Page 1 of 1 1
Topic Options
#112607 - 2004-01-27 04:29 PM KiXcrypt - How Not to Echo KiXcrypt
Lee Burlingham Offline
Fresh Scripter

Registered: 2003-03-20
Posts: 7
Loc: Columbus, OH
During my KiXtart logon script I am doing a command that requires to 'runas' local administrator. So I decided to use KiXcrypt. My problem is that I cannot get the KiXtart script from echoing the KiXcrypt results or status to the screen. I guess really what the deal is that the KiXcrypt exe automatically echoes to the screen the following:

Enter password for domain\username:
Attempting to start "...." as user "domain\username"...

I've tried the -m"" option as well as the other -m options with no success. The status of KiXcrypt is still echoing to the screen.

Is there a way to get rid of the KiXcrypt status message being echoed to the screen. It just looks annoying and my end users are likely to 'wonder' what's going on and place calls to our held desk. Any help is appreciated.

Thanks.

Top
#112608 - 2004-01-27 04:33 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11162
Loc: Boston, MA, USA
I'd say that's rather a problem with your script and not KiXcrypt itself. Console output suppression is described in detail in the FAQ Forum. Also, using RUNAS is insecure as has been discussed numerous times. See the FAQ forum on how to run applications/scripts under administrative privileges in a secure manner.

Or are you saying the KiXcrypt creates
Quote:


Enter password for domain\username:
Attempting to start "...." as user "domain\username"...



on it own?
_________________________
There are two types of vessels, submarines and targets.

Top
#112609 - 2004-01-27 04:38 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
KiXcrypt does not output this text, RUNAS (or its equivalent) does.

You need to fix it in the original plain script first.

Top
#112610 - 2004-01-28 02:35 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Lee Burlingham Offline
Fresh Scripter

Registered: 2003-03-20
Posts: 7
Loc: Columbus, OH
Quote:

Or are you saying the KiXcrypt creates
Quote:


Enter password for domain\username:
Attempting to start "...." as user "domain\username"...



on it own?




I realize the implications of using runas. However, at this time that's what I'm going to use until I have time to figure out another way to do it. I appreciate your warning.

As far as your comment above, the runas is part of the encrypted KiXcrypt exe. What happens exactly when the KiXcrypt exe runs is this verbatim (obviously without real domain\username):

crypt version 003.02b
KiXcrypt author: Richard Howarth (rhowarth@sgb.co.uk)
0Enter password for domain\username:
Attempting to start "net localgroup administrators domain\username /add" as user "domain\username"...

So, I see it that the KiXcrypt exe is echoing the runas command to the console screen. Now, if I use the wkix32.exe /i command for the consoleless version of KiXcrypt, the script does not perform like it should. I get the same result when using kcgen.kix with the web interface to create a consoleless version. The runas command does not work.

Any help is greatly appreciated.

BTW, what is it that you are referring to as a more secure way of doing this? Is it SU?

Thanks again.

Top
#112611 - 2004-01-28 03:45 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11162
Loc: Boston, MA, USA
I think you're confusing what KiXcrypt is doing. KiXcrypt is just a encryption wrapper for the actual KiXtart script. Thus, everything you talk about and do is related to how you use KiXtart and the KiXtart script, not KiXcrypt. Using WKIX32 /i correctly suppresses console output as explained in the KiXtart Manual. This has nothing to do with KiXcrypt. Please read the FAQ Forum on how to suppress console output. Basically, the script you wrote is creating the console output, thus you'll have to fix your script. Also, RUNAS is inheritantly insecure and there are better alternatives as descripbed in the FAQ Forum. RUNAS in itself is also performing correctly.
_________________________
There are two types of vessels, submarines and targets.

Top
#112612 - 2004-01-28 04:20 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Let me explain a little further.

wkixcrpt.exe does not create a console - it it the console-less version of KiXcrypt.

However, if you execute a script or statement which itself creates a console then one will appear.

If you are SHELLing the command then suppress the output. Something like:
Code:
Shell "%COMSPEC% /C RunAsCommand ... >nul: 2>nul:"


Top
#112613 - 2004-01-28 09:02 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Lee Burlingham Offline
Fresh Scripter

Registered: 2003-03-20
Posts: 7
Loc: Columbus, OH
If KiXcrypt is the console-less version of KiXtart, why is the console showing what is KiXcrypted. I guess I'm missing something here still. I have a regular console-version KiXtart script that runs so that the user can see what's happening and so that us administrators can see what's happening in the case of a problem. The only thing that I don't want the users to see is the administrator user account and password used to run the command that I need to run. So, what I did using KiXcrypt was to encrypt only the runas portion of the script and call that executable from my regular console-version KiXtart script using Code:
RUN @LDRIVE\encryptedscript.exe

. Ultimately I want the user to see everything as usual except for any KiXcrypt encrypted stuff that I need to hide. Hopefully you understand where I'm coming from.

Top
#112614 - 2004-01-28 09:22 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11162
Loc: Boston, MA, USA
KiXCrypt <> KiXtart
KiXcrypt.exe <> KIX32.EXE
WKiXcrypt.exe <> WKIX32.EXE

KiXcrypt and KiXtart are two completely unrelated things! Script are run by KiXtart! KiXcrypt only creates an encrypted version of the script that will be decrypted but still run through KiXtart! KiXcrypt still exposes the script (and thus the password) in plain text, except for the latest version where in-memory decryption is optionally possible, I believe.

So, go fix the script!
_________________________
There are two types of vessels, submarines and targets.

Top
#112615 - 2004-01-29 10:42 AM Re: KiXcrypt - How Not to Echo KiXcrypt
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Quote:

If KiXcrypt is the console-less version of KiXtart, why is the console showing what is KiXcrypted.



...because as I said above...
Quote:

However, if you execute a script or statement which itself creates a console then one will appear.




Now I appreciate that not everyone understands what the consoles are and how they work, so just take it from me - KiXcrypt is not creating the console if you used wkixcrpt.exe to create the package - you are.

You are either creating it explicitly by running the command at a DOS prompt or by the way your login is calling the KiXtart script, or you are creating it implicitly by creating console output.

If you don't want console output, stop creating it

It's also worth checking the "command to execute" in the kcgen GUI as it has been known to get confused. You should be using "wkixcrpt.exe" and not "kixcrypt.exe" for the console version.

Notwithstanding this, if you don't want console output then suppress it in your script explicitly. Using "wkix.exe /i" is a flawed way of doing it as it supresses everything, including any error information that you might prefer to know about.

Top
#112616 - 2004-01-29 04:19 PM Re: KiXcrypt - How Not to Echo KiXcrypt
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11162
Loc: Boston, MA, USA
Richard:

Funny that we both try to tell him the same, just with different words ;-)
_________________________
There are two types of vessels, submarines and targets.

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 131 anonymous users online.
Newest Members
dimi575, Drecksnacken, Nlill, webtools321, multiman
17734 Registered Users

Generated in 0.035 seconds in which 0.012 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org