1 2 3 4 5 6 7 8 9 10 11 12 13 | Get-EventLog -LogName Application | ForEach-Object { [PSCustomObject]@{ Time = $_.TimeGenerated LogonType = $_.ReplacementStrings[8] Process = $_.ReplacementStrings[9] Domain = $_.ReplacementStrings[5] User = $_.ReplacementStrings[6] Method = $_.ReplacementStrings[10] Source = $_.Source } } | Out-GridView |
Crear un proyecto en Visual C# Biblioteca de Clase (.NET Framework) Importar desde Microsoft Visual C# la referencia al ensamblado System.Management.Automation (C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll) Añadir el siguiente código en PowerShell a Visual Studio C# y compilar la solución
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | using System; using System.Management.Automation; // Windows PowerShell namespace. namespace PowerSh { public class PowerSh { public static void CrearUsuario() { //Create a PowerShell object. PowerShell ps = PowerShell.Create(); //New-LocalUser usuario -Password (ConvertTo-SecureString "11234aaadsf" -asplaintext -force) ps.AddScript("New-LocalUser usuario -Password (ConvertTo-SecureString '11234aaadsf' -asplaintext -force)"); IAsyncResult result = ps.BeginInvoke(); // do something else until execution has completed. // this could be sleep/wait, or perhaps some other work while (result.IsCompleted == false) { } } // End Main. } // End HostPs1. } |
La dll compilada se encuentra en la carpeta bin Llamar a la dll creada desde PowerShell
1 2 | [Reflection.Assembly]::LoadFile("C:\Users\juan\source\repos\ClassLibrary1\ClassLibrary1\bin\Debug\ClassLibrary1.dll") [PowerSh.PowerSh]::CrearUsuario() |
Forkstat is a program that logs process fork(), exec() and exit() activity. It is useful for monitoring system behaviour and to track down rogue processes that are spawning off processes and potentially abusing the system. Note that forkstat uses the Linux netlink connector to gather process activity and this may miss events if the system is overly busy. Netlink connector also requires root privilege. forkstat command line options: -d strip off the directory path from the process name -D specify run duration in seconds. -e select which events to monitor. -h show brief help summary -l set stdout to line-buffered […]
Programa que crea la zona de memoria compartida y almacena un valor
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 | $codigo = ' #ifndef _SVID_SOURCE #define _SVID_SOURCE #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/shm.h> #include <sys/sem.h> #include <sys/ipc.h> #endif typedef struct { int num1; }zona_mem1; int main (void) { //Declaración de variables key_t clave1; //clave de acceso a la memoria 1 int shmid1; //identificador de la zona de memoria 1 zona_mem1 *pmem1; //Puntero a la 1 zona de memoria int comprobar; //variable que me indica la posibilidad de error en la llamada a funciones! char opc; //indicación de continuación de programa o terminación clave1 = ftok(".",''s''); //Creación de zona_mem1 shmid1 = shmget(clave1,sizeof(zona_mem1),IPC_CREAT | 0660); if(shmid1 !=-1) { printf("Zona de memoria 1 creada OK! con identificador %d \n", shmid1); } else { printf("ERROR al crear zona de memoria 1 !! \n"); exit(1); } //He obtenido los recursos que necesito, vinculo el proceso con la zona de memoria!! pmem1 = shmat(shmid1,0,0); if(pmem1 == -1) { printf("Error al vincular el proceso a la zona de memoria 1! \n"); exit(1); } pmem1 -> num1 = ' + $(Read-Host "Valor") + '; //Mantengo en ejecución al programa padre para dar tiempo a leer do { printf("Desea Terminar?? S/N \n"); scanf("%s", &opc); if(opc == "s") { //Elimino las zonas de memoria!! comprobar = shmctl (shmid1, IPC_RMID,0); if(comprobar == -1) { printf("ERROR al eliminar la 1 zona de memoria!! \n"); exit(1); } else { printf("Zona de memoria 1 eliminada OK !!\n"); } } }while(opc !="s"); }' $codigo | Out-File escritor.c wsl cat escritor.c bash -c "iconv escritor.c -f UTF-16 -t UTF-8 > escritors.c" wsl gcc escritors.c -o escritor wsl "./escritor" |
Zona de memoria creada Programa que lee un valor en la zona de memoria compartida
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | $codigo = ' #ifndef SOURCE #define SOURCE #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/ipc.h> #include <sys/sem.h> #include <sys/shm.h> #endif typedef struct { int num1; }zona_mem1; int main (void) { //Declaración de variables key_t clave1; //clave de acceso a la memoria 1 int shmid1; //identificador de la zona de memoria 1 zona_mem1 *pmem1; //Puntero a la 1 zona de memoria int comprobar; //variable que me indica la posibilidad de error en la llamada a funciones! char opc; //indicación de continuación de programa o terminación //Algoritmo de programa lector.c clave1 = ftok(".",''s''); //Creación de zona_mem1 shmid1 = shmget(clave1,sizeof(zona_mem1),0); if(shmid1 !=-1) { printf("Zona de memoria 1 creada OK! con identificador %d \n", shmid1); } else { printf("ERROR al crear zona de memoria 1 !! \n"); exit(1); } //He obtenido los recursos que necesito, vinculo el proceso con la zona de memoria!! pmem1 = shmat(shmid1,0,0); if(pmem1 == -1) { printf("Error al vincular el proceso a la zona de memoria 1! \n"); exit(1); } else { printf("%d",pmem1 -> num1); } }' $codigo | Out-File lector.c wsl cat lector.c bash -c "iconv lector.c -f UTF-16 -t UTF-8 > lectors.c" wsl gcc lectors.c -o lector wsl "./lector" |
1 2 3 4 5 6 7 8 9 10 11 | # Invoke-WebRequest : Anulada la solicitud: No se puede crear un canal seguro SSL/TLS # https://www.jesusninoc.com/2018/02/19/invoke-webrequest-anulada-la-solicitud-no-se-puede-crear-un-canal-seguro-ssl-tls/ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $url="https://github.com/jesusninoc/scripting-and-security-1/blob/master/Acortar%20una%20frase.md" $result = Invoke-WebRequest $url # Buscar el div class que tiene el script # $result.AllElements | Where Class -Match “highlight highlight” | %{$_.innerText} | iex $result.AllElements | Where Class -Match "highlight highlight-source-powershell" | %{$_.innerText} | iex |
Resultado Script en Github Código con DevTools de Google Chrome
Fichero principal index.js
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | // Para realizar el siguiente código se ha utilizado el enlace: https://codeburst.io/build-a-weather-website-in-30-minutes-with-node-js-express-openweather-a317f904897b // Importante, instalar: // EJS (Embedded JavaScript) // npm install ejs --save // Express // npm install --save express const express = require('express'); // Body-parser // npm install body-parser --save const bodyParser = require('body-parser'); // Node-powershell // npm i -S node-powershell const shell = require('node-powershell'); const app = express(); // Cargar el CSS y el fichero EJS /* |-- process |-- views |-- index.ejs |-- public |-- css |-- style.css |-- package.json |-- index.js */ app.use(express.static('public')); app.set('view engine', 'ejs') // Cargar el fichero index.ejs, que contiene el siguiente código /* <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Test</title> <link rel="stylesheet" type="text/css" href="/css/style.css"> </head> <body> <div class="container"> <fieldset> <form action="/" method="post"> <input name="process" type="text" class="ghost-input" placeholder="Enter a Process" required> <input type="submit" class="ghost-button" value="Show process"> </form> </fieldset> </div> </body> </html> */ // Aceptar respuestas app.use(bodyParser.urlencoded({ extended: true })); // Mostrar la web con petición GET app.get('/', function (req, res) { res.render('index'); }) // Código que se va a añadir en la respuesta para seguir pidiendo procesos let codigo = '<!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Test</title> <link rel="stylesheet" type="text/css" href="/css/style.css"> </head> <body> <div class="container"> <fieldset> <form action="/" method="post"> <input name="process" type="text" class="ghost-input" placeholder="Enter a Process" required> <input type="submit" class="ghost-button" value="Show process"> </form> </fieldset> </div> </body></html>'; // Preparar la petición a PowerShell let ps = new shell({ executionPolicy: 'Bypass', noProfile: true }); // Mostrar la petición POST y devolver la ejecución del comando sobre el que se quiere obtener información app.post('/', function (req, res) { ps.addCommand('Get-Process -name ' + req.body.process + ' | ConvertTo-Html -Property Name, Path, Company') ps.invoke() .then(output => { res.send(codigo+output); }) .catch(err => { console.log(err); ps.dispose(); }); }) // Dejar el servidor en el puerto 3000 app.listen(3000, function () { console.log('Example app listening on port 3000!') }) |
Fichero index.ejs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Test</title> <link rel="stylesheet" type="text/css" href="/css/style.css"> </head> <body> <div class="container"> <fieldset> <form action="/" method="post"> <input name="process" type="text" class="ghost-input" placeholder="Enter a Process" required> <input type="submit" class="ghost-button" value="Show process"> </form> </fieldset> </div> </body> </html> |
Fichero style.css
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 | /* Styles from this codepen: https://codepen.io/official_naveen/pen/rgknI */ body { width: 800px; margin: 0 auto; font-family: 'Open Sans', sans-serif; } .container { width: 600px; margin: 0 auto; } fieldset { display: block; -webkit-margin-start: 0px; -webkit-margin-end: 0px; -webkit-padding-before: 0em; -webkit-padding-start: 0em; -webkit-padding-end: 0em; -webkit-padding-after: 0em; border: 0px; border-image-source: initial; border-image-slice: initial; border-image-width: initial; border-image-outset: initial; border-image-repeat: initial; min-width: -webkit-min-content; padding: 30px; } .ghost-input, p { display: block; font-weight:300; width: 100%; font-size: 25px; border:0px; outline: none; width: 100%; -webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box; color: #4b545f; background: #fff; font-family: Open Sans,Verdana; padding: 10px 15px; margin: 30px 0px; -webkit-transition: all 0.1s ease-in-out; -moz-transition: all 0.1s ease-in-out; -ms-transition: all 0.1s ease-in-out; -o-transition: all 0.1s ease-in-out; transition: all 0.1s ease-in-out; } .ghost-input:focus { border-bottom:1px solid #ddd; } .ghost-button { background-color: transparent; border:2px solid #ddd; padding:10px 30px; width: 100%; min-width: 350px; -webkit-transition: all 0.1s ease-in-out; -moz-transition: all 0.1s ease-in-out; -ms-transition: all 0.1s ease-in-out; -o-transition: all 0.1s ease-in-out; transition: all 0.1s ease-in-out; } .ghost-button:hover { border:2px solid #515151; } p { color: #E64A19; } |
Ejecución Resultado
Node-PowerShell taking advantage of two of the simplest, effective and easy tools that exist in the today technology world. On the one hand, NodeJS which made a revolution in the world of javascript, and on the other hand, PowerShell which recently came out with an initial open-source, cross-platform version, and by connecting them together, gives you the power to create any solution you were asked to, no matter if you are a programmer, an IT or a DevOps guy. https://www.npmjs.com/package/node-powershell
1 2 3 | $url = "https://www.jesusninoc.com/2018/05/13/get-rss-feed-from-jesusninoc-com-new-version/" $result = Invoke-WebRequest $url $result.Images.src | %{Start-BitsTransfer -Source $_} |
1 2 3 | Write-EventLog -LogName "Application" -Source "Microsoft-Windows-User-Loader" -EventID 916 -EntryType Information -Message "Mensaje ejemplo" -Category 2 -RawData 10,20 Get-EventLog -LogName "Application" -Source "Microsoft-Windows-User-Loader" |
