swap powershell write to command instead

Signed-off-by: si458 <simonsmith5521@gmail.com>
2024-11-06 15:37:26 +00:00 · 2024-11-06 15:37:26 +00:00 · 7d59210d05
parent fc387ca417
commit 7d59210d05
4 changed files with 13 additions and 13 deletions
--- a/agents/meshcore.js
+++ b/agents/meshcore.js
@ -249,7 +249,7 @@ function lockDesktop(uid) {
        case 'win32':
            {
                var options = { type: 1, uid: uid };
-                var child = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'RunDll32.exe user32.dll,LockWorkStation'], options);
+                var child = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'RunDll32.exe user32.dll,LockWorkStation'], options);
                child.waitExit();
            }
            break;
--- a/agents/modules_meshcore/computer-identifiers.js
+++ b/agents/modules_meshcore/computer-identifiers.js
@ -431,11 +431,12 @@ function windows_volumes()
    p1._p2 = p2;
    p2._p1 = p1;

-    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']);
+    var cmd = '"Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation"';
+    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd]);
    p1.child = child;
    child.promise = p1;
    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-    child.stdin.write('Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n');
+    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
    child.on('exit', function (c)
    {
        var a, i, tokens, key;
@ -466,12 +467,13 @@ function windows_volumes()
        var ret = j.r;
        var tokens = j.t;

-        var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']);
+        var cmd = '"Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation"';
+        var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd]);
        p2.child = child;
        child.promise = p2;
        child.tokens = tokens;
        child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
-        child.stdin.write('Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n');
+        child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
        child.on('exit', function ()
        {
            var i;
@ -486,7 +488,7 @@ function windows_volumes()
                    ret[key].protectionStatus = tokens[2].split('"')[1];
                    try {
                        var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = '';
-                        var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {});
+                        var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {});
                        keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); });
                        keychild.waitExit();
                        var lines = keychild.stdout.str.trim().split('\r\n');
@ -801,13 +803,12 @@ function hexToAscii(hexString) {
 function win_chassisType()
 {
    // needs to be replaced with win-wmi but due to bug in win-wmi it doesnt handle arrays correctly
-    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    var cmd = '"Get-CimInstance Win32_SystemEnclosure | Select-Object -ExpandProperty ChassisTypes"';
+    var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd], {});
    if (child == null) { return ([]); }
    child.descriptorMetadata = 'process-manager';
    child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); });
    child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); });
-    child.stdin.write('Get-CimInstance Win32_SystemEnclosure| Select-Object -ExpandProperty ChassisTypes\r\n');
-    child.stdin.write('exit\r\n');
    child.waitExit();
    try {
        return (parseInt(child.stdout.str));
--- a/agents/modules_meshcore/win-info.js
+++ b/agents/modules_meshcore/win-info.js
@ -243,12 +243,11 @@ function installedApps()
 function defender(){
    var promise = require('promise');
    var ret = new promise(function (a, r) { this._resolve = a; this._reject = r; });
-    ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {});
+    var cmd = '"Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON"';
+    ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd], {});
    ret.child.promise = ret;
    ret.child.stdout.str = ''; ret.child.stdout.on('data', function (c) { this.str += c.toString(); });
    ret.child.stderr.str = ''; ret.child.stderr.on('data', function (c) { this.str += c.toString(); });
-    ret.child.stdin.write('Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON\r\n');
-    ret.child.stdin.write('exit\r\n');
    ret.child.on('exit', function (c) { 
        if (this.stdout.str == '') { this.promise._resolve({}); return; }
        var abc = JSON.parse(this.stdout.str.trim())
--- a/agents/recoverycore.js
+++ b/agents/recoverycore.js
@ -870,7 +870,7 @@ function onTunnelControlData(data, ws) {
                    if (process.platform == 'win32') {
                        MeshServerLog("Locking remote user out of desktop", ws.httprequest);
                        var child = require('child_process');
-                        child.execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'RunDll32.exe user32.dll,LockWorkStation'], { type: 1 });
+                        child.execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'RunDll32.exe user32.dll,LockWorkStation'], { type: 1 });
                    }
                } catch (e) { }
                break;