Solved Scripting - How do you store your credentials and call them later?
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
This is one thing that has so many ways to do it and none of which seem like the better approach.
I have a shell script, I have to run the shell from an wheel user, but am still prompted for credentials at certain points.
How do you hash your credentials and then call them later?
I use the built in Windows Credential Manager on servers, or the one in Azure.
It works well with Python in Azure.
-
@Obsolesce This isn't windows.
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@Obsolesce This isn't windows.
You can still store it in an encrypted file in Linux too, that only is decryptable on that system.
-
@Obsolesce said in Scripting - How do you store your credentials and call them later?:
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@Obsolesce This isn't windows.
You can still store it in an encrypted file in Linux too, that only is decryptable on that system.
Storing the creds isn't the issue in reality, it's filling the prompt for credentials that I now need to figure out.
maybe
--expect
or something can handle that -
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@Obsolesce said in Scripting - How do you store your credentials and call them later?:
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@Obsolesce This isn't windows.
You can still store it in an encrypted file in Linux too, that only is decryptable on that system.
Storing the creds isn't the issue in reality, it's filling the prompt for credentials that I now need to figure out.
maybe
--expect
or something can handle thatNot sure off the top of my head. You could install PS Core and do it easier to save time lol.
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
What I have currently is this
#!/bin/sh read -s -p "Enter a user: " USER read -s -p "Enter the password for $USER: " PASS sudo -u $USER -p $PASS <command>
As soon as it hits the actual <command> you get an onscreen prompt for credentials, which is what I'm trying to populate with these credentials at execution time.
Are you trying to enter credentials for the SUDO command or the <command> ?
-
@dafyre for the actual <command> that's a typo I put it after and you still get prompted for credentials.
-
This is the sort of prompt, it isn't within the terminal that I get prompted.
https://vtcri.kayako.com/base/media/url/R4YZS0B19iFjV9eMoQ5WRzipOS6IVXMy
-
Use
autoexpect
to generate an expect script.autoexpect user-prompt.sh
It will create a file called
script.exp
and within that file, it will like like this:#!/usr/bin/expect -f # # This Expect script was generated by autoexpect on Tue Jul 2 10:53:53 2019 # Expect and autoexpect were both written by Don Libes, NIST. # # Note that autoexpect does not guarantee a working script. It # necessarily has to guess about certain things. Two reasons a script # might fail are: # # 1) timing - A surprising number of programs (rn, ksh, zsh, telnet, # etc.) and devices discard or ignore keystrokes that arrive "too # quickly" after prompts. If you find your new script hanging up at # one spot, try adding a short sleep just before the previous send. # Setting "force_conservative" to 1 (see below) makes Expect do this # automatically - pausing briefly before sending each character. This # pacifies every program I know of. The -c flag makes the script do # this in the first place. The -C flag allows you to define a # character to toggle this mode off and on. set force_conservative 0 ;# set to 1 to force conservative mode even if ;# script wasn't run conservatively originally if {$force_conservative} { set send_slow {1 .1} proc send {ignore arg} { sleep .1 exp_send -s -- $arg } } # # 2) differing output - Some programs produce different output each time # they run. The "date" command is an obvious example. Another is # ftp, if it produces throughput statistics at the end of a file # transfer. If this causes a problem, delete these patterns or replace # them with wildcards. An alternative is to use the -p flag (for # "prompt") which makes Expect only look for the last line of output # (i.e., the prompt). The -P flag allows you to define a character to # toggle this mode off and on. # # Read the man page for more info. # # -Don set timeout -1 spawn ./user-prompt.sh match_max 100000 expect -exact "Enter a user: " send -- "user1username\r" expect -exact "Enter the password for user1username: " send -- "user1password\r" expect eof
-
Another reference using expect.
https://likegeeks.com/expect-command/ -
@black3dynamite This, while it might work would be something else I have to install onto the target stations.
Not sure if I want to go down that route.
-
expect
on the otherhand is included on OSX by default, and might do it. -
What about something like this:
(taken from: https://superuser.com/questions/401906/how-to-pass-password-to-sudo-commands)
In your case it would be echo $PASSWORD | sudo -S -U $USER <command>
I just tested this on my Mac and it works.
-
@dafyre said in Scripting - How do you store your credentials and call them later?:
What about something like this:
(taken from: https://superuser.com/questions/401906/how-to-pass-password-to-sudo-commands)
In your case it would be echo $PASSWORD | sudo -S -U $USER <command>
I just tested this on my Mac and it works.
Maybe. . . it's not working with my naming computer script from yesterday.
-
When running
#!/bin/sh read -s -p "Enter a wheel username: " USER read -s -p "Enter a password for wheel: " PASS # Setting (office) offname variable read -p 'What office are you in?: ' offname # Setting (computer username variable) compuser variable read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser # Setting the asset tag (tagnumber) variable read -p 'Enter this computers asset tag: ' tagnumber echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber
I'm met with
Enter a wheel user
Enter a password for wheel
what office are you in
enter this computers user. . .
enter this computers tag
And that I have to use
-l
with-U
(that is lower case L). -
sudo: the `-U' option may only be used with the `-l' option usage: sudo -h | -K | -k | -V usage: sudo -v [-AknS] [-g group] [-h host] [-p prompt] [-u user] usage: sudo -l [-AknS] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command] usage: sudo [-AbEHknPS] [-C num] [-g group] [-h host] [-p prompt] [-u user] [VAR=value] [-i|-s] [<command>] usage: sudo -e [-AknS] [-C num] [-g group] [-h host] [-p prompt] [-u user] file ...
fun times. . ..
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
When running
#!/bin/sh
read -s -p "Enter a wheel username: " USER
read -s -p "Enter a password for wheel: " PASSSetting (office) offname variable
read -p 'What office are you in?: ' offname
Setting (computer username variable) compuser variable
read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser
Setting the asset tag (tagnumber) variable
read -p 'Enter this computers asset tag: ' tagnumber
echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber
I'm met with
Enter a wheel user
Enter a password for wheel
what office are you in
enter this computers user. . .
enter this computers tag
And that I have to use
-l
with-U
(that is lower case L).Are you doing:
sudo myscript.sh
? Or are you just running the script and letting it call sudo?Also... What do you have to use
-U $USER?
-
This is the entire portion of the script I'm just testing with (so for the moment it is it's own script).
#!/bin/sh read -s -p "Enter a wheel username: " USER read -s -p "Enter a password for wheel: " PASS # Setting (office) offname variable read -p 'What office are you in?: ' offname # Setting (computer username variable) compuser variable read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser # Setting the asset tag (tagnumber) variable read -p 'Enter this computers asset tag: ' tagnumber echo $PASS | sudo -S -U $USER $PASS scutil --set HostName $offname$compuser && sudo -S -U $USER scutil --set ComputerName $compuser$tagnumber && sudo -S -U $USER scutil --set LocalHostName $offname$compuser$tagnumber
The script is run from a local wheel user so to run it, first I go
su wheel-user
(because our users by default aren't wheel users and thus need to jump to one) and then call that script. -
@dafyre said in Scripting - How do you store your credentials and call them later?:
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
When running
#!/bin/sh read -s -p "Enter a wheel username: " USER read -s -p "Enter a password for wheel: " PASS # Setting (office) offname variable read -p 'What office are you in?: ' offname # Setting (computer username variable) compuser variable read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser # Setting the asset tag (tagnumber) variable read -p 'Enter this computers asset tag: ' tagnumber echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber
I'm met with
Enter a wheel user
Enter a password for wheel
what office are you in
enter this computers user. . .
enter this computers tag
And that I have to use
-l
with-U
(that is lower case L).Are you doing:
sudo myscript.sh
? Or are you just running the script and letting it call sudo?Also... What do you have to use
-U $USER?
running
su <wheel-user>
then./rename.sh
@dafyre said in Scripting - How do you store your credentials and call them later?:
Also... What do you have to use -U $USER?
what?
-
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
@dafyre said in Scripting - How do you store your credentials and call them later?:
@DustinB3403 said in Scripting - How do you store your credentials and call them later?:
When running
#!/bin/sh read -s -p "Enter a wheel username: " USER read -s -p "Enter a password for wheel: " PASS # Setting (office) offname variable read -p 'What office are you in?: ' offname # Setting (computer username variable) compuser variable read -p 'Enter this computers username (SAMAccountName) IE jdoe: ' compuser # Setting the asset tag (tagnumber) variable read -p 'Enter this computers asset tag: ' tagnumber echo $PASS | sudo -S -U $USER -l scutil --set HostName $offname$compuser && scutil --set ComputerName $compuser$tagnumber && scutil --set LocalHostName $offname$compuser$tagnumber
I'm met with
Enter a wheel user
Enter a password for wheel
what office are you in
enter this computers user. . .
enter this computers tag
And that I have to use
-l
with-U
(that is lower case L).Are you doing:
sudo myscript.sh
? Or are you just running the script and letting it call sudo?Also... What do you have to use
-U $USER?
running
su <wheel-user>
then./rename.sh
@dafyre said in Scripting - How do you store your credentials and call them later?:
Also... What do you have to use -U $USER?
what?
Sorry, Missed that... I meant to say WHY do you have to use -U $USER ?
sudo rename.sh doesn't work?