Archive for the ‘PowerShell’ Category
Posted by jpluimers on 2023/10/10
For tomorrow’s post Ookla speedtest CLI for Windows has some undocumented arguments to accept license and GDPR I neede the full path to the speedtest.exe which I had installed using Chocolatey.
I know chocolatey uses a shim that redirects to the actual executable, so a simple where speedtest.exe would not cut it.
My guess would be that the generated shim allowed to either get the target pathname out, or have the target pathname encoded in it.
Luckily the first applies: a few of the shim command-line parameters are in [Wayback/Archive] Chocolatey Software Docs | Executable shimming (like symlinks but better):
You pass these arguments to an executable that is a shim (e.g. executables in the bin directory of your Chocolatey install, not choco.exe):
--shimgen-help – shows this help menu and exits without running the target--shimgen-log – logging is shown on command line--shimgen-waitforexit – explicitly tell the shim to wait for target to exit – useful when something is calling a gui and wanting to block – command line programs explicitly have waitforexit already set.--shimgen-exit – explicitly tell the shim to exit immediately.--shimgen-gui – explicitly behave as if the target is a GUI application. This is helpful in situations where the package did not have a proper .gui file.--shimgen-usetargetworkingdirectory – set the working directory to the target path. Useful when programs need to be running from where they are located (usually indicates programs that have issues being run globally).--shimgen-noop – Do not actually call the target. Useful to see what would happen if you ran the command.
But the below dumps show more more (using [Wayback/Archive] Strings – Windows Sysinternals | Microsoft Docs, [Wayback/Archive] clip | Microsoft Docs and post-processing in [Wayback/Archive] Notepad++).
Back to the second solution,
strings C:\ProgramData\chocolatey\bin\speedtest.exe | findstr speedtest.exe
showed
speedtest.exe
..\\lib\speedtest\tools\speedtest.exe
Cannot find file at '..\\lib\speedtest\tools\speedtest.exe' (
speedtest.exe
speedtest.exe
And towards the first,
strings C:\ProgramData\chocolatey\bin\speedtest.exe | clip
resulted in this fragment:
Read the rest of this entry »
Posted in Batch-Files, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »
Posted by jpluimers on 2023/09/12
TL;DR
I have converted the below PowerShell one-liner into this batch file (the ^| syntax is to ensure the pipe runs within PowerShell, not within the batch file):
PowerShell 'Get-CimInstance -Namespace "Root\cimv2\mdm\dmmap" -ClassName "MDM_EnterpriseModernAppManagement_AppManagement01" ^| Invoke-CimMethod
-MethodName UpdateScanMethod'
The why and how
Since I am a CLI person, and some Windows applications are only available on the Microsoft Store, I wanted to be able to initiate an update cycle from the command-line interface.
So I searched for [Wayback/Archive] microsoft store update all apps from the command-line – Google Search and found these to be valuable:
Read the rest of this entry »
Posted in Batch-Files, Development, Microsoft Store, Power User, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 11 | Leave a Comment »
Posted by jpluimers on 2023/09/11
Only having really learned to speak English starting in my late teens, I never got the “smarter than the average bear” reference, so I filed what I thought was a bug early 2019: [Wayback/Archive] “You must be smarter than the average bear…” after upgrading to 7zip.install v18.6 and notepadplusplus.install v7.6.2 · Issue #1700 · chocolatey/choco which last year got this useful comment
I had this for several packages now, since I am updating them daily.
I am assuming there is a way to remove versions, which leads to this error until there is a new update.
It was confirmed this summer from
I’m smarter than the average bear at least once or twice a month. I think it might be packages which are pulled back and you happen to have installed that version
The bug got referenced this summer from [Wayback/Archive] Remove warning message about “smarter than the average bear” · Issue #3186 · chocolatey/choco.
This in turn lead to [Wayback/Archive] (#3186) Remove easter egg “You are smarter than the average bear …” by pauby · Pull Request #3276 · chocolatey/choco
That made me realise that for large groups of English speaking people “smarter than the average bear” would actually be a well known thing.
So I searched and learned a thing or two:
Read the rest of this entry »
Posted in .NET, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »
Posted by jpluimers on 2023/07/26
TL;DR is at the bottom (;
5 days ago this exploit development got published: [Wayback/Archive] snowcra5h/CVE-2023-38408: CVE-2023-38408 Remote Code Execution in OpenSSH’s forwarded ssh-agent.
It is about [Wayback/Archive] NVD – CVE-2023-38408 which there at NIST isn’t rated (yet?), neither at [Wayback/Archive] CVE-2023-38408 : The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remot.
However at [Wayback/Archive] CVE-2023-38408- Red Hat Customer Portal it scores 7.3 and [Wayback/Archive] CVE-2023-38408 | SUSE it did get a rating of 7.5, so since I mainly use OpenSuSE I wondered what to do as the CVE is formulated densely at [Wayback/Archive] www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt: it mentions Alice, but no Bob or Mallory (see Alice and Bob – Wikipedia).
Luckily, others readly already did the fine reading and emphasised the important bits, especially at [Wayback/Archive] RCE Vulnerability in OpenSSH’s SSH-Agent Forwarding: CVE-2023-38408 (note that instead of Alex, they actually mean Alice)
“A system administrator (Alice) runs SSH-agent on her local workstation, connects to a remote server with ssh, and enables SSH-agent forwarding with the -A or ForwardAgent option, thus making her SSH-agent (which is running on her local workstation) reachable from the remote server.”
According to researchers from Qualys, a remote attacker who has control of the host, which Alex has connected to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice’s workstation (via her forwarded SSH-agent if it is compiled with ENABLE_PKCS11, which is the default).
The vulnerability lies in how SSH-agent handles forwarded shared libraries. When SSH-agent is compiled with ENABLE_PKCS11 (the default configuration), it forwards shared libraries from the user’s local workstation to the remote server. These libraries are loaded (dlopen()) and immediately unloaded (dlclose()) on the user’s workstation. The problem arises because certain shared libraries have side effects when loaded and unloaded, which can be exploited by an attacker who gains access to the remote server where SSH-agent is forwarded to.
Mitigations for the SSH-Agent Forwarding RCE Vulnerability
Read the rest of this entry »
Posted in *nix, *nix-tools, bash, bash, Communications Development, Development, Internet protocol suite, OpenSSH, Power User, PowerShell, Scripting, Security, Software Development, SSH | Leave a Comment »
Posted by jpluimers on 2023/05/17
A while ago, I needed the file information of wsl.exe on one of my Windows systems.
On Linux, I would do something like file `which bash` where file will give the file details and which gets you the full path to bash.
The file equivalent on Windows for me is [Wayback/Archive] Sigcheck – Windows Sysinternals | Microsoft Docs, which is part of [Wayback/Archive] File and Disk Utilities – Windows Sysinternals | Microsoft Docs.
The which equivalent on Windows for me is [Wayback/Archive] where | Microsoft Docs.
Read the rest of this entry »
Posted in bash, Batch-Files, CommandLine, Development, PowerShell, PowerShell, Scripting, Software Development | 1 Comment »
Posted by jpluimers on 2023/05/10
Sometimes, you want to restart the Windows explorer. This is already an exception case which you want to do when explorer hangs (for instance when taskbar icons do not respond any more), or has files locked which need to be modified. I described the latter in Inno Setup: Program Folder not showing up In Start > All Programs , with this very simple restart script:
taskkill /F /IM explorer.exe
start explorer
Even more exception is wanting to run explorer with a UAC elevated administrative token. I sometimes do this when moving around stuff from other users on the same computer without having them logged on (as that would lock the files or directories to be moved around).
The risk of running explorer under UAC elevation, is that any program you start will also start UAC elevated, so beware what you ask for…
This is how you start explorer under UAC elevation:
pwsh.exe -nol -noni -nop -w hidden -c "taskkill /f /im explorer.exe; start explorer -v runas -a /nouaccheck"
or if you run an older Windows version of PowerShell:
PowerShell.exe -nol -noni -nop -w hidden -c "taskkill /f /im explorer.exe; start explorer -v runas -a /nouaccheck"
These command-line options and verbs are used:
Time to explain a few:
Read the rest of this entry »
Posted in Batch-Files, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8.1 | 1 Comment »
Posted by jpluimers on 2023/03/16
PolyShell is a script that’s simultaneously valid in Bash, Windows Batch, and PowerShell (i.e. a polyglot).
[Wayback/Archive] llamasoft/polyshell: A Bash/Batch/PowerShell polyglot!
Need to check this out, as often I have scripts that have to go from one language to the other or vice versa.
Maybe it enables one language to bootstrap functionality in the other?
The quest
The above polyglot started with a quest to see if I can could include some PowerShell statements in a batch file with two goals:
- if the batch file started from the PowerShell command prompt, then execute the PowerShell code
- if the batch file started from the
cmd.exe command prompt, then have it start PowerShell with the same command-line arguments
The reasoning is simple:
- PowerShell scripts will start from the PATH only when PowerShell is already running
- Batch files start from the path when either
cmd.exe or PowerShell are running
Lots of users still live in the cmd.exe world, but PowerShell scripts are way more powerful, and since PowerShell is integrated in Windows since version 7, so having a batch file bootstrap PowerShell still makes sense.
Since my guess was about quoting parameters the right way, my initial search for the link below was [Wayback/Archive] powershell execute statement from batch file quoting – Google Search.
I have dug not yet into this, so there are still…
Many links to read
These should give me a good idea how to implement a polyglot batch file/PowerShell script.
–jeroen
Posted in *nix, *nix-tools, bash, bash, Batch-Files, Development, JavaScript/ECMAScript, Perl, Polyglot, Power User, PowerShell, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2022/10/26
With APIs, you always hope that Get and Set methods mirror each other. More often than not, they don’t.
Take for instance these two:
They are far from symmetric: [Wayback/Archive] Get-NetFirewallRule shows far less than [Wayback/Archive] Set-NetFirewallRule allows you to set (first and foremost the various port related properties). It can be worked around though.
There are a few posts discussing this, of which I think these two are the most important:
Both above posts via [Wayback/Archive] “Get-NetFirewallRule” “LocalPort” – Google Search.
This is what I was after:
PowerShell "Get-NetFirewallRule -Name 'RemoteDesktop-UserMode-In-TCP' | Select-Object Name,DisplayName,Enabled,Direction,@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},Action,@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}"
Or actually:
Read the rest of this entry »
Posted in CommandLine, Development, Power User, PowerShell, PowerShell, Remote Desktop Protocol/MSTSC/Terminal Services, Scripting, Software Development, Windows | Leave a Comment »
Posted by jpluimers on 2022/08/12
From [Wayback Archive.is blog — Why has the URL “archive-li” changed to…:
Why has the URL “archive-li” changed to “archive-ph”, and will this affect saved bookmarks at any time in the future?
Anonymous
This is temporary and only for some countries. All 7 domains work, so you do not need to change the bookmarks.
In The Netherlands all Archive Today domains redirect to archive.ph using a HTTP 302 redirect.
This caused trouble at my home location, but not at my brother, so I searched for local issues.
In the end, it was because I have dual WAN as network load balancing at home.
TL;DR
Modifying the routing table so traffic for 54.37.18.234 goes to WAN1 was my solution.
Finding the destination address
Read the rest of this entry »
Posted in .NET, Development, Hardware, Network-and-equipment, Power User, PowerShell, routers, Scripting, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 