Jump to content

Telnet on Locked station


Recommended Posts

Hi !

I've got the following script working on an unlocked windows station that works great :

 

#autoit3wrapper_usex64=n ; runs the script in 32 bit program mode
; Use False to disable redirection, it will only apply to the program if running as 32 bit process
_Wow64FsRedirection(False)
Run("C:\Windows\System32\telnet.exe")
_Wow64FsRedirection(True)
; http://www.autoitscript.com/forum/topic/111647-macro-problem-in-win7-x64/#entry790037
Func _Wow64FsRedirection($state)
    ; Disables or reverts the filesystem redirector for a 32 bit process running on 64bit OS
    If Not @AutoItX64 And @OSArch = 'X64' Then
        If $state Then
            DllCall("kernel32.dll", "int", "Wow64RevertWow64FsRedirection", "int", 0)
        Else
            DllCall("kernel32.dll", "int", "Wow64DisableWow64FsRedirection", "int", 0); or 1 as per help
        EndIf
        If @error Then Return SetError(1)
    EndIf
EndFunc
WinWait("C:\Windows\system32\cmd.exe", "", 2)
Send("open 172.16.34.13{ENTER}")
sleep(1000)
Send("login{ENTER}")
sleep(1000)
Send("password{ENTER}")
sleep(20000)
Send("mgr{ENTER}")
sleep(5000)
$n = 13
Send("{DOWN " & $n &"}")
Send("{ENTER}")
sleep(1000)
$n2 = 1
Send("{DOWN " & $n2 &"}")
Send("{ENTER}")
$n3 = 3
Send("{DOWN " & $n3 &"}")
Send("{BACKSPACE}")
Send("20")
Send("{F1}")
$n4 = 17
Send("{DOWN " & $n4 &"}")
$n5 = 4
Send("{BACKSPACE " & $n5 &"}")
$n5 = 4
Send("{BACKSPACE " & $n5 &"}")
Send("1010")
$n6 = 3
Send("{DOWN " & $n6 &"}")
$n7 = 4
Send("{BACKSPACE " & $n7 &"}")
Send("1010")
$n8 = 3
Send("{DOWN " & $n8 &"}")
$n9 = 4
Send("{BACKSPACE " & $n9 &"}")
Send("1010")
$n10 = 3
Send("{DOWN " & $n10 &"}")
$n11 = 4
Send("{BACKSPACE " & $n11 &"}")
Send("1010")
Send("{F1}")
Send("{F1}")
WinClose("Telnet 172.16.34.13")

I'm trying to get this to work in a scheduled task while my session is locked.

From what i understand Send() does not work on a locked station and has to be replaced by ControlSend() but i can't seem to make it work on my opened telnet window

Has anyone faced this situation and could give a hand ?

 

Link to comment
Share on other sites

Tried using StdinWrite to no avail

So went back to using ControlSend and looks like i got it working with this syntax :

ControlSend ("C:\Windows\System32\telnet.exe","","","open 172.16.34.13{ENTER}")

It works fine when i run the .au3 file, the compiled .exe has no problem either

However, once compiled, added to scheduled task and ran while the session is disconnected, here is the output in the telnet window :

open &èé;&-;"';&"

I'm on a french keyboard layout and it looks like CAPSLOCK gets turned on :

& = 1

è = 7

é = 2

I tried adding the flag " $SEND_RAW (1)" to the ControlSend, but nothing changes

Any idea on what is happening ?

Link to comment
Share on other sites

Here's the full script by the way :

#autoit3wrapper_usex64=n ; runs the script in 32 bit program mode
; Use False to disable redirection, it will only apply to the program if running as 32 bit process
_Wow64FsRedirection(False)
Run("C:\Windows\System32\telnet.exe")
_Wow64FsRedirection(True)
; http://www.autoitscript.com/forum/topic/111647-macro-problem-in-win7-x64/#entry790037
Func _Wow64FsRedirection($state)
    ; Disables or reverts the filesystem redirector for a 32 bit process running on 64bit OS
    If Not @AutoItX64 And @OSArch = 'X64' Then
        If $state Then
            DllCall("kernel32.dll", "int", "Wow64RevertWow64FsRedirection", "int", 0)
        Else
            DllCall("kernel32.dll", "int", "Wow64DisableWow64FsRedirection", "int", 0); or 1 as per help
        EndIf
        If @error Then Return SetError(1)
    EndIf
EndFunc
WinWait("C:\Windows\system32\cmd.exe", "", 2)
ControlSend ("C:\Windows\System32\telnet.exe","","","open 172.16.34.13{ENTER}","$SEND_DEFAULT (0)")
Sleep(1000)
ControlSend ("Telnet 172.16.34.13","","","login{ENTER}")
sleep(1000)
ControlSend ("Telnet 172.16.34.13","","","password{ENTER}")
sleep(20000)
ControlSend ("Telnet 172.16.34.13","","","mgr{ENTER}")
sleep(5000)
$n = 13
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n &"}")
ControlSend ("Telnet 172.16.34.13","","","{ENTER}")
sleep(1000)
$n2 = 1
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n2 &"}")
ControlSend ("Telnet 172.16.34.13","","","{ENTER}")
$n3 = 3
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n3 &"}")
ControlSend ("Telnet 172.16.34.13","","","{BACKSPACE}")
ControlSend ("Telnet 172.16.34.13","","","40")
ControlSend ("Telnet 172.16.34.13","","","{F1}")
$n4 = 17
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n4 &"}")
$n5 = 4
ControlSend ("Telnet 172.16.34.13","","","{BACKSPACE " & $n5 &"}")
$n5 = 4
ControlSend ("Telnet 172.16.34.13","","","{BACKSPACE " & $n5 &"}")
ControlSend ("Telnet 172.16.34.13","","","1010")
$n6 = 3
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n6 &"}")
$n7 = 4
ControlSend ("Telnet 172.16.34.13","","","{BACKSPACE " & $n7 &"}")
ControlSend ("Telnet 172.16.34.13","","","1010")
$n8 = 3
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n8 &"}")
$n9 = 4
ControlSend ("Telnet 172.16.34.13","","","{BACKSPACE " & $n9 &"}")
ControlSend ("Telnet 172.16.34.13","","","1010")
$n10 = 3
ControlSend ("Telnet 172.16.34.13","","","{DOWN " & $n10 &"}")
$n11 = 4
ControlSend ("Telnet 172.16.34.13","","","{BACKSPACE " & $n11 &"}")
ControlSend ("Telnet 172.16.34.13","","","1010")
ControlSend ("Telnet 172.16.34.13","","","{F1}")
ControlSend ("Telnet 172.16.34.13","","","{F1}")
WinClose("Telnet 172.16.34.13")

 

Link to comment
Share on other sites

Remove quotes and (0), just put $SEND_DEFAULT or $SEND_RAW.  What is in parenthesis is the value of the constant ($SEND_DEFAULT or $SEND_RAW)

ControlSend ("C:\Windows\System32\telnet.exe","","","open 172.16.34.13{ENTER}", $SEND_RAW)

or

ControlSend ("C:\Windows\System32\telnet.exe","","","open 172.16.34.13{ENTER}", 1)

both are identical

Link to comment
Share on other sites

I used the second method :

ControlSend ("C:\Windows\System32\telnet.exe","","","open 172.16.34.13{ENTER}", 1)

When testing in the telnet window the output was :

open 172.16.34.13{ENTER}

So i modified to the following :

ControlSend ("C:\Windows\System32\telnet.exe","","","open 172.16.34.13", 1)
ControlSend ("C:\Windows\System32\telnet.exe","","","{ENTER}")

But i still get the same output when ran in a scheduled task and logged off :

Microsoft Telnet> open &èé;&-;"';&"

 

Link to comment
Share on other sites

Tested on my computer.  I have also a french OS and french Keyboard.  

Compiled x86 (32 bits)

Made a one run task at specific time.  

Locked computer.

Works as intended.

image.png.f310563ce879b7991a1b596ecee27e0d.png

#autoit3wrapper_usex64=n
#include <WinAPIFiles.au3>

Opt("WinTitleMatchMode", -2)

_WinAPI_Wow64EnableWow64FsRedirection(False)
Run("telnet.exe", "", @SW_SHOW)

Local $hWnd = WinWait("telnet")
ControlSend($hWnd, "", "", "open 172.16.34.13")

 

Edited by Nine
Link to comment
Share on other sites

Posted (edited)

Modified my script to add your solution and it looks like i still have the same behaviour through a scheduled task

image.png.32240eaca63076f7310e23e6a034902f.png

Now there is a subtlety about the locked session. It's not locked like when you press Win + L. It's a remote rdp session that I intentialy close this way :

image.png.492d1a61f93ddd996fa9b94435f33a24.png

In the scheduled task here are the parameters i use :
image.png.7c75ca2ae58976f98c819a9395e4ba5b.png
 
This is the only way i have seen the telnet session being really initiated. Maybe i'm doing something wrong ?

 

 

 

Edited by Sphax479
Link to comment
Share on other sites

3 hours ago, Sphax479 said:

It's a remote rdp session that I intentialy close this way

That could be the difference, I don't know.  As for the parameters of the task, I used the same.

Link to comment
Share on other sites

See the remarks in the help of controlsend

* Try an underscore after open instead of space

* try 3 controlsends as separate commands

Open,Ip,Enter

sorry no solution just some more things to experiment.

Under the hood of controlsend its probably sendmessage and postmessage win32 api.

Maybe keybd_event or sendinput can help but no quarantee 

Get key state commands can help finding out if shift or capslock is on.

Link to comment
Share on other sites

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...