Special Characters and passwords

[BrandonD]

I have a script running originally on Server 2012 R2 that had stopped working. Essentially the script will launch Quickbooks, enter in the password for the company file, and launch the file in multi user mode. This script had been working just fine up until a couple months ago.

The way the script works is that it keys in the password in two parts, first the initial part of the password, and then the special character.

As it sits currently, the script now only enters in the special character, and the script fails.

The script is added below (I have masked the password and company file name with *'s) :

#ce ----------------------------------------------------------------------------
#Include <Array.au3>
#Include <WinAPIEx.au3>
#include <MsgBoxConstants.au3>
#requireadmin
$pass = "********" ;password without '!' symbol

$prompt = MsgBox(1,"Auto-launch", "Auto launch starting in: 20 seconds.  Press cancel to abort", 20)
If $prompt = 1 or $prompt = -1 Then
   WinMinimizeAll();Minimize all open windows
   _launchQB()
   _launchacowin()
   Run("rundll32.exe user32.dll,LockWorkStation") ; Lock user session
ElseIf $prompt = 2 Then
   MsgBox("","Auto-launch","aborted")
   Exit
EndIf

Func _launchQB();Launch Quickbooks
   $iPID = Run('"C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32EnterpriseContractor.exe" -QFM Q:\*******.QBW -NoShowLoadingQBWnd') ;Launch quickbooks using correct datafile
   sleep(10000)
   $update = WinWait("[CLASS:MauuiMessage]","",20) ;Check if qb prompts for update
      if $update <> 0 Then ;if update prompt
         $hWnd = WinGetHandle("[CLASS:MauuiMessage]")
         WinClose($hWnd) ;close window and proceed
      EndIf
   $login = WinWait("[CLASS:MauiForm]","",20) ; wait for login prompt
   $hWnd = WinGetHandle("[CLASS:MauiForm]") ;find login form
   WinActivate($hWnd) ; activate login form
   ControlSend($hWnd,"","[CLASS:Edit; INSTANCE:2]",$pass) ; activate password textbox and send password
   Send("{!}");send special symbol
   WinActivate($hWnd)
   Send("{enter}") ; send enter key after password entered
   sleep(10000)
   $hWnd3 = WinGetHandle("[CLASS:MauiFrame]")
   WinSetState($hWnd3,"",@SW_MINIMIZE) ;minimize QB
   sleep(5000)
EndFunc

Func _launchacowin() ;Launch acowin
   $iPID = Run("C:\Program Files (x86)\Acowin\LicenseMgr.exe","C:\Program Files (x86)\Acowin") ; Launch acowin *must give in start in path or app will error
   sleep(5000)
   $login2 = WinWait("[CLASS:WindowsForms10.Window.8.app.0.141b42a_r12_ad1]","",30) ; wait for Acowin window
   $hWnd4 = WinGetHandle("Acowin License Manager","") ; Activate Acowin Window
   WinActivate($hWnd4) ;Activate Acowin window
   $hWnd5 = ControlGetHandle($hWnd4,"","[NAME:button_qb_connect]"); find "Connect to QB" button
   WinActivate($hWnd5) ;Activate Window
   ControlClick($hWnd4, "", "[NAME:button_qb_connect]") ; Press "Connect to QB" button
   WinSetState($hWnd4, "", @SW_MINIMIZE) ;minimize QB
EndFunc

 

_____

Any help would be most appreciated

Thanks!

Brandon

[BigDaddyO]

your password is sent using ControlSend() and the special symbol is sent with just a Send()

So, i'm assuming you need to verify that the $hWnd is actually being returned when you use WinGetHandle with some actual error checking and maybe double check with the Au3Info tool to make sure the Class:edit instance 2 is still valid.

[Confuzzled]

Off topic about password management, but a STRONG warning that usually hard coding a plain text password into your code is VERY, VERY bad security. It will come back to bite you HARD, especially if somebody else changes the QuickBooks password and your code does not work any more, you edit your source code, and then leave it lying around for nefarious types to find it. System dumps and logs may also have traces left in them for casual perusal. Where do you keep the AutoIt source code, in case you are hit by a bus? GitHub, for all the world to see?

Does the enterprise version of QuickBooks have facilities to do what you need without having to launch it with an AutoIt wrapper? If not, maybe ask for it as a feature in their next version. I'm sure you are not the first person needing this type of functionality. Their security folks will have a more secure approach to storing the password securely, rather than plain text.

I know I haven't helped answer your code question, but maybe the question you are asking about is not the question that is appropriate for your organisation. Hackers do not sleep and search engines such as Shodan can make skript kiddies lives very easy to hack you. Hindsight can be a harsh teacher!

[BrandonD]

I understand the security risks associated with having the passwords in plain text, especially for those who seek to infiltrate the network. They basically want automation in the event of server reboots. If there is a better way to achieve this securely I am all for it.