Using Powershell with TSS

admin 好物分享

 

Searching Secret Server in PowerShell

Secret Server webservices can be called using scripts. To authenticate and search for a secret in PowerShell, use the procedure below.

  1. Save the script below to a file, such as searchsecret.ps1.
  2. Change the script as needed to match your Secret Server and username/password/domain.
  3. Change the $searchterm to match your search.
  4. Open a command window (cmd.exe).
  5. Navigate to the same directory as searchsecret.ps1.
  6. Run the script by using ./searchsecret.ps1 OR powershell ./searchsecret.ps1.

$url = 'http://mysecretserver/webservices/sswebservice.asmx';
$username = 'myusername'
$password = 'mypassword'
$domain = 'mydomain'   # leave blank for local users
$searchterm = 'VPN'
$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential
# get a token for further use by authenticating using username/password
$result1 = $proxy.Authenticate($username, $password, '', $domain)
if ($result1.Errors.length -gt 0){
$result1.Errors[0]
exit

else 
{
$token = $result1.Token
}
# search secrets with our searchterm (authenticate by passing in our token)
Write-Host 'Searching for: ' $searchterm
$result2 = $proxy.SearchSecrets($token, $searchterm,$null,$null)
if ($result2.Errors.length -gt 0){
$result2.Errors[0]
}
else
{
Write-Host 'Got search results: ' $result2.SecretSummaries.length
# If you want the data as XML
# $xml = convertto-xml $result2.SecretSummaries -As string -Depth 20
# $xml
$result2.SecretSummaries | ForEach-Object { Write-Host 'SecretId:' $_.SecretId '  Name:' $_.SecretName  ' FolderId:' $_.FolderId }
# if ($result2.SecretSummaries.length -gt 0) {
# $result2.SecretSummaries[0]
# }
}  

Using Secret Fields in Scripts

Secret Server supports using PowerShell, SSH, and SQL scripts as dependencies on a secret. These scripts can use information on the secret through the field name prepended with a $. For example, $DOMAIN$PASSWORD, or $USERNAME. Linked secrets are accessible by $[1]$FIELDNAME for the first linked secret, $[2]$FIELDNAME for the second, and so on.

There are two contexts in which script dependencies run:

For a complete list of tokens that are available to script dependencies, see List of Dependency Tokens.

Create a New Dependency Changer

From Delinea Documentation: 

Create a New Dependency Changer for Synchronizing Passwords During RPC

Replace $url with the name of the machine hosting your Secret Server instance.


$url = 'http://MySecretServerURL/webservices/sswebservice.asmx';
$username = $Args[0]
$password = $Args[1]
$newpassword = $Args[2]
$secretIdArray = $Args[3]
$domain = $Args[4]
$proxy = New-WebServiceProxy -uri $url -UseDefaultCredential
$result1 = $proxy.Authenticate($username, $password, '', $domain)
if ($result1.Errors.length -gt 0){
    $errors = $result1.Errors[0]
    Write-Debug "Errors result1: $errors"
    exit
} else {
    $token = $result1.Token
}
$secretIds = $secretIdArray -split ","
foreach($secretId in $secretIds){
    $result2 = $proxy.GetSecret($token, $secretId, $false, $null)
    if ($result2.Errors.length -gt 0){
        $errors = $result2.Errors[0]
        Write-Debug "Errors result2: $errors" 
    } else {
        $secretName = $result2.Secret.Name
        Write-Debug "Updating Secret: $secretName"
        foreach ($item in $result2.Secret.Items) {
            if($item.IsPassword) {
                $item.Value = $newpassword
            }
        }
        $secret = $result2.Secret
        $result3 = $proxy.UpdateSecret($token, $secret)
        if ($result3.Errors.length -gt 0) {
        $errors = $result3.Errors[0]
            Write-Debug "Errors result3: $errors" 
        } else {
            Write-Debug "Updated Secret: $secretName"
        }
    }
}


References

https://blog.51sec.org

版权声明:
作者:admin
链接:https://www.techfm.club/p/29588.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>