Checking for Python module CTX version - piping output to file

shoerman 2022-05-25 18:46:09 UTC #1

I hope this helps someone else.
Some of you maybe checking the Python module CTX version, because of the hack attack on the repository.
So my plan is to use the pip command to output the module details and read them back with an analysis.
the command to get the modules details including version number is
pip show ctx
I used this command in the QnA debugger and it worked fine but it did not work in an action script it just created a blank text file.
so in the end, I had to run it as current user to get the output I wanted. I guess pip modules are user based?

delete __createfile
delete run.bat
createfile until _end_
pip show ctx >> c:\temp\PythonCTX.txt
_end_
move __createfile run.bat
override wait
runas=currentuser
completion=job
hidden=true
wait run.bat

shoerman 2022-05-26 11:52:25 UTC #3

and if you add this part, Jason Walker helped me with this last part. you can get the sha1 to see if the file is the hacked file carrying malware.

(pathname of it, creation time of it, modification time of it, size of it, sha1 of it) of files ((it as trimmed string & “\ctx.py”) of (following texts of firsts “Location:” of lines of file (“C:\temp\PythonCTX.txt”)))

shoerman 2022-05-26 12:33:33 UTC #4

so the way this works is, you put the first part into a fixlet, this outputs the CTX details to a file.
you send this out to the target machines.
then build an analysis to read back the contents of the file.

analysis property 1
lines of file “C:\temp\PythonCTX.txt”

analysis property 2
(pathname of it, creation time of it, modification time of it, size of it, sha1 of it) of files ((it as trimmed string & “\ctx.py”) of (following texts of firsts “Location:” of lines of file (“C:\temp\PythonCTX.txt”)))