Hello,
Our new Anti-Ransomware product needs a way to shut mac systems down.
Something like ‘echo <password> | sudo –S shutdown –h now ‘ deployed via ssh would probably do the job; However we are using LAPS script by Phil Redfern (root password is also stored as an extension attribute).
The question is how to get the LAPS password out of Jamf – the Anti-Ransomware product uses PowerShell?
Any ideas?
Thanks, Regards, JK
In general, EA's can definitely be pulled with an `Invoke-RestMethod -Method Get` via the API for the computer record. From there you would just need to drill down to the specific information you need.
In general, EA's can definitely be pulled with an `Invoke-RestMethod -Method Get` via the API for the computer record. From there you would just need to drill down to the specific information you need.
Hi Kendal, Thanks for your reply - much appreciated.
I know a bit about Jamf (but I’m not a scripting guru) and the aniransomware guy knows his PowerShell but we are struggling. Does he need to authenticate to Jamf to get the data (that’s my logic).
Phil Redfern’s script looks like this:
udid=$(/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hardware UUID:/ { print $3 }')
xmlString="<?xml version=\\"1.0\\" encoding=\\"UTF-8\\"?><computer><extension_attributes><extension_attribute><name>LAPS</name><value>$newPass</value></extension_attribute></extension_attributes></computer>"
extAttName="\\"LAPS\\""
oldPass=$(curl -s -f -u $apiUser:$apiPass -H "Accept: application/xml" $apiURL/JSSResource/computers/udid/$udid/subset/extension_attributes | xpath -e "//extension_attributername=$extAttName]" 2>&1 | awk -F'<value>|</value>' '{print $2}' | tail -n +1 )
We are looking for value of $oldPass – to get it we need udid first.
What he created so far is:
$apiUser="LAPS-API"
$apiPass="password"
$apiCred = iConvert]::ToBase64String(4Text.Encoding]::Unicode.GetBytes("${apiUser}:${apiPass}"))
$AuthHeader = "Basic ${apiCred}"
$Headers = @{'Authorization' = $AuthHeader}
$apiURL = "https://ourjamfproserver.ac.uk:8443/api/v1/auth/token"
Try {
xml]$XMLResponse = (Invoke-WebRequest -Uri "${apiURL}" -Headers $Headers -Method Post -Body "" -ContentType "application/json").Content
} catch }System.Net.WebException] {
$res = $_.Exception.Response
echo $res
}
$apiURL = "https://ourjamfproserver.ac.uk:8443/JSSResource/computers/name/${Hostname}"
Try {
xml]$XMLResponse = (Invoke-WebRequest -Uri "${apiURL}" -Headers $Headers -Method Post).Content
} catch }System.Net.WebException] {
$res = $_.Exception.Response
echo $res
}
Select-Xml -Xml $XMLResponse -XPath "/"
apiURL2="https://casper.westherts.ac.uk:8443/JSSResource/computers/udid/$udid/subset/extension_attributes"
Pulling my hairs here
JK
Hi Kendal, Thanks for your reply - much appreciated.
I know a bit about Jamf (but I’m not a scripting guru) and the aniransomware guy knows his PowerShell but we are struggling. Does he need to authenticate to Jamf to get the data (that’s my logic).
Phil Redfern’s script looks like this:
udid=$(/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hardware UUID:/ { print $3 }')
xmlString="<?xml version=\\"1.0\\" encoding=\\"UTF-8\\"?><computer><extension_attributes><extension_attribute><name>LAPS</name><value>$newPass</value></extension_attribute></extension_attributes></computer>"
extAttName="\\"LAPS\\""
oldPass=$(curl -s -f -u $apiUser:$apiPass -H "Accept: application/xml" $apiURL/JSSResource/computers/udid/$udid/subset/extension_attributes | xpath -e "//extension_attributername=$extAttName]" 2>&1 | awk -F'<value>|</value>' '{print $2}' | tail -n +1 )
We are looking for value of $oldPass – to get it we need udid first.
What he created so far is:
$apiUser="LAPS-API"
$apiPass="password"
$apiCred = iConvert]::ToBase64String(4Text.Encoding]::Unicode.GetBytes("${apiUser}:${apiPass}"))
$AuthHeader = "Basic ${apiCred}"
$Headers = @{'Authorization' = $AuthHeader}
$apiURL = "https://ourjamfproserver.ac.uk:8443/api/v1/auth/token"
Try {
xml]$XMLResponse = (Invoke-WebRequest -Uri "${apiURL}" -Headers $Headers -Method Post -Body "" -ContentType "application/json").Content
} catch }System.Net.WebException] {
$res = $_.Exception.Response
echo $res
}
$apiURL = "https://ourjamfproserver.ac.uk:8443/JSSResource/computers/name/${Hostname}"
Try {
xml]$XMLResponse = (Invoke-WebRequest -Uri "${apiURL}" -Headers $Headers -Method Post).Content
} catch }System.Net.WebException] {
$res = $_.Exception.Response
echo $res
}
Select-Xml -Xml $XMLResponse -XPath "/"
apiURL2="https://casper.westherts.ac.uk:8443/JSSResource/computers/udid/$udid/subset/extension_attributes"
Pulling my hairs here
JK
Here's a blurb we have used for getting items from within the computer info
$username = "<user>"
$password = "<password>"
$Headers = @{
Authorization = 'Basic {0}' -f {Convert]::ToBase64String(4Text.Encoding]::UTF8.GetBytes(('{0}:{1}' -f $username,$password)))
Accept = 'application/json'
}
$url = "https://<yourURL>:8443/JSSResource/computers/name/$computerName"
$attributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers
$computerInfo = $attributes.computer
Here's a blurb we have used for getting items from within the computer info
$username = "<user>"
$password = "<password>"
$Headers = @{
Authorization = 'Basic {0}' -f [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes(('{0}:{1}' -f $username,$password)))
Accept = 'application/json'
}
$url = "https://<yourURL>:8443/JSSResource/computers/name/$computerName"
$attributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers
$computerInfo = $attributes.computer
Thank you! We should be able to test next week :)
Thank you! We should be able to test next week :)
Hi Kendal,
We run the script but the url results in error ‘not found’…
Real values replaced with Angle brackets – script run has real values.
$username = <username>
$password = <password>
$computername = <hostname>
$Headers = @{
Authorization = 'Basic {0}' -f {Convert]::ToBase64String(4Text.Encoding]::UTF8.GetBytes(('{0}:{1}' -f $username,$password)))
Accept = 'application/json'
}
$url = "https://<jamfurl>:8443/JSSResource/computers/name/${computername}"
write-host $url
$attributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers
$computerInfo = $attributes.computer
this it the output:
PS C:\\Users\\Administrator> C:\\temp\\JAMF-get-computer-info.ps1
https://<jamfurl>:8443/JSSResource/computers/name/<hostname>
Invoke-RestMethod :
Status page
Not Found
The server has not found anything matching the request URI
You can get technical details here.
Please continue your visit at our home page.
At C:\\temp\\JAMF-get-computer-info.ps1:13 char:15
+ ... ttributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) eInvoke-RestMethod], WebExceptio
n
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS C:\\Users\\Administrator>
What am I doing wrong?
Hi Kendal,
We run the script but the url results in error ‘not found’…
Real values replaced with Angle brackets – script run has real values.
$username = <username>
$password = <password>
$computername = <hostname>
$Headers = @{
Authorization = 'Basic {0}' -f {Convert]::ToBase64String(4Text.Encoding]::UTF8.GetBytes(('{0}:{1}' -f $username,$password)))
Accept = 'application/json'
}
$url = "https://<jamfurl>:8443/JSSResource/computers/name/${computername}"
write-host $url
$attributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers
$computerInfo = $attributes.computer
this it the output:
PS C:\\Users\\Administrator> C:\\temp\\JAMF-get-computer-info.ps1
https://<jamfurl>:8443/JSSResource/computers/name/<hostname>
Invoke-RestMethod :
Status page
Not Found
The server has not found anything matching the request URI
You can get technical details here.
Please continue your visit at our home page.
At C:\\temp\\JAMF-get-computer-info.ps1:13 char:15
+ ... ttributes = Invoke-RestMethod -Method Get -Uri $url -Headers $Headers ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) eInvoke-RestMethod], WebExceptio
n
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS C:\\Users\\Administrator>
What am I doing wrong?
Presuming you're using Jamf Cloud, remove :8443 from your URL?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.