#1
|
|||
|
|||
Volatile Environment Variable?
Hello,
New user here. Is it possible to script volatile environment variables via vbs script using SecureCRT? I ask because I would like to store semi-sensitive keyboard data in a non-persistent state. I was wondering if this has been done before I attempt to reinvent the wheel. Thanks for any help, Will |
#2
|
||||
|
||||
Setting/Getting environment variables in VBScript works inside SecureCRT the same way that it works outside SecureCRT because:
I've provided some example code below. Try running the example code:
So, "PROCESS" environment vars are the most secure because they're only accessible within the same process. "VOLATILE" env variables last only until you log out of Windows. "USER" env variables are there to stay for your user until you remove/reset them. "SYSTEM" = "USER", but are available to all users and all processes. --Jake Code:
' EnvVarExample_PROCESS_USER_VOLATILE_SYSTEM.vbs Dim g_shell Set g_shell = CreateObject("WScript.Shell") ' There are 4 different "Environments": ' System, User, Volatile, or Process. For inter-process ' communication (parent process to child and vice versa), ' the "Process" environment is used. Set g_env_prc = g_shell.Environment("PROCESS") Set g_env_sys = g_shell.Environment("SYSTEM") Set g_env_usr = g_shell.Environment("USER") Set g_env_vol = g_shell.Environment("VOLATILE") strVarName = "VARNAME" strVarValu = "VARVALUE" strError = "" MsgBox _ "Current values for env variable: " & strVarName & vbcrlf & _ " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _ "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _ " User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _ " System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _ strError ' Reset the var for all environments: On Error Resume Next g_env_prc(strVarName) = "" g_env_sys(strVarName) = "" g_env_usr(strVarName) = "" g_env_vol(strVarName) = "" On Error Goto 0 MsgBox _ "All values reset for this variable: " & strVarName & vbcrlf & _ " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _ "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _ " User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _ " System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _ strError MsgBox "Setting 'PROCESS' " & strVarName & "=" & strVarValu & "..." On Error Resume Next g_env_prc(strVarName) = strVarValu nError = Err.Number strErr = Err.Description On Error Goto 0 If nError <> 0 Then strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr Else strError = "" End If MsgBox _ "Values for env variable: " & strVarName & vbcrlf & _ " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _ "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _ " User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _ " System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _ strError MsgBox "Setting 'VOLATILE' VARNAME=VARVALU..." On Error Resume Next g_env_vol(strVarName) = strVarValu nError = Err.Number strErr = Err.Description On Error Goto 0 If nError <> 0 Then strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr Else strError = "" End If MsgBox _ "Values for env variable: " & strVarName & vbcrlf & _ " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _ "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _ " User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _ " System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _ strError MsgBox "Setting 'USER' VARNAME=VARVALU..." On Error Resume Next g_env_usr(strVarName) = strVarValu nError = Err.Number strErr = Err.Description On Error Goto 0 If nError <> 0 Then strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr Else strError = "" End If MsgBox _ "Values for env variable: " & strVarName & vbcrlf & _ " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _ "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _ " User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _ " System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _ strError MsgBox "Setting 'SYSTEM' VARNAME=VARVALU..." On Error Resume Next g_env_sys(strVarName) = strVarValu nError = Err.Number strErr = Err.Description On Error Goto 0 If nError <> 0 Then strError = vbcrlf & vbcrlf & "Error: " & nError & ": " & strErr Else strError = "" End If MsgBox _ "Values for env variable: " & strVarName & vbcrlf & _ " Process: " & vbtab & g_env_prc(strVarName) & vbcrlf & _ "Volatile: " & vbtab & g_env_vol(strVarName) & vbcrlf & _ " User: " & vbtab & g_env_usr(strVarName) & vbcrlf & _ " System: " & vbtab & g_env_sys(strVarName) & vbcrlf & _ strError
__________________
Jake Devenport VanDyke Software Technical Support YouTube Channel: https://www.youtube.com/vandykesoftware Email: support@vandyke.com Web: https://www.vandyke.com/support |
#3
|
|||
|
|||
Jake,
SecureCRT appears to clear on every session. Example. Test.vbs Code:
Option Explicit Dim wshShell,wshSystemEnv,strPassword,nResult Set wshShell = CreateObject("WScript.Shell") Set wshSystemEnv = wshShell.Environment("VOLATILE") If wshShell.ExpandEnvironmentStrings("%PASSVAR%") = "%PASSVAR%" Then 'If volatile variable is empty then set strPassword = InputBox("Enter password", "Password needed") wshSystemEnv("PASSVAR") = strPassword Else WScript.Echo wshSystemEnv("PASSVAR") End If |
#4
|
||||
|
||||
SecureCRT does not "clear on every session"; that's just an illusion -- a magic trick made possible by the magician leveraging a misunderstanding about how the ExpandEnvironmentStrings() is documented to operate. The VOLATILE variables are there, and they're available for SecureCRT to access, but ExpandEnvironmentStrings() cannot see them because it operates on PROCESS variables.
A process's environment variables are inherited from the process's parent (including any that may be VOLATILE). I'm guessing you might have launched SecureCRT *before* launching the .vbs within the Explorer.exe (or CMD.exe) process environment, therefore SecureCRT does not have access to any updated copies of the Explorer.exe-parented (or CMD.exe-parented) PROCESS variables -- unlike when you ran the script outside of SecureCRT. If you had run the .vbs directly w/in Explorer.exe/cmd.exe first, and then launched SecureCRT (from either explorer.exe or cmd.exe, you'd see the desired behavior. Suggestion: Don't use ExpandEnvironmentStrings() to resolve VOLATILE environment variables. Use a different mechanism to determine whether or not your variable is set/initialized. For example: Code:
Option Explicit Dim wshShell,wshSystemEnv,strPassword,nResult Set wshShell = CreateObject("WScript.Shell") Set wshSystemEnv = wshShell.Environment("VOLATILE") ' If wshShell.ExpandEnvironmentStrings("%PASSVAR%") = "%PASSVAR%" Then ' No can do on the above... ExpandEnvironmentStrings() only expands ' PROCESS variables; not VOLATILE (unless such are inherited from a ' pareent process in which the VOLATILE variable was already set. ' To check existence/value of VOLATILE variable, for processes which ' do not share the same copy of the parent process, use this method: If wshSystemEnv("PASSVAR") = "" Then 'If volatile variable is empty then set strPassword = InputBox("Enter password", "Password needed") wshSystemEnv("PASSVAR") = strPassword Else MsgBox wshSystemEnv("PASSVAR") End If
__________________
Jake Devenport VanDyke Software Technical Support YouTube Channel: https://www.youtube.com/vandykesoftware Email: support@vandyke.com Web: https://www.vandyke.com/support |
#5
|
|||
|
|||
You rock, Jake!
I just need some basic obfuscation encryption and an encoded .vbe and I'll be happy. I really appreciate your through explanation, it will save me hours of jumpserver redundancy. |
#6
|
||||
|
||||
Quote:
Its not a security best practice to store credentials, but for those who value convenience in an environment where security isn't critical, Logon Actions can be of assistance. Logon Actions are expect/send sequences that are encrypted in Session Options such that they are available to only SecureCRT (and if you use a Configuration Passphrase they are only available to you -- and others who know your configuration passphrase). --Jake
__________________
Jake Devenport VanDyke Software Technical Support YouTube Channel: https://www.youtube.com/vandykesoftware Email: support@vandyke.com Web: https://www.vandyke.com/support |
#7
|
|||
|
|||
That was my original method of attack but it did not behave as I expected. This is my script (that works) but I'd rather obscure things a little bit and refine some outside cases. Really appreciate your guidance, I'm now your pest for the next 3 years (V000123735).
![]() Last edited by Nyber; 05-25-2018 at 07:44 AM. |
#8
|
||||
|
||||
Quote:
I've added a feature request on your behalf for a way to encrypt a script natively w/in SecureCRT or be able to have an encrypted substitution database with a scripting interface so that you could "send" the value retrieved by a name/key or something along those lines. It's not clear if/when such features would be implemented, but if you desire email notification of their availability should they ever become a reality, send email to support@vandyke.com with a subject of "Me Too! Forum thread #13105 - Encrypt script or substitution database" --Jake
__________________
Jake Devenport VanDyke Software Technical Support YouTube Channel: https://www.youtube.com/vandykesoftware Email: support@vandyke.com Web: https://www.vandyke.com/support Last edited by bgagnon; 07-11-2018 at 08:43 AM. Reason: the to they |
#9
|
|||
|
|||
Hi Jake,
Question. I've written all my logic in VBScript and included some encryption obfuscation and encoded to file.vbe. Should I have written it in Python and encoded it as file.pyc instead? Is Python encoding better? Albeit still a flawed version of "encryption". Code:
Function Encrypt(sStr) Dim i,n,e e = "" n = 1 For i = 1 To Len(sStr) e = e & Chr(Asc(Mid(sStr,i,1)) + Asc(Mid(Key,n,1))) n = n + 1 If n > Len(Key) Then n = 1 End If Next Encrypt = e End Function Last edited by Nyber; 05-25-2018 at 08:50 AM. |
#10
|
||||
|
||||
Quote:
I've added another feature request on your behalf for SecureCRT to support running .pyc script files. --Jake
__________________
Jake Devenport VanDyke Software Technical Support YouTube Channel: https://www.youtube.com/vandykesoftware Email: support@vandyke.com Web: https://www.vandyke.com/support |
![]() |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Display Modes | Rate This Thread |
|
|