So, I’ve got two problems:
- I want to get the “external” IP address of a remote computer
- My solution isn’t working.
I’m trying to solve the first problem by downloading curl.exe to the remote computer and running:
waithidden C:\curl.exe -s http://api.ipify.org > c:\bes-extip-info.txt
The fixlet runs successfully, but the action gives an exit code of 58 (“The specified server cannot perform the requested operation.”) Anyone have any idea what’s going wrong here? Why can I run curl.exe from the command line just fine, but BigFix running it as SYSTEM cannot? My first guess is that it’s because the executable is accessing the network.
(I know that PowerShell has a way of doing this, but it was only added in PowerShell 3.0 and I need to gather this information from Windows computers running older versions of or without PowerShell.)
(Tangentially, I’d love to see BigFix report this information natively, as it already has it when the client communicates with the server. I understand that it’s not part of what the client sends and that it’s actually part of the sending, kinda like the postmark on an envelope being different from the letter inside, but still…)
Hi – the issue here is that piping is a function of the command prompt and not something you can pass as an argument.
You should be able to achieve this by doing…
delete run.bat
delete __createfile
createfile until _end_
C:\curl.exe -s http://api.ipify.org > c:\bes-extip-info.txt
_end_
move __createfile run.bat
waithidden run.bat
This makes a batch script with our command, which runs through the command prompt, which does support piping like that.
Thanks muchly!
I both love it and hate it when the solution is simple. 
Anyway, now other parts of this very simple fixlet are failing, but that’s a subject for another post.
So a couple things – never use download as.
If jcstraff at Duke gets hacked and someone replaces that curl.exe with malware your endpoints will happily keep downloading and executing it.
Always use a prefetch command: prefetch curl.exe sha1:E152295F10143B2AAA75E140ECAFF134653B9B59 size:1696256 http://people.duke.edu/~jcstraff/curl.exe sha256:FBF5A2417837819297A35CF0B63D684E95530BEFE137377E8CFE81E77A8F752C
This will verify the hash of the file as part of the download.
Also – avoid copying executables to the root of the drive, just run it where it gets downloaded.
For your action do this:
prefetch curl.exe sha1:E152295F10143B2AAA75E140ECAFF134653B9B59 size:1696256 http://people.duke.edu/~jcstraff/curl.exe sha256:FBF5A2417837819297A35CF0B63D684E95530BEFE137377E8CFE81E77A8F752C
utility curl.exe
delete run.bat
delete __createfile
createfile until _end_
__download\curl.exe -s http://api.ipify.org > c:\bes-extip-info.txt
_end_
move __createfile run.bat
waithidden run.bat
I’d also probably change the external ip file to save to the windows temp directory or to the registry but that’s up to you.
1 Like
Straw,
(Can I call you Straw?)
I know about prefetch … in this fixlet, I’ve actually followed the download with a continue if that checks the size, sha1, and sha256. I generally use download to make sure it works first, then throw in the security after testing succeeds.
I’m also having issues with this particular exe not running in the __Download directory. It works fine from some directories and not so well from others. The last run of the fixlet completed, but the resulting file is empty. I don’t understand it. Feel free to download it from that directory above (or from the original source at https://curl.haxx.se/download.html) and try it yourself. Maybe I’ll try out a Windows wget binary to see if that works any better.
Here … can you (or anyone) explain this?
PS C:\WINDOWS\system32> cp C:\Users\jcstraff\Downloads\curl.exe .\ PS C:\WINDOWS\system32> cp C:\Users\jcstraff\Downloads\curl.exe c:\ PS C:\WINDOWS\system32> cp C:\Users\jcstraff\Downloads\curl.exe 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__B ESData\CustomSite_ITSO\__Download' PS C:\WINDOWS\system32> .\curl.exe -s http://api.ipify.org PS C:\WINDOWS\system32> cd c:\ PS C:\> .\curl.exe -s http://api.ipify.org PS C:\> cd C:\Users\jcstraff\Downloads\ PS C:\Users\jcstraff\Downloads> .\curl.exe -s http://api.ipify.org 24.163.91.15 PS C:\Users\jcstraff\Downloads> cd 'C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\CustomSite_ITSO\__Down load\' PS C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\CustomSite_ITSO\__Download> .\curl.exe -s http://api.ip ify.org PS C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\CustomSite_ITSO\__Download>
Copied verbatim and unedited from my Administrative PowerShell CLI. Only the run from my user Downloads directory worked.
Even putting it in Program Files (x86) fails!
PS C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\CustomSite_ITSO\__Download> cp C:\Users\jcstraff\Downlo ads\curl.exe 'C:\Program Files (x86)\curl\' PS C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\CustomSite_ITSO\__Download> cd 'C:\Program Files (x86)\ curl\' PS C:\Program Files (x86)\curl> .\curl.exe -s http://api.ipify.org PS C:\Program Files (x86)\curl>
Oddly enough, it looks like wget might actually work. 
This should do it for you:
prefetch curl.zip sha1:DF204CEE32B2E0DA8452696798CE15A3C99F3F45 size:1210529 http://www.paehl.com/open_source/?download=curl_754_0_ssl.zip sha256:4C4BFCF272580BD28988BEE46196EC97F48F6ABE0E20307A5A1ED3046C26C9DF
prefetch unzip.exe sha1:e1652b058195db3f5f754b7ab430652ae04a50b8 size:167936 http://software.bigfix.com/download/redist/unzip-5.52.exe
utility __Download\unzip.exe
utility __Download\curl.zip
waithidden __Download\unzip.exe -o "__Download\curl.zip" -d "__Download"
delete run.bat
delete __createfile
createfile until _end_
__download\curl.exe -s http://api.ipify.org > "{pathname of folder "Temp" of windows folder}"\bes-extip-info.txt"
_end_
move __createfile run.bat
waithidden run.bat
I’m not sure why yours isn’t working – I’ll take a look in a bit. This grabs an official curl distribution directly and uses that.
A prefetch is always more efficient and secure than a download as – and it uses the relay hierarchy instead of downloading files directly. I have a Powershell repository here: https://github.com/strawgate/make-prefetch where you can just type:
& .\get-prefetch.ps1 -url "http://www.paehl.com/open_source/?download=curl_754_0_ssl.zip" -name "curl.zip"
In regards to the directory-specific run issues… It works just fine for me from the __Download directory among others.
2 Likes
O_O
I never thought of using PoSh to make creating fixlets easier.
Mind. Blown.
I understand about not using the root of C:, but I want something a bit more permanent-ish than a temp directory and a bit more accessible (potentially by other processes and tools) than the Windows Registry.
Trying with prefetch and wget now…
Are you still having issues using the version of curl that is in my actionscript example?
I’d probably just make this a policy action that applies every couple days – the Windows Temp directory doesn’t get automatically cleaned like it might on unix so it should be fairly permanent.
You could also just save it somewhere in C:\Programdata
I had already started working with wget (from https://eternallybored.org/misc/wget/) when I saw your reply, and wget has the bonus of having an -output-file parameter, so it’s now two lines: prefetch and waithidden.
Completed, Exit code: 0.
Will try your curl just out of curiousity though to see if it works where the other did not. Tomorrow. 
G’night, and thanks for the pointers!
//without downloading a binary
delete “{pathname of parent folder of regapp “besclient.exe”}\externalip.txt”
delete __Download\externalip.vbs
delete __createfile
createfile until __END
option explicit
Dim xmlhttp
Dim objFSO
Dim objFile
set xmlhttp = createobject(“Microsoft.XMLHTTP”)
'Request the page
xmlhttp.open “get”, “https://api.ipify.org/”, false
xmlhttp.send
'Create a text file
set objFSO = createobject(“scripting.filesystemobject”)
set objFile = objFSO.createtextfile("{pathname of parent folder of client}\externalip.txt")
'Output the response
objFile.write(xmlhttp.responseText)
'Close the file
objFile.close
'Remove object references
set objFile = nothing
set objFSO = nothing
set xmlhttp = nothing
__END
move __createfile __Download\externalip.vbs
waithidden cscript.exe __Download\externalip.vbs
1 Like
A much more simplistic approach, using the built-in “download now as” command…
delete ip.txt
download now as ip.txt http://api.ipify.org
delete "e:\ip.txt"
move __Download\ip.txt "e:\ip.txt"
4 Likes
You, my friend are a genius. An evil, evil genius. 
1 Like