wscript cscript with javascript to use COM with node.js - javascript

OS: windows 10 Node: v6.9.4 iTunes 12.5.5.5
I'm trying to write a node.js app that communicates with itunes, it will do a lot of things and i want to capture the response and show in a web page.
what i'm trying to do right now to understand this wscript thing is run a node file, that it will keep running to output on the 'change song' event some info about the tack.
After i did some research i made to a point, but now i'm stuck.
I have no knowledge on windows ecosystem coding and is in this part that i'm struggling
searching the web i found this solution.
i don't find why i can on cmd use cscript o wscript but inside the .js file i need to use wscript
/* itunes open and playing a song */
var itunes = WScript.CreateObject("iTunes.Application");
var currentTrack = itunes.CurrentTrack;
WScript.Echo("name: " + currentTrack.Name + " artist: " + currentTrack.Artist);
open a cmd, go to that folder, and run
cscript /nologo myItunesScript.js
/* /nologo prevent to show some default cmd text*/
the program will run, output the music playing and it will close itself
If i do the same thing with wscript i don't know why but it show a popup window with the result instead of showing on the cmd screen.
On this page http://www.joshkunz.com/iTunesControl/main.html show a lot of things that i can do and even work with events.
I didn't find any app on npm that does some magic and makes my life easier.
So if someone can give some north, i will appreciate a lot.
EDIT: It is possible to connect to "iTunes.Application" without WScript from node?
If don't, is possible to listen for events from the output o WScript? (like in socket.io, you connect to someting and keep listening for things)

The question isn't clear I probably shouldn't of answered.
This answer specifically address this from the question;
If i do the same thing with wscript i don't know why but it show a popup window with the result instead of showing on the cmd screen.
You may be confusing what cscript.exe and wscript.exe are.
Both programs are the WSH (Windows Script Host, also confusingly known as WScript).
cscript.exe - The command line version
wscript.exe - The Windows GUI version
Both run VBScript but output the results differently, here is a simple example to demonstrate.
The following script will output the phrase Hello World;
Dim output: output = "Hello World"
WScript.Echo output
Using cscript.exe the output is;
>cscript //nologo "test.vbs"
Hello World
Using wscript.exe the output is;
>wscript //nologo "test.vbs"

Related

How do I install/run Hipku using Linux (links in the details)

I received a hacker challenge gift for Christmas. I'm no hacker, nor do I work in an IT role, but I'm trying my best. I've got a haiku:
The weary red dove fights in the empty tundra. Jasmine petals dance.
I need to convert this into an IP.
I'm 100% sure I'm supposed to install/run a program called Hipku.
https://github.com/gabemart/hipku
The installation instructions read:
"Install with npm install hipku. index.js can also be used directly in the browser."
However, I just don't have the skills necessary to get this to work for me.
I'm using kali linux virtualised on a mac, and I've ran this command (npm install hipku) in a shell.
The next step from the example is:
Hipku.decode('The weary red dove\nfights in the empty tundra.\nJasmine petals dance.');
However, I get this message
└─$ Hipku.decode('The weary red dove fights in the empty tundra. Jasmine petals dance.'); zsh: unknown file attribute: h
I'm not sure what I'm doing wrong.
pps. I've found this webpage of someone running through the steps of the entire challenge, but when it comes to the step of decoding the haiku, it's not helpful (for me!)
You installed a library that you need to run BUT there is an easier way: go to v6decode, right click "inspect element", you should now be on a new windows, go to the "console" tab. from there enter the line and press enter.
I've tested for you and got 254.53.93.114.

Run exe file with jQuery or JavaScript

I want to know if there is a way to open a exe file from client side with jQuery or JavaScript.
I tried with windows.open("..") but it didn't work.
First off, Dalorzo is correct - you cannot escape the sandbox of a browser without earning lots of money. Recently Pinky Pie won over $60k from Google for performing such a task on Google Chrome.
http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html
However, sometimes I ask questions to try to find out-of-the-box solutions, so I'm assuming that you have a legitimate use-case for this question. I can help you think of a "hack" solution if you have a legitimate use for this. I'll probably get downvoted to oblivion for this response, but theoretically you could do this...
Back in college, I took a computer forensics class in which I wrote a chat web application which would forensically clean a user's computer from having ever accessed the chat webpage. This was done through the user running an executable they could download from the site. However, I wanted to have the users to not have to run the executable every time so I wanted a sandbox escape like you're asking about.
It's messy, but if your users are a participating party they can modify their computer to allow executables to be run from Chrome webpages.
Please Note: This will make your computer less secure, I only ever did it on Virtual Machines or Lab Machines. Reconsider whether you actually wanna try this or not.
Step One: Create a Chrome custom browser:
This is the python that I eventually compiled to a packed *.exe that accomplished creating a Google Chrome custom browser.
import sqlite3 as lite
con = lite.connect('C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Web Data')
c = con.cursor()
#idmax = c.execute('SELECT MAX(id) FROM keywords')
#c.execute("INSERT INTO keywords VALUES('cleanupeverybodyeverywhere','cleanupeverybodyeverywhere','','forensichat://C:>Windows>System32>calc.exe',0,'',0,0,'',0,'',0,0,'',0,'','','','','','','','','')")
c.execute("SELECT * FROM keywords WHERE short_name='cleanupeverybodyeverywhere'")
foo = c.fetchall()
if foo == []:
c.execute("INSERT INTO keywords (short_name,keyword,url,favicon_url) VALUES ('cleanupeverybodyeverywhere','cleanupeverybodyeverywhere','forensichat://C:>Windows>System32>calc.exe','')")
con.commit()
con.close()
Note that now when I open a Chrome tab and use the custom browser cleanupeverybodyeverywhere to run the key forensichat and it will open calc.exe as proof of concept.
Step Two: Modify your Windows Registry:
import _winreg as wreg
import getpass
user = getpass.getuser()
key = wreg.CreateKey(wreg.HKEY_CLASSES_ROOT, '')
wreg.SetValue(key,'forensichat',wreg.REG_SZ,'URL:forensichat Protocol')
# Create new subkey
kkey = wreg.CreateKey(wreg.HKEY_CLASSES_ROOT, 'forensichat')
wreg.SetValueEx(kkey, 'URL Protocol', 0, wreg.REG_SZ,'')
# Create new value
wreg.CreateKey(wreg.HKEY_CLASSES_ROOT,"forensichat\shell")
nkey = wreg.CreateKey(wreg.HKEY_CLASSES_ROOT,"forensichat\shell\open")
wreg.SetValue(nkey,"command",wreg.REG_SZ,'C:\Users\\'+user+'\Downloads\\forensicleaner.exe')
key.Close()
Note that I'm creating a key called forensichat which will run the exe found in the user's Downloads folder.
Of course, I ended up cleaning this all up and packing it so Anti-Virus wouldn't flag it, next thing I know Google Chrome has marked the site lol. It's still up if you wanna check it out - check Secure Chat and Repeat Customer. Chrome will flag it, but there's obviously ways around that.

How to parse DOM (REACT)

I am trying to scrape data from a website. The website uses Facebook's React. As such the source code that I can parse using Jaunt is completely different to the code I see when inspecting the elements using Chrome's inspector.
I know very little about all of this, but having done some research I think this is something to do with DOM rather than the source code. I need a way to be able to get my hands on this DOM code as the original source contains nothing I want, but I don't have the foggiest idea where to begin (even having read many answers on here).
Here is an example of one the pages I want to scrape. For example to scrape the description I'd want to grab what is in between the tag:
<span class="light-font extended-card-description list-group-item">Example description....</span>
But as you can see this element only appears when you "Inspect Element", and not when I just view the page's source.
My question to you geniuses on here is, how can I grab this DOM Code and start scraping the elements I actually want to?
Forgive me if my terminology is completely off but as I say this is a completely new area for me, and I've done the research that I can.
Thank you very much in advance!
ReactJS, like many other Javascript libraries / frameworks, uses client-side code (Javascript) to render the final HTML. This means that when you, Jaunt, or your browser fetch the HTML source code from the server, it doesn't yet contain the final code the user will see. The browser needs to run the Javascript program(s) contained in the page, in order to generate the final content you wish to scrape.
My favorite tool for this kind of job is CasperJS
It (or rather the PhantomJS tool that CasperJS uses) is a headless browser, meaning it's a version of Webkit (like Chrome or Safari) that has been stripped of all the GUI (windows, buttons, menus.) What's left is a tool that you can run from a terminal or from your Java program. It won't show any window on the screen, but it will fetch the webpages you ask it to; run any Javascript they contain; and then respond to your commands, such as "click on this link", "give me that text", "capture a screenshot", and so on.
Let's start with a simple ReactJS example:
We want to scrape the "Hello John" text, but if you look at the plain HTML source (Ctrl+U or Alt+Ctrl+U) you won't see it. On the other hand, if you open the console in your browser and use the following selector, you will get the text:
> document.querySelector('#helloExample .playgroundPreview').textContent
"Hello John"
Here is a simple CasperJS script to do the same thing:
var casper = require("casper").create();
casper.start("http://facebook.github.io/react/index.html", function() {
this.echo(this.fetchText("#helloExample .playgroundPreview"));
});
casper.run();
You can save it as hello.js and execute it with casperjs hello.js from a terminal, or use the equivalent Java code Runtime.getRuntime().exec(...)
Here is a better script, that avoids loading images and third-party resources (such as Facebook button, Twitter button, Google Analytics, and such) cutting the loading time by half. It also adds a waitForSelector step, so that we don't risk trying to fetch the text before ReactJS has had a chance to create it.
var casper = require("casper").create({
pageSettings: {
loadImages: false
}
});
casper.on('resource.requested', function(requestData, request) {
if (requestData.url.indexOf("http://facebook.github.io/") != 0) {
request.abort();
}
});
casper.start("http://facebook.github.io/react/index.html", function() {
this.waitForSelector("#helloExample .playgroundPreview", function() {
this.echo(this.fetchText("#helloExample .playgroundPreview"));
});
});
casper.run();
How to install CasperJS
I have had some trouble scraping ReactJS and other modern Javascript pages with the older versions of PhantomJS and CasperJS, so I recommend installing PhantomJS 2.0 and the latest CasperJS from GitHub.
For PhantomJS you can just download the official 2.0 package.
For CasperJS, since it's a Python script, you should be able to check out the latest commit from GitHub and link bin/casperjs onto your PATH. Here's a script for Linux or Mac OS X:
> git clone git://github.com/n1k0/casperjs.git
> cd casperjs
> ln -sf `pwd`/bin/casperjs /usr/local/bin/casperjs
You may also want to comment out the line printing Warning PhantomJS v2.0 ... from your bin/bootstrap.js file.

Node C++ extension loading in docker only Segfault on Google Compute Engine

I am experiencing an extremely weird behavior with docker containers + node on Google Compute Engine.
The setup is the following:
I have a docker image pushed to a private docker registry
This image is created on top of ubuntu 12.04 (FROM ubuntu:12.04)
The code i am running is javascript Node code with a C++ extension.
The C++ extension contains custom C++ code as well as dynamically linked libraries (boost, blas, armadillo, etc...)
I tried running the docker container with the node code + extension on many different machines (local, and different instance sizes on AWS).
It segfaults when i launch the exact same container on GCE. It crashes on different machines and different OSs.
This is the output i get when using this tool (I run the command from inside the container):
/opt/th/api# node start.js
PID 118 received SIGSEGV for address: 0x7f1c7faab000
/opt/th/api/node-segfault-handler/build/Release/segfault_handler.node(+0x100d) [0x7f1c8b2fa00d]
/lib/x86_64-linux-gnu/libpthread.so.0(+0xfcb0)[0x7f1c8b8cbcb0]
/usr/lib/libblas.so(+0x3d6fd8)[0x7f1c89229fd8]
/usr/lib/libblas.so(blas_memory_alloc+0x34d)[0x7f1c8922a70d]
/usr/lib/libblas.so(gotoblas_init+0x30)[0x7f1c88efb120]
/lib64/ld-linux-x86-64.so.2(+0xf306)[0x7f1c8c70a306]
/lib64/ld-linux-x86-64.so.2(+0xf3df)[0x7f1c8c70a3df]
/lib64/ld-linux-x86-64.so.2(+0x13ada)[0x7f1c8c70eada]
/lib64/ld-linux-x86-64.so.2(+0xf176)[0x7f1c8c70a176]
/lib64/ld-linux-x86-64.so.2(+0x1331a)[0x7f1c8c70e31a]
/lib/x86_64-linux-gnu/libdl.so.2(+0xf26)[0x7f1c8c4f7f26]
/lib64/ld-linux-x86-64.so.2(+0xf176)[0x7f1c8c70a176]
/lib/x86_64-linux-gnu/libdl.so.2(+0x152f)[0x7f1c8c4f852f]
/lib/x86_64-linux-gnu/libdl.so.2(dlopen+0x31)[0x7f1c8c4f7fc1]
node(uv_dlopen+0x30)[0x966000]
node(_ZN4node6DLOpenERKN2v89ArgumentsE+0xee)[0x818bfe]
node[0x5c7c0b]
[0xf956706362]
Has anyone seen anything like this?
It looks like a dynamic linking problem. But why would I only see this on GCE and nowhere else?
Update
After long hours of fighting with this problem, I found a solution by rebuilding the container with a different version of blas. I installed the atlas package (libatlas-dev libatlas-base-dev), recompiled with it, rebuilt the container, and didn't have the segfault anymore.
Still: no idea why the previous container didn't work on GCE (whereas it worked perfectly on AWS)...

Connection to ODBC in very restricted environment (sort of challenge)

I usually type too much, so read bold copy if in a hurry.
I'm trying to develop a little app in a very restrictive environment (at work)... I want to read data from a database, but I cant install stuff on my machine (so my usual choice of using python or visual studio is a no-no). Basically I will have to do with whatever I've got at hand...
What solution can you come up with to access an odbc connection and read the records of a table in an environment where you can't install any software? feel free to suggest any language, as long as you don't need to install anything.
My best idea so far is trying to use the web-browser (since i only need notepad to code), so... basically using only HTML and javascript to try to access it (although I have no clue how to acomplish that task, as I've never done it before)...
I know it is not a good idea, but since I won't post this on internet (I only I would have access to this from my desk, and the DB is on my local network), I don't think security is an issue.
Even if I don't get a solution, I would like to hear what would you guys try if the need arose. But any ideas or links pointing me in the right direction would be appreciated.
Edit: For clarity's sake, it is a Windows environment.
You could use Portable Python, and Portable Notepad++. That way, you'll have nothing to install, and you'll still be able to use your preferred language.
If you like Django, you can have all that in a portable bundle : Instant Django
You don't mention OS or why the environment is so locked down, but if it's a managed Windows environment, you probably have Office installed. You may find that you can connect using Excel. (In 2003, it's under data -> import external data -> new database query, which brings up a list of ODBC connections.) Heck, if Office is installed, maybe you'll even have the Ultimate Root of All Evil program (a.k.a. MS Access).
If you have a web server on the db machine, you could write a Java (not javascript) application to access the db using java connector (or odbc). That's assuming Java is already installed on your machine.
Another possibility is to write an AJAX application to access the data server-side.
Not sure if you are on windows or not, but if you are: cscript.exe
If you have access to notepad you should be able to do it:
Something along these lines:
option explicit
dim conn : set conn = wscript.createobject("ADODB.connection")
conn.open("Driver={SQL Server};Server=127.0.0.1\sqlexpress;Database=tinker;Trusted_Connection=Yes;")
dim sql : sql = "select * from demos"
dim rs : set rs = conn.execute(SQL)
dim line
dim cnt
line = ""
for cnt = 0 to rs.fields.count-1
line = line & CHR(9) & rs.fields(cnt).name
next
wscript.echo line
while not rs.eof
line = ""
for cnt = 0 to rs.fields.count-1
line = line & CHR(9) & rs.fields(cnt).value
next
wscript.echo line
rs.movenext
wend
Save that to a text file with a .vbs extension and run it with cscript

Categories