From 7d59210d059d5667735771c3b1bb3b39559a97e0 Mon Sep 17 00:00:00 2001 From: si458 Date: Wed, 6 Nov 2024 15:37:26 +0000 Subject: [PATCH] swap powershell write to command instead Signed-off-by: si458 --- agents/meshcore.js | 2 +- agents/modules_meshcore/computer-identifiers.js | 17 +++++++++-------- agents/modules_meshcore/win-info.js | 5 ++--- agents/recoverycore.js | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index f5bf7da6..71666955 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -249,7 +249,7 @@ function lockDesktop(uid) { case 'win32': { var options = { type: 1, uid: uid }; - var child = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'RunDll32.exe user32.dll,LockWorkStation'], options); + var child = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'RunDll32.exe user32.dll,LockWorkStation'], options); child.waitExit(); } break; diff --git a/agents/modules_meshcore/computer-identifiers.js b/agents/modules_meshcore/computer-identifiers.js index ddebf8b7..23b624f5 100644 --- a/agents/modules_meshcore/computer-identifiers.js +++ b/agents/modules_meshcore/computer-identifiers.js @@ -431,11 +431,12 @@ function windows_volumes() p1._p2 = p2; p2._p1 = p1; - var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']); + var cmd = '"Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation"'; + var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd]); p1.child = child; child.promise = p1; child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); }); - child.stdin.write('Get-Volume | Select-Object -Property DriveLetter,FileSystemLabel,FileSystemType,Size,SizeRemaining,DriveType | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n'); + child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); }); child.on('exit', function (c) { var a, i, tokens, key; @@ -466,12 +467,13 @@ function windows_volumes() var ret = j.r; var tokens = j.t; - var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-']); + var cmd = '"Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation"'; + var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd]); p2.child = child; child.promise = p2; child.tokens = tokens; child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); }); - child.stdin.write('Get-BitLockerVolume | Select-Object -Property MountPoint,VolumeStatus,ProtectionStatus | ConvertTo-Csv -NoTypeInformation\r\nexit\r\n'); + child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); }); child.on('exit', function () { var i; @@ -486,7 +488,7 @@ function windows_volumes() ret[key].protectionStatus = tokens[2].split('"')[1]; try { var foundIDMarkedLine = false, foundMarkedLine = false, identifier = '', password = ''; - var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {}); + var keychild = require('child_process').execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'manage-bde -protectors -get ', tokens[0].split('"')[1], ' -Type recoverypassword'], {}); keychild.stdout.str = ''; keychild.stdout.on('data', function (c) { this.str += c.toString(); }); keychild.waitExit(); var lines = keychild.stdout.str.trim().split('\r\n'); @@ -801,13 +803,12 @@ function hexToAscii(hexString) { function win_chassisType() { // needs to be replaced with win-wmi but due to bug in win-wmi it doesnt handle arrays correctly - var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {}); + var cmd = '"Get-CimInstance Win32_SystemEnclosure | Select-Object -ExpandProperty ChassisTypes"'; + var child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd], {}); if (child == null) { return ([]); } child.descriptorMetadata = 'process-manager'; child.stdout.str = ''; child.stdout.on('data', function (c) { this.str += c.toString(); }); child.stderr.str = ''; child.stderr.on('data', function (c) { this.str += c.toString(); }); - child.stdin.write('Get-CimInstance Win32_SystemEnclosure| Select-Object -ExpandProperty ChassisTypes\r\n'); - child.stdin.write('exit\r\n'); child.waitExit(); try { return (parseInt(child.stdout.str)); diff --git a/agents/modules_meshcore/win-info.js b/agents/modules_meshcore/win-info.js index dcb8ff43..1035e971 100644 --- a/agents/modules_meshcore/win-info.js +++ b/agents/modules_meshcore/win-info.js @@ -243,12 +243,11 @@ function installedApps() function defender(){ var promise = require('promise'); var ret = new promise(function (a, r) { this._resolve = a; this._reject = r; }); - ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', '-'], {}); + var cmd = '"Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON"'; + ret.child = require('child_process').execFile(process.env['windir'] + '\\System32\\WindowsPowerShell\\v1.0\\powershell.exe', ['powershell', '-noprofile', '-nologo', '-command', cmd], {}); ret.child.promise = ret; ret.child.stdout.str = ''; ret.child.stdout.on('data', function (c) { this.str += c.toString(); }); ret.child.stderr.str = ''; ret.child.stderr.on('data', function (c) { this.str += c.toString(); }); - ret.child.stdin.write('Get-MpComputerStatus | Select-Object RealTimeProtectionEnabled,IsTamperProtected | ConvertTo-JSON\r\n'); - ret.child.stdin.write('exit\r\n'); ret.child.on('exit', function (c) { if (this.stdout.str == '') { this.promise._resolve({}); return; } var abc = JSON.parse(this.stdout.str.trim()) diff --git a/agents/recoverycore.js b/agents/recoverycore.js index 5d9f13bc..f52332cd 100644 --- a/agents/recoverycore.js +++ b/agents/recoverycore.js @@ -870,7 +870,7 @@ function onTunnelControlData(data, ws) { if (process.platform == 'win32') { MeshServerLog("Locking remote user out of desktop", ws.httprequest); var child = require('child_process'); - child.execFile(process.env['windir'] + '\\system32\\cmd.exe', ['/c', 'RunDll32.exe user32.dll,LockWorkStation'], { type: 1 }); + child.execFile(process.env['windir'] + '\\system32\\cmd.exe', ['cmd', '/c', 'RunDll32.exe user32.dll,LockWorkStation'], { type: 1 }); } } catch (e) { } break;