Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 05-10-2018, 01:31 AM
Nyber Nyber is offline
Registered User
 
Join Date: May 2018
Posts: 5
Volatile Environment Variable?

Hello,

New user here. Is it possible to script volatile environment variables via vbs script using SecureCRT?

I ask because I would like to store semi-sensitive keyboard data in a non-persistent state. I was wondering if this has been done before I attempt to reinvent the wheel.

Thanks for any help,

Will
Reply With Quote
  #2  
Old 05-10-2018, 10:02 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 816
Setting/Getting environment variables in VBScript works inside SecureCRT the same way that it works outside SecureCRT because:
  1. the script engine is the same and
  2. you're using the WScript.Shell object to do the setting/getting of environment variables.

I've provided some example code below.

Try running the example code:
  • Outside of SecureCRT (using WScript.exe, double-click on the .vbs file w/in the file Explorer or Win+R 'run': Wscript.exe "path_to_this_script_file")
  • Outside of SecureCRT again
  • Inside of SecureCRT (Script > Run)
  • Inside of the same SecureCRT process again.
  • Inside of SecureCRT, after closing SecureCRT and starting a fresh instance.

So, "PROCESS" environment vars are the most secure because they're only accessible within the same process.

"VOLATILE" env variables last only until you log out of Windows.

"USER" env variables are there to stay for your user until you remove/reset them.

"SYSTEM" = "USER", but are available to all users and all processes.


--Jake

Code:
' EnvVarExample_PROCESS_USER_VOLATILE_SYSTEM.vbs

Dim g_shell
Set g_shell = CreateObject("WScript.Shell")

' There are 4 different "Environments":
'   System, User, Volatile, or Process.  For inter-process
'   communication (parent process to child and vice versa),
'   the "Process" environment is used.
Set g_env_prc = g_shell.Environment("PROCESS")
Set g_env_sys = g_shell.Environment("SYSTEM")
Set g_env_usr = g_shell.Environment("USER")
Set g_env_vol = g_shell.Environment("VOLATILE")

strVarName = "VARNAME"
strVarValu = "VARVALUE"

strError = ""

MsgBox _
    "Current values for env variable: " & strVarName & vbcrlf & _
    " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _
    "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _
    "    User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _
    "  System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _
    strError

' Reset the var for all environments:
On Error Resume Next
g_env_prc(strVarName) = ""
g_env_sys(strVarName) = ""
g_env_usr(strVarName) = ""
g_env_vol(strVarName) = ""
On Error Goto 0

MsgBox _
    "All values reset for this variable: " & strVarName & vbcrlf & _
    " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _
    "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _
    "    User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _
    "  System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _
    strError

MsgBox "Setting 'PROCESS' " & strVarName & "=" & strVarValu & "..."
On Error Resume Next
g_env_prc(strVarName) = strVarValu
nError = Err.Number
strErr = Err.Description
On Error Goto 0

If nError <> 0 Then
    strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr
Else
    strError = ""
End If

MsgBox _
    "Values for env variable: " & strVarName & vbcrlf & _
    " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _
    "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _
    "    User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _
    "  System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _
    strError

MsgBox "Setting 'VOLATILE' VARNAME=VARVALU..."
On Error Resume Next
g_env_vol(strVarName) = strVarValu
nError = Err.Number
strErr = Err.Description
On Error Goto 0

If nError <> 0 Then
    strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr
Else
    strError = ""
End If

MsgBox _
    "Values for env variable: " & strVarName & vbcrlf & _
    " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _
    "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _
    "    User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _
    "  System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _
    strError

MsgBox "Setting 'USER' VARNAME=VARVALU..."
On Error Resume Next
g_env_usr(strVarName) = strVarValu
nError = Err.Number
strErr = Err.Description
On Error Goto 0

If nError <> 0 Then
    strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr
Else
    strError = ""
End If

MsgBox _
    "Values for env variable: " & strVarName & vbcrlf & _
    " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _
    "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _
    "    User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _
    "  System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _
    strError

MsgBox "Setting 'SYSTEM' VARNAME=VARVALU..."
On Error Resume Next
g_env_sys(strVarName) = strVarValu
nError = Err.Number
strErr = Err.Description
On Error Goto 0

If nError <> 0 Then
    strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr
Else
    strError = ""
End If

MsgBox _
    "Values for env variable: " & strVarName & vbcrlf & _
    " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _
    "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _
    "    User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _
    "  System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _
    strError
__________________
Jake Devenport
VanDyke Software
Technical Support
support@vandyke.com
http://www.vandyke.com/support
Reply With Quote
  #3  
Old 05-14-2018, 02:56 AM
Nyber Nyber is offline
Registered User
 
Join Date: May 2018
Posts: 5
Jake,

SecureCRT appears to clear on every session. Example.

Test.vbs
Code:
Option Explicit
Dim wshShell,wshSystemEnv,strPassword,nResult
Set wshShell = CreateObject("WScript.Shell")
Set wshSystemEnv = wshShell.Environment("VOLATILE")

If wshShell.ExpandEnvironmentStrings("%PASSVAR%") = "%PASSVAR%" Then
  'If volatile variable is empty then set
  strPassword = InputBox("Enter password", "Password needed")
  wshSystemEnv("PASSVAR") = strPassword
Else
  WScript.Echo wshSystemEnv("PASSVAR")
End If
When running this in Windows you will only set the password once. However, Script > Run in SecureCRT will always prompt.
Reply With Quote
  #4  
Old 05-14-2018, 10:22 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 816
Quote:
Originally Posted by Nyber View Post
SecureCRT appears to clear on every session.
SecureCRT does not "clear on every session"; that's just an illusion -- a magic trick made possible by the magician leveraging a misunderstanding about how the ExpandEnvironmentStrings() is documented to operate. The VOLATILE variables are there, and they're available for SecureCRT to access, but ExpandEnvironmentStrings() cannot see them because it operates on PROCESS variables.
A process's environment variables are inherited from the process's parent (including any that may be VOLATILE). I'm guessing you might have launched SecureCRT *before* launching the .vbs within the Explorer.exe (or CMD.exe) process environment, therefore SecureCRT does not have access to any updated copies of the Explorer.exe-parented (or CMD.exe-parented) PROCESS variables -- unlike when you ran the script outside of SecureCRT. If you had run the .vbs directly w/in Explorer.exe/cmd.exe first, and then launched SecureCRT (from either explorer.exe or cmd.exe, you'd see the desired behavior.

Suggestion: Don't use ExpandEnvironmentStrings() to resolve VOLATILE environment variables. Use a different mechanism to determine whether or not your variable is set/initialized. For example:
Code:
Option Explicit
Dim wshShell,wshSystemEnv,strPassword,nResult
Set wshShell = CreateObject("WScript.Shell")
Set wshSystemEnv = wshShell.Environment("VOLATILE")

' If wshShell.ExpandEnvironmentStrings("%PASSVAR%") = "%PASSVAR%" Then
'   No can do on the above... ExpandEnvironmentStrings() only expands
'   PROCESS variables; not VOLATILE (unless such are inherited from a
'   pareent process in which the VOLATILE variable was already set.
'   To check existence/value of VOLATILE variable, for processes which
'   do not share the same copy of the parent process, use this method:
If wshSystemEnv("PASSVAR") = "" Then
  'If volatile variable is empty then set
  strPassword = InputBox("Enter password", "Password needed")
  wshSystemEnv("PASSVAR") = strPassword
Else
  MsgBox wshSystemEnv("PASSVAR")
End If
--Jake
Attached Images
File Type: png ExpandEnvironmentStrings-is-PROCESS-only.png (54.8 KB, 41 views)
__________________
Jake Devenport
VanDyke Software
Technical Support
support@vandyke.com
http://www.vandyke.com/support
Reply With Quote
  #5  
Old 05-14-2018, 09:26 PM
Nyber Nyber is offline
Registered User
 
Join Date: May 2018
Posts: 5
You rock, Jake!

I just need some basic obfuscation encryption and an encoded .vbe and I'll be happy. I really appreciate your through explanation, it will save me hours of jumpserver redundancy.
Reply With Quote
  #6  
Old 05-15-2018, 09:40 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 816
Quote:
Originally Posted by Nyber View Post
I just need some basic obfuscation encryption and an encoded .vbe and I'll be happy. I really appreciate your through explanation, it will save me hours of jumpserver redundancy.
SecureCRT's Logon Actions functionality didn't meet your needs?
Its not a security best practice to store credentials, but for those who value convenience in an environment where security isn't critical, Logon Actions can be of assistance. Logon Actions are expect/send sequences that are encrypted in Session Options such that they are available to only SecureCRT (and if you use a Configuration Passphrase they are only available to you -- and others who know your configuration passphrase).

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
support@vandyke.com
http://www.vandyke.com/support
Reply With Quote
  #7  
Old 05-15-2018, 06:09 PM
Nyber Nyber is offline
Registered User
 
Join Date: May 2018
Posts: 5
That was my original method of attack but it did not behave as I expected. This is my script (that works) but I'd rather obscure things a little bit and refine some outside cases. Really appreciate your guidance, I'm now your pest for the next 3 years (V000123735).

Code:
#$language = "VBScript"
#$interface = "1.0"

'**Start Encode**

Option Explicit
Dim wshShell,wshSystemEnv,nResult,strPassword,strPin
Set wshShell = CreateObject("WScript.Shell")
Set wshSystemEnv = wshShell.Environment("VOLATILE")

crt.Screen.Synchronous = True

Sub Main()

	crt.Screen.WaitForString "Enter PASSCODE:"

	If wshSystemEnv("PINVAR") = "" Then
    		strPin = crt.Dialog.Prompt("Enter PIN", "PIN needed","",True) 
    		wshSystemEnv("PINVAR") = strPin
    		crt.Screen.Send wshSystemEnv("PINVAR")
  	Else
    		crt.Screen.Send wshSystemEnv("PINVAR")
  	End If						

	If crt.Arguments.Count <> 3 Then
		MsgBox "Add HostName, Justification, and AppId as arguments under Session Options"
		WScript.Quit
	End If
	 
	crt.Screen.WaitForString "Enter target hostname: "
	crt.Screen.Send crt.Arguments(0) & chr(13)			' Argument(0), HostName
	crt.Screen.WaitForString "login(" 
	crt.Screen.Send chr(13)
	crt.Screen.WaitForString "Justification: "
	crt.Screen.Send crt.Arguments(1) & chr(13) 			' Arguement(1), Justification
	crt.Screen.WaitForString "assword: "

	If wshSystemEnv("PASSVAR") = "" Then
    		strPassword = crt.Dialog.Prompt("Enter password", "Password needed","",True) 
    		wshSystemEnv("PASSVAR") = strPassword
    		crt.Screen.Send wshSystemEnv("PASSVAR") 
  	Else
    		crt.Screen.Send wshSystemEnv("PASSVAR") 
  	End If

	crt.Screen.Send strPassword & chr(13)
	crt.Screen.WaitForString "$ "
	crt.Screen.Send "/usr/seos/bin/sesu - "
	crt.Screen.Send crt.Arguments(2) & chr(13)			' Argument(2), AppId
	crt.Screen.WaitForString "Please enter your password:"
	crt.Screen.Send wshSystemEnv("PASSVAR") & Chr(13)

	nResult = crt.Screen.WaitForStrings("> ","$ ",10)
	If nResult <> 0 Then
    		crt.Screen.Send "printf " & chr(34) & "\033]0;%s@%s\033\\" & chr(34) & " " & chr(34) & "$" & chr(123) & "USER" & chr(125) & chr(34) & " " & chr(34) & "`hostname`" & chr(34) & chr(13)
  	End If
  
	nResult = crt.Screen.WaitForStrings("> ","$ ",10)
  	If nResult <> 0 Then
    		crt.screen.SendSpecial "MENU_CLEAR_SCREEN_AND_SCROLLBACK"
  	End If
  
	crt.Screen.Send chr(13)
	
End Sub

Last edited by Nyber; 05-15-2018 at 06:14 PM.
Reply With Quote
  #8  
Old 05-16-2018, 08:55 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 816
Quote:
Originally Posted by Nyber View Post
That was my original method of attack but it did not behave as I expected. This is my script (that works)
Ah, yes. If you need logic to branch off of multiple things that could be "expected", Logon Actions won't be sufficient to meet that need.

I've added a feature request on your behalf for a way to encrypt a script natively w/in SecureCRT or be able to have an encrypted substitution database with a scripting interface so that you could "send" the value retrieved by a name/key or something along those lines. It's not clear if/when such features would be implemented, but if you desire email notification of their availability should the ever become a reality, send email to support@vandyke.com with a subject of "Me Too! Forum thread #13105 - Encrypt script or substitution database"

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
support@vandyke.com
http://www.vandyke.com/support
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:09 AM.