Jump to content
Duck

Capturing PSEXEC's command line output

Recommended Posts

Duck

I'm attempting to capture the output from the command line tool PSEXEC. I'm using AutoIT to run an instance of PSEXEC against a remote PC to audit Local Admins in my environment using net.exe (C:\Windows\System32> net localgroup administrators). However the usual trick I use to capture command line output does not appear to work well with PSEXEC, as the bottom portion of the output is missing from the return. Any ideas or recommendations are greatly appreciated.  

 

Here is what I'm working with: 

;This script will read from a list of hosts and report who has local admin privileges on the machine
#RequireAdmin

Global $fileName = @ScriptDir & '\test.txt' ;hostlist, one host per line

readHostList()

;Read list of hosts
Func readHostList()
    Local $file = FileOpen($fileName, 0)

    While 1
        $line = FileReadLine($file)
        If @error = -1 Then ExitLoop
        ConsoleWrite($line & @CRLF)
        ;MsgBox(0,0,$line)
        getLocalAdmins($line)
    WEnd

    FileClose($file)
EndFunc

;run PSEXEC to list local admins
Func getLocalAdmins($remotePC)
    Local $testFile = @ScriptDir &'\test234.txt'
    FileOpen($testFile, 1)
    Local $psexec = 'psexec \\' & $remotePC & ' net localgroup administrators'
    FileWriteLine($testFile, _RunCmd($psexec) )
    FileClose($testFile)
EndFunc

;Used to return CLI output
Func _RunCmd($sCommand)
    Local $nPid = Run(@Comspec & " /c" & $sCommand, @SystemDir, @SW_Hide, 8), $sRet = ""
    If @Error then Return "ERROR:" & @ERROR
    ProcessWait($nPid)
    While 1
        $sRet &= StdoutRead($nPID)
        If @error Or (Not ProcessExists ($nPid)) Then ExitLoop
    WEnd

    Return $sRet
EndFunc

 

## If i manually run the command on the remote PC via PSEXEC I will get the following output: 

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Starting net on PCNAME... on PCNAME...
net exited on PCNAME with error code 0.

-------------------------------------------------------------------------------
admin
Administrator
Alias name     administrators
Domain\Domain Admins
Comment        Administrators have complete and unrestricted access to the computer/domain
Members
The command completed successfully.

 

## The returned output from running the above script is as follows:

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Alias name     administrators
Connecting to PCNAME...

Starting PSEXESVC service on PCNAME...

Connecting with PsExec service on PCName...

Starting net on PCNAME..

net exited on PCNAME with error code 0.

 

**Note to test this script PSEXEC must be in the system dir or the path in the script changed 
PSEXEC tool: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Share this post


Link to post
Share on other sites
benched42

What if  you pipe your PSEXEC command to a text file and then parse the text file?

Local $psexec = 'psexec \\' & $remotePC & ' net localgroup administrators > C:\temp\textout.txt'


Who lied and told you life would EVER be fair?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • nacerbaaziz
      By nacerbaaziz
      Hi dear
      With this script you can print Unicode text in the CMD screen
      the script is  easy to use
      just you  write the text that contains Unicode in the first input
      and the script automatically reflect the code in the second input
       you can copy the text to the clipboard
      or you can try printing the text in the CMD window
      I apologize to everyone for colors and shape if not appropriate
      I'm a blind man and I do not see
      Thank you for your understanding
      Greetings to all of youCmdUtM.au3
    • Simpel
      By Simpel
      Hi.
      Thanks to this post (https://www.autoitscript.com/forum/topic/189553-writing-to-cmd/?do=findComment&comment=1361142) I can now write a helpfile to the cmd when for instance passing parameter -h or -help at cmd. But then cmd is blocked by the script (I had to free it with CTRL+BREAK):
      #include <WinAPI.au3> _WinAPI_AttachConsole() $hConsole = _WinAPI_GetStdHandle(1) _WinAPI_WriteConsole($hConsole, "Print helpfile................" & @CRLF) Inside MSDN Library then I found this sentence: A process can use the FreeConsole function to detach itself from its console.
      But I don't find something like _WinAPI_FreeConsole(). How can I do it in another way?
      Regards, Conrad
    • TheAutomator
      By TheAutomator
      A fullscreen console with custom commands!

      Introduction:
      Hi everyone!
      This funny project started as a question in the help section:
      https://www.autoitscript.com/forum/topic/174404-edit-detect-key-before-updating-content/
      I'd like to share this script with everyone that is interested. 
       
      Why would I want it?
      You like the old style fullscreen console (like in the old day's), You can add custom commands, You can customize the font a lot more compared to cmd.exe, You can share ideas or add tweaks to the script.  
      Still to do:
      Write a simple custom programming language to implement this tool. Writing a little help file / pdf to describe my little programming language. Add little sound effects like a beep if there is a syntax error (optional). Clean up and modify Console.Au3 content. Add an option to have to type a login password (optional). Make an optional installer that also gives scripts for this tool a custom icon and open with command. ...Call Neo?  
      Thanks to:
      xxaviarxx: debugging, some ideas. jguinch: debugging, adding a bunch of tweaks and ideas. kylomas: debugging, new ideas.  
      Edits and updates:
      Added usage of tab key in edit control Edit has focus now on startup I'm currently rewriting a simple custom programming language to implement this tool.  
      UDF download: Console.au3
       
      Regards
      TheAutomator
    • hcI
      By hcI
      Hello I would like to know if there is a way to return a sentence in cmd when I launch from it (because I add arguments).
      For example, diskpart.exe which help to manage the key and hdd connected, when you launch it with the parameter "/f" the app return a sentence saying that it don't recognize the parameter "/f" and it return the sentence in the cmd where i started the application, not a new one.
      That's what I want to do but I couldn't find anything that would solve my problem on internet and on AutoIt like ConsoleWrite / ConsoleWriteError (don't work).
       
      Thanks
    • luckyluke
      By luckyluke
      Hello,
      Im trying to read the output from CMD using Dllcall, here is my code:
      #include <WinAPI.au3> #include <array.au3> Global Const $STD_OUTPUT_HANDLE = -11 Global Const $_CONSOLE_SCREEN_BUFFER_INFO = _ "struct;int dwSizeX;" & _ "short dwSizeY;" & _ "short dwCursorPositionX;" & _ "short dwCursorPositionY;" & _ "short wAttributes;" & _ "short Left;" & _ "short Top;" & _ "short Right;" & _ "short Bottom;" & _ "short dwMaximumWindowSizeX;" & _ "short dwMaximumWindowSizeY;endstruct" $pCmd = Run( "cmd.exe" ) Sleep(1000) $hCmd = WinGetHandle("") ConsoleWrite('handle:' & $hCmd & @CRLF) $aRet = DllCall("kernel32.dll", "int", "AttachConsole", "dword", $pCmd) ;_ArrayDisplay($aRet) If $aRet[0] <> 0 Then $vHandle_data='' $vHandle='' $vHandle_data = DllStructCreate($_CONSOLE_SCREEN_BUFFER_INFO) ; Screen Buffer structure $aRet1 = DllCall("kernel32.dll", "hwnd", "GetStdHandle", "dword", $STD_OUTPUT_HANDLE) if not @error Then $vHandle = $aRet1[0] $aRet = DllCall("kernel32.dll", "int", "GetConsoleScreenBufferInfo", "hwnd", $vHandle, _ "ptr", $vHandle_data) MsgBox(0, '1',DllStructGetData($vHandle_data, 'dwSizeX') & _WinAPI_GetLastErrorMessage()) EndIf It did not work, i got the message 'The handle is invalid'. Please help?
      Thank you in advance!
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.