Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Scripting

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 05-13-2016, 11:25 AM
DaveSays1 DaveSays1 is offline
Registered User
 
Join Date: May 2016
Posts: 2
Sending hidden characters to session

Hello All,

Does anyone know of a way to use the crt.Screen.Send() function to send hidden characters? In the case of a password or something.

Use case would be writing a script for someone else to use where you don't want them to see the characters that go on the screen. So when you want to send Password you send Password, but it appears as blank or "********".

Personally I like to write scripts that login and go to enable mode and if I am at the correct prompt then it is automatically hidden, but if the switch is already enables the password sends in clear text, it doesn't hurt anything except it reveals the password.

I could specifically isolate the prompt, but that can change on switch type making the code much less versatile.

Thank you in advance,

David
Reply With Quote
  #2  
Old 05-13-2016, 12:39 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 998
SecureCRT displays exactly what the remote system tells it to display, so there's not really a good/easy way to send the real password (so that authentication will succeed), but convince the remote system to display it differently when echoing it back to SecureCRT (as in the password being sent outside of a password prompt).

You'll need to engineer some smarts into your login script in order to prevent sending of passwords to the remote. For instance, your script can wait for screen contents to stop changing and then get the text to the left of the cursor. If the last-most non-white-space character is a ">", then you know you're in user exec mode, not priv exec mode. That's when you issue 'en', then wait for the password prompt, then and only then, you send the password.

However, a bigger question now becomes... if you're sending the password through a login script, and you're sharing the login script with others, how will you prevent them from looking inside the script and seeing the password there in plain text?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #3  
Old 05-13-2016, 01:17 PM
DaveSays1 DaveSays1 is offline
Registered User
 
Join Date: May 2016
Posts: 2
That was going to be step 2 if I can hide the password... I think I am going to add in logic to do it the way you suggested, less generic, but it'll have to work.

As far as keeping someone from looking at the source code I think I am going to put it on a server, map a drive to the users computer, and then make an attempt to use special permissions to allow most users execute access only. Not sure if it will work, but it;s the first thing I'll try :-)

Thank you for the response!
Reply With Quote
  #4  
Old 05-13-2016, 02:16 PM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 998
I doubt it would work to change permissions on the file to execute only.

The script file itself isn't an executable. SecureCRT (running within the user context of the account that launched SecureCRT as a process) reads in the contents of the file and then asks the script engine to interpret the code in the file on its behalf... there's no execution of the script source file involved... just it's contents, which requires Read access.

There used to be a script encoder and encoded script engine you could run, but MS removed this from Windows a while back. I believe there's still some who have gotten it to work, but that's outside of my current experience. Here's some additional info if you're in for some investigation on your own:

https://forums.vandyke.com/showthread.php?t=1011

https://social.technet.microsoft.com...ipt?forum=ITCG


FYI.
--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 06:21 AM.