Archive for the 'hack' Category

Prevent desktop lock or screensaver with PowerShell

Imagine that there’s a webcast that you absolutely need to record and your girlfriend calls because she had a bad dream and you need to go to give her consolation, or it’s your daughter’s birthday, or simply 11 pm because the Earth is huge and the timezones suck. Your first reaction is to simply try to record the webcast but this is a corporate PC and group policy is configured to lock the desktop after x minutes of inactivity. What do you do?

I found myself in this situation a few days ago, and did not want to search the internet and download a random executable simulating user activity and doing who knows what else on my computer.

Instead I wrote this simple PowerShell script:

param($minutes = 60)

$myshell = New-Object -com "Wscript.Shell"

for ($i = 0; $i -lt $minutes; $i++) {
  Start-Sleep -Seconds 60
  $myshell.sendkeys(".")
}

All the script does is creates a Windows scripting shell com object, and then for the specified number of minutes (which is a script parameter) every minute presses the “.” key.

Then I saved the script as Prevent-Screensaver.ps1 file (“prevent” is not a proper PowerShell verb, but disable- or stop- do not seem quite right…) and started it from PowerShell command-line: & c:\Prevent-Screensaver.ps1 120

One other thing which I also did was starting a notepad and clicking into it. This made the script output the dots into the application rather than overload Windows input buffer (which would have caused the OS to start beeping.)

Oh, and before anyone adds comments on how I have just ruined desktop security in the enterprise… By using this you might be circumventing security measures which your company might have for a reason. Check with your HR/IT/legal department/manager when in doubt. 😉

[UPDATE] Check out what Claus posted in his comments here – an even better way of preventing the screensaver by moving the mouse cursor a bit.

Tags: ,

Advertisements

PowerShell on Server Core

[UPDATE] Instructions below are for Windows Server 2008 which does not have PowerShell or .NET support for Server Core. Windows Server 2008 R2 released later, has native support for these, so you can simply follow these Microsoft instructions to enable PowerShell there: http://support.microsoft.com/kb/976736

Below is a step-by-step instruction on installing Windows PowerShell on Windows Server 2008 in Server Core mode.

Note that these are in no way official or supported by Microsoft. Microsoft is working on official version of .NET and PowerShell for Server Core installations, so eventually you will be able to get this fully supported. Until then below are the instructions you can use at your own risk, etc., etc.

Quick Introduction

Windows Server 2008 has a command-line installation option – Server Core – which significantly reduces the attack surface and patch requirements by the virtue of not having Explorer and other UI components not needed in datacenter.

The problem is that it only ships with traditional cmd.exe and not PowerShell. To make things worse neither PowerShell nor .NET as they are today can be installed on such systems.

Below are the steps you can take to create packages of these tools which can be installed. Basically the whole procedure consists of just four main steps:

  1. Installing Visual C++ Redistributable Packages (required for .NET).
  2. Installing .NET 2.0 SP1
  3. Installing PowerShell.
  4. Jumping around the computer and shouting “I’ve got it!”

So let’s get started!

1. Visual C++ Redistributable Packages

This is the easiest one. All you need to do is download the packages you need:

After that, copy these files to your Server Core computer (e.g. using Robocopy) and simply run them there.

If your Server Core is 32-bit – just run vcredist_x86.exe.
If it is 64-bit, you need to install both x86 and x64 versions (vcredist_x86.exe and vcredist_x64.exe).

2. .NET Framework

This is the most tricky part. PowerShell needs .NET 2.0 and .NET 2.0 is supposed to be a component of Windows Server 2008 so we will have to get a package of the framework which can get installed on such a system. To accomplish that we will:

  1. Download .NET Framework 3.5.
  2. Unpack the setup to get access to the .NET 2.0 Service Pack 1 installation files.
  3. Download and install the Orca MSI editor.
  4. Use Orca to remove the Windows version check.
  5. Run the updated MSI.

2.1. Download .NET: Go to Microsoft’s web site and download full redistributable package of .NET 3.5.

2.2. Unpack the file:
a. Create a folder c:\deploy
b. Save the downloaded .NET framework package to this folder.
c. Download the wonderful deploy.cmd script which Artem has posted and put it into the same folder.
d. Run the script.

After the script executes, the C:\Deploy\AIP folder will have both NetFx20_x64 and NetFx20_x86 folders with .NET 2.0 framework files you need.

2.3. Install Orca:

This is great but unfortunately you cannot just install the files because the MSIs are specifically checking for Windows version. So now we need to disable this check. To do this we will use Microsoft’s Orca MSI editor.

Note: This all needs to be done on a regular, not Server Core, machine. We will copy the results of our Orca operations to the Core box later on.

If you don’t have Orca, follow these steps to download it:
a. Download the Windows SDK for Windows Server 2008 and .NET Framework 3.5 installer.
b. Run the installer and deselect everything except Win32 Developer Tools (this will make sure that you only download the few megs you need.)

Downloading Orca

c. After the installation completes, go to C:\Program Files\Microsoft SDKs\Windows\v6.1\Bin and install Orca.msi.

2.4. Tweak the setup:

Now its time to do some patching.
a. Start Orca and open the MSI you need (C:\Deploy\AIP\NetFx20_x86\NetFx20a_x86.msi for 32-bit version or C:\Deploy\AIP\NetFx20_x64\NetFx20a_x64.msi for x64).
b. Click Component.
c. In x86 locate: Regtlib.exe_Tool_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
In x64 locate that one and Regtlib.exe_Tool_____A64.3643236F_FC70_11D3_A536_0090278A1BB8
d. Change the Condition from (VersionNT < 600) or Version9X to just VersionNT or Version9X.

Allow .NET 2.0 Framework to get installed on Windows Server 2008

e. Save changes (either to that same MSI or a transform file.)

2.5. Install .NET

Copy the files (the whole folder) to your core machine and start the MSI via this command line (note that you need to use msiexec in order to pass the vsextui=1 parameter):

If you saved a transformed file and are running 64-bit version you will probably run:
%SystemRoot%\system32\msiexec.exe /package "NetFx20_x64\NetFx20a_x64.msi" vsextui=1 transforms="ServerCore.mst"

On x86 without a transform that would be:

%SystemRoot%\system32\msiexec.exe /package "NetFx20_x86\NetFx20a_x86.msi" vsextui=1

That’s it. Now we have .NET installed and can go to the final step – PowerShell installation!

3. Windows PowerShell

There is no PowerShell v1 setup for Windows 2008 (again, because it is supposed to be a component) but you can actually download and install the CTP (note: this is a pre-beta code – not for production use). PowerShell v2 CTP2 is available from Microsoft’s downloads page.

Download the version you need, copy the msi over to the Server Core box and simply run the msi.

4. Enjoy!

Now you can start PowerShell!

Just run:
c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

And you will see the prompt change to: PS C:>

That’s it. Now you are among the first geeks in the Universe to have PowerShell on Server Core!

PowerShell v2 running on Windows Server 2008 Server Core

Acknowledgments: I could only have this all accomplished thanks to the help I got from Alex Kibkalo and a great post by Artem Pronichkin on installing .NET on Server Core.

Tags: , , , ,

Execute PowerShell Scripts from Your Smartphone

Suppose you are on vacation/commute/away from your desk and get an emergency IT request. Would not it be cool to just text the PowerShell commands from your phone to your desk, have PowerShell over there execute the script, and send you back the results? 😉

Turns out this is very easy to do. All you need is Outlook, a simple rule in it, a simple PowerShell script and Outlook macro.

Here’s how this all works:

  1. You set up an Outlook rule to check for incoming email with a specific keyword (e.g. $PowerShell$) in the subject and sent from your specific email address.
  2. You send the PowerShell script in the email body and put the keyword in the subject.
  3. The Outlook rule starts an Outlook script and a PowerShell script.
  4. The Outlook script saves the email as a text file and waits for the transcript.
  5. The PowerShell script executes the script exported by Outlook.
  6. Outlook sends the result back.

That is it!

No to the details on how to set this up!
1. Outlook script:
a. In Outlook (I am using 2007 but this should work on the previous ones just fine), click Tools/Macro/Visual Basic Editor.
b. Paste this script into the editor:

' (C) Dmitry Sotnikov
' https://dmitrysotnikov.wordpress.com
' Add this to your Outlook macros project
' Then associate SaveAsText with a rule procesing
' emails from your address with a keyword in subject

' This is to have a Sleep function in Outlook
Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)

' The main function saving the script email as text
' and sending back the transcript
Sub SaveAsText(MyMail As MailItem)
    ' Export email (with PowerShell script in body) as a text file
    MyMail.SaveAs "c:\scripts\outlook.ps1", olTXT
    
    ' Create a response email
    Dim reMail As Outlook.MailItem
    Set reMail = MyMail.Reply
    
    ' wait till transcript is available
    Set fs = CreateObject("Scripting.FileSystemObject")
    While Not fs.FileExists("C:\Scripts\email_transcript.txt")
        Sleep 1000
    Wend
    
    ' attach the transcript and send it back
    reMail.Attachments.Add "C:\Scripts\email_transcript.txt"
    reMail.Send
End Sub

c. Close the Editor.

2. Create a PowerShell script which processes the script (removes the message header, executes, saves transcript). I called it execute_email.ps1 and saved to c:\scripts. Here’s the script:

# (C) Dmitry Sotnikov
# https://dmitrysotnikov.wordpress.com
# This is a PowerShell companion script for Outlook
# macro processing PowerShell commands from email

# Delete any previous transcripts and start a new one
Remove-Item "c:\Scripts\email_transcript.txt" -ErrorAction SilentlyContinue
Start-Transcript "c:\Scripts\email_transcript_temp.txt"

# wait till Outlook saves the script email
while ( -not (Test-Path "c:\Scripts\outlook.ps1")) {
    Start-Sleep -Seconds 1
}

# Read the script, skip the header lines, execute the rest
Get-Content "c:\Scripts\outlook.ps1" | Where { $i++ -gt 4 } > "c:\Scripts\justscript.ps1"
. "c:\Scripts\justscript.ps1"

# Remove the old script
Remove-Item "c:\Scripts\outlook.ps1" -ErrorAction SilentlyContinue
Remove-Item "c:\Scripts\justscript.ps1" -ErrorAction SilentlyContinue

# Stop transcript and make it available for Outlook to send back
Stop-Transcript
Rename-Item "c:\Scripts\email_transcript_temp.txt" -NewName "email_transcript.txt"

3. Create a cmd file which starts PowerShell and executes the script. I called it execute_email.cmd, saved to the same folder c:\scripts and it just have one single line:
powershell.exe "c:\scripts\execute_email.ps1"

4. In Outlook click Tools/Rules and Alerts and create the rule, which executes the Outlook macro and the cmd:

Outlook rule to export PowerShell script, execute it, and send back the transcript

You have just created a remote execution system working from any phone or internet kiosk!

Let’s test it. For example, let’s say I need to add someone to a group. I just send the script to my email address:

A sample email with a PowerShell script

Outlook at my desk gets the email, saves it as text, kicks PowerShell execution, and sends me back the transcript.

Just make sure you change the keyword for something no one can guess, take your smartphone with you and go home. There’s no need to be sitting by your desk anymore. 😉

Acknowledgments: this is based on a great Lifehacker forum post on shutting down a computer based on a message. They also have posts on using other email clients such as Thunderbird or Mac Mail.app.

For your convenience I am also attaching the script files:

[UPDATE] Important: Just to make it clear: return address does not guarantee security and can be easily faked. Make sure you keep the keyword in secret or implement other means of additional protection – see one of my comments below. (So weird that Outlook does not allow to execute rules only if the email signature is verified. This could be another additional way to protect the system.)

[UPDATE 2] There’s also now a commercial alternative solution – PowerGUI Pro MobileShell – which gives in-browser PowerShell prompt from any computer or mobile device to a server in your IT environment.

Tags: , , ,


My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

September 2019
M T W T F S S
« Oct    
 1
2345678
9101112131415
16171819202122
23242526272829
30  
Advertisements

%d bloggers like this: