From 98947471df4cbd642798d2e5502e74117ca3dfde Mon Sep 17 00:00:00 2001 From: Brian Olson Date: Mon, 26 Sep 2016 17:14:39 -0400 Subject: [PATCH] python wrapper for powershell scripts Adding the wrapper from the grr-users group for archival sake. Thanks for sharing! --- admin.adoc | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/admin.adoc b/admin.adoc index 0fb5441..003ed03 100644 --- a/admin.adoc +++ b/admin.adoc @@ -870,6 +870,46 @@ viewable in the Manage Binaries section of the Admin UI. The ExecutePythonHack Flow is provided for executing the file on a client. +Below is an example python wrapper for powershell scripts: + +[source,shell] +------------------------------------------------------------------------ +import subprocess, os, sys, platform, shlex, threading, time + +''' +To base64 encode powershell script, paste in your commands (at the powershell prompt): + $command = { Powershell commands here } + $bytes = [System.Text.Encoding]::Unicode.GetBytes($command) + $encodedCommand = [Convert]::ToBase64String($bytes) + $command + +Take the output and append to the 'pshell' variable where indicated. +''' + + +ps = 'powershell -NoProfile -NonInteractive -ExecutionPolicy remotesigned -EncodedCommand ' + + +class Waiter(threading.Thread): + active = True + duration = 1200 + + def run(self): + now = time.time() + while self.active and time.time() - now < self.duration: + time.sleep(1) + +waiter = Waiter() + +try: + waiter.start() + print subprocess.check_output(shlex.split(ps)) + +finally: + waiter.active = False + waiter.join() +------------------------------------------------------------------------ + NOTE: Specifying arguments to a PythonHack is possible as well through the py_args argument, this can be useful for making the hack more generic.