers keyboard input it receives before it puts up the next prompt.
Implementation of (b):
Note: The following works in PowerShell (Core) 7+ only, because only there is command output being sent to an external program properly streamed (sent line by line, as it becomes available); unfortunately, Windows PowerShell collects all output first.
# PowerShell 7+ only
# Adjust the Start-Sleep intervals as needed.
1..20 | ForEach-Object {
Start-Sleep 1
'C:\foo'
Start-Sleep 2
'somepass'
} | ./logdeploy.exe
Related
I'm trying to automate a workflow. The automation script is mainly written in Powershell It consists of these steps: 1) Opening a program 2) Communicating with the API, reading values, etc. 3) Closing the program. This script will be run many times a day, it would suffice to not close the program every time the script is finishing, but rather check at the beginning of the script whether the program is already opened, and if not, open it. I'd like to implement both, then decide which solution to use later on.
The code for opening the program is completed, but it's not enough to just run an .exe file to open the program, as I have to load the correct settings and GUI, for this while opening the .exe file from the command line, additionally, I have to use -s, also -c. I concluded all this in runProgram.cmd, so in the Powershell script, I only run this file to open the program. However, I am unsure how the already opened program can be detected (that it's opened), and how can I close it. I believe a solution might use processes, with the help of Get-Process, but I'm unsure of its capabilities and limitations (how do I check if my program's process is not amongst the list of running processes?), and whether there is a better way of dealing with this problem.
I have found the solution:
Open the program and open Powershell, and type Get-Process (this will list all the currently running processes)
Search yours (by name). If you don't know which process is the one you're looking for, you can close your program, then type Get-Process again, and look for the process that disappeared from the list, since you closed it. Let's assume the name of it is "yourprocess".
In the code, type $val = Get-Process -Name yourprocess. If it is running, $val should equal some data about the process, if it is not running, then $val is 0. Therefore, if you want to check whether it's opened, you should use:
if($null -ne $val){...}
Finally, stopping the process: Stop-Process -Name yourprocess.
Unicorn.py generates a string that looks like
powershell -flag1 -flag2 "something " obfuscation; powershell "more gibbrish
Interestingly, if this command is saved in a file filename.txt Windows executes it before opening the file in notepad.txt (by which time the file is empty).
Why is the file executed despite the extension?
What does the script do when it encounters EOF after odd number of quotation marks?
Edited:
Unicorn (https://github.com/trustedsec/unicorn) is a script that "enables privilege elevation and arbitrary code execution". If you know what it means. Of course I did NOT put the actual string, just the key features.
Purely out of IT security interest.
I think that if you read the manual in unicorn.py, at absolutely no time does it say that the script should be left in the txt file.
The PowerShell script is written inside the txt file and called the "payload" (very hacker like). What is left for you is always how to execute this code on the victim's computer.
The manual proposes Word code injection, simply executing the PowerShell in cmd (I quote "Next simply copy the powershell command to something you have the ability for remote command execution."), Excel Auto_Open attack, and so on.
If reading the manual is too much there is always a video. The only time the "hacker" uses a notepad like is on his linux operated system (how ironic)… I watched it because I love this Papa Roach music Last Resort...
For those who are concerned about IT security I recommend this article dosfuscation. This is really instructive about how you have to be extra careful when receiving mails, outside document,... and how humanity can waste so much time spying, deceiving, inventing new twisted strategies... Aren't we great !
Windows like any other system has many system flaw but opening notepad is not one of them. Unless your notepad has been replaced by a hacker using unicorn…
There is an even number of brackets in the obfuscated script. Did you mix up '' with "?
Empty txt file means that you've sent the attack.txt over network to a drive accessible by updated antivirus and antivirus quarantined/deleted file contents. Since you didn't know about this interaction with antivirus your environment is NOT secure. Which means you might have other malware from previous test lurking on your "clean" network.
I have created a powershell interface which essentially collects information and then sends that info to an external PS script via Start-Job. I have a timer that triggers recieve-job every second, and updates an output box with STDOUT from the job I created.
External PS Script:
This script has many functions (which utilize many cmdlets), and will be printing messages via Write-Verbose to a log. The issue is, sometimes in these functions I print messages and/or also return a value.
As we all know, anything that a function returns is placed into standard output. So anytime a function returns a value, that value is printed into the Output Rich Textbox control. I don't want that. Also, if I am using VERBOSE, the message is not being printed in the control (however, it is being printed to the console)
What I want:
Print only messages to my rich text box AND my log file, with no function return values in the stream (unless they are apart of a message itself).
Note: I am re-writing this application from a VB.NET app, to a Powershell Studio app... and I noticed previously this was being done by streaming STD Output into the text box, using a similar external powershell script--except that script was using WRITE-HOST. That doesn't make sense to me, as write-host isn't even supposed to be put into the stream.
Alternative Approach:
I had a working example of letting the Job add to the log itself, and then having the UI run Get-Content -tail 1... This WOULD WORK, except that some of my messages will be printed on more than one line, and it wouldn't pull everything as expected. If anyone has a way for me to get any X number of new lines in the log at all times, let me know. That might be easier than my current approach.
so basically you want to use powershell backwards? functions should only return a value that you want in your actual output stream, anything that should not be returning a value to the stream should either be captured in a variable or sent to Out-Null, if want to provide information on what the command is doing that is what write-verbose is for. and Write-Verbose is working as intended, just like write-host it is not put into the stream.
To answer your question what you should do is rewrite your functions so that they return a single value(or no value at all if that is appropriate), for functions that cannot be rewritten you can suppress their output in your script by either assigning them to a variable(if they must be used later) or simply piping them to Out-Null. anything that is currently being captured in the verbose stream that needs to be a part of your output should also be moved to the standard stream and written with Write-Output, potentially with `If statements wrapped around them if you only want that data on certain runs, however if you really want to combine the verbose stream with the standard stream you can check out the info here - Redirect two or more Powershell streams other than output stream to the same file
I have a script that runs an external process which creates some output (a file) and then I also capture console output to file (the log)
try
{
p4d -r $root -jc | out-file $output
}
I later check the log output, grab some info and the script carries on.
The problem is that the external process could (and has once) stalled and I need a way to check that on the fly to handle the error.
The best way I can think to do this is to monitor the file that the process creates for increasing size. Obviously this isn't without issue as it could potentially stall at any point and we don't know the resulting file size.
I will likely check the size of the last successful process and use that to set some limits.
My question is how do I achieve the whole check a process whilst it's running thing?
I have been working on a project that uses a program called TeraTerm to send commands to a TV via a serial port. I have discovered that when I open the program manually after a reboot, I have to open the correct port and then send the .dat command file several times before it actually takes (Turns off the TV).
The commands I am using are from this page.
Anyway, I ran the command
TTERMPRO /C=7 /DS /FD=C:\Commands\TurnOffTest3.dat /FD=C:\Commands\TurnOffTest3.dat /FD=C:\Commands\TurnOffTest3.dat
hoping that it would allow me to send the file multiple times. The TeraTerm window did open as usual, but the file was either not sent or had no effect.
There is a very high likelyhood that I am sending the commands incorrectly, as I am very new to the command prompt itself. Is there a way that I can call the command to send a file multiple times? If I am not interpreting the interface given on the website correctly or even if the way I am using the commands is just flat out wrong, any and all advice is welcome.
Side note: yes, I am sure that the command file that I am sending is the correct one because when I send the file manually (i. e. use the GUI) the TV turns off as expected.
EDIT: I have tried sending the file with and without quotes in its name.
for /L %G in (1,1,3) do TTERMPRO …
Read more in FOR command:
If you are using the FOR command at the command line rather than
in a batch program, use just one percent sign: %G instead of
%%G.
Noticed in help information about system commands for /? as well: To use the FOR command in a batch program, specify %%variable instead of %variable. Variable names are case sensitive, so %i is different from %I.
==> for /?
Runs a specified command for each file in a set of files.
FOR %variable IN (set) DO command [command-parameters]
%variable Specifies a single letter replaceable parameter.
(set) Specifies a set of one or more files. Wildcards may be used.
command Specifies the command to carry out for each file.
command-parameters
Specifies parameters or switches for the specified command.
To use the FOR command in a batch program, specify %%variable instead
of %variable. Variable names are case sensitive, so %i is different
from %I.
…
Further reading in Syntax: Escape Characters, Delimiters and Quotes