Reconstructed from local transcripts via the new recovery engine. These were substantive sessions never saved with /save. All banner-marked RECOVERED-UNVERIFIED. Notable recoveries: Peaceful Spirit RADIUS/VPN buildout (full command trail), RMM agent check-in comparison, Kristen Datto Workplace sync, Intune+Apple. guru-rmm/guru-connect-scoped logs routed to root session-logs (submodule convention). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
6839 lines
330 KiB
Markdown
6839 lines
330 KiB
Markdown
# [RECOVERED] Add client for Swanson, Len in RMM
|
|
|
|
> **[RECOVERED -- UNVERIFIED]** Auto-reconstructed from transcript 5c0c8d60-76ff-4827-ae2e-836c341aa8a2 (2026-05-22T15:24:29.727Z .. 2026-05-22T20:32:35.460Z) on 2026-06-01. Prose sections are Ollama-drafted from the transcript and may be imprecise; the Commands/Config/Reference sections are extracted verbatim. Review and correct, then remove this banner.
|
|
|
|
## User
|
|
- **User:** Mike Swanson (mike)
|
|
- **Machine:** GURU-5070
|
|
- **Role:** admin
|
|
|
|
## Session Summary
|
|
|
|
The session began with adding a client named 'Swanson, Len' to the GuruRMM system. This involved checking the API endpoints, retrieving admin credentials from the vault, and using a JWT token to authenticate and create the client. Next, a site was added for the client, with the site named 'Home' and an enrollment key provided for deploying agents. The user then requested a shortcut to force kill Chrome on the client's machine. Since no agents were enrolled, the assistant created a `.bat` file for manual deployment. After confirming an agent was running, the assistant pushed the shortcut to the client's desktop.
|
|
|
|
The session also addressed a VPN policy match error on Mara's home machine. The assistant ran diagnostics on the machine and checked the RRAS server, identifying an issue with NPS policy configuration. The assistant confirmed the group SID condition and the default policies were set to deny dial-in, which was the root cause of the error. The assistant planned to adjust the NPS policy to allow the group and investigate why recent attempts were not logging in the NPS system.
|
|
|
|
## Key Decisions
|
|
|
|
- Use JWT token for authentication to create the client and site in GuruRMM.
|
|
- Create a `.bat` file for manual deployment of the shortcut to kill Chrome due to no enrolled agents.
|
|
- Diagnose Mara's home machine by focusing on the reachable machine and checking RRAS and NPS configurations.
|
|
- Adjust NPS policies to allow dial-in for the group 'WseRemoteAccessUsers' to resolve the policy match error.
|
|
|
|
## Problems Encountered
|
|
|
|
- No agents were enrolled for the client, preventing remote deployment of the shortcut.
|
|
- Mara's home machine had a "Policy Match Error" due to NPS policy configuration denying dial-in.
|
|
- Recent L2TP attempts were not logging in NPS, indicating a possible misconfiguration or issue with the NPS system.
|
|
|
|
## Configuration Changes
|
|
|
|
_Machine-extracted verbatim from the transcript (file targets of Write/Edit/NotebookEdit)._
|
|
|
|
- none detected
|
|
|
|
## Credentials & Secrets
|
|
|
|
_Machine-extracted; review carefully -- secrets are not auto-harvested from transcripts._
|
|
|
|
- none detected (verify against the Commands & Outputs section)
|
|
|
|
## Infrastructure & Servers
|
|
|
|
_Machine-extracted verbatim (IP / hostname regex hits across the whole transcript)._
|
|
|
|
- **IPs:** `172.16.3.30`, `172.16.3.36`, `98.190.129.150`, `192.168.0.2`, `192.168.0.240`, `172.16.3.10`, `72.194.62.5`, `3.20.0.3`, `104.26.9.237`, `2.5.29.15`, `2.5.29.14`, `2.5.29.17`, `2.5.29.35`, `2.5.29.20`, `192.168.0.0`, `192.168.0.10`, `0.0.0.0`, `1.0.0.0`, `129.222.129.171`
|
|
- **Hosts:** `context.md`, `rmm.azcomputerguru.com`, `git.azcomputerguru.com`, `gururmm-build.log`, `webhook-handler.py`, `build-agents.sh`, `vault.sh`, `gururmm-site-main.sops.yaml`, `lens-auto-brokerage.sops.yaml`, `apple-developer-program.sops.yaml`, `gururmm-server.sops.yaml`, `api-server.sops.yaml`, `rmm-api.azcomputerguru.com`, `dashboard.sops.yaml`, `azcomputerguru.com`, `chrome.exe`, `bhvplveby.txt`, `trustee.name`, `cascades.local`, `mod.rs`, `install.rs`, `agents.rs`, `logs.rs`, `policies.rs`, `main.rs`, `updates.rs`, `mspbackups.rs`, `alerts.rs`, `clients.rs`, `enroll.rs`, `metrics.rs`, `commands.rs`, `chrome.lnk`, `bjy2l01r0.output`, `2026-05-12-guru-rmm-macos-agent-phase1.md`, `2026-05-15-session.md`, `2026-05-20-session.md`, `2026-05-21-session.md`, `esbuild.exe`, `libvips-42.dll`
|
|
|
|
## Commands & Outputs
|
|
|
|
_Machine-extracted verbatim: mutating Bash/PowerShell commands with truncated output._
|
|
|
|
```
|
|
curl -s "http://172.16.3.30:3001/api/clients" 2>&1 | head -100
|
|
```
|
|
Output: Missing authorization header
|
|
|
|
```
|
|
bash "D:/claudetools/.claude/scripts/vault.sh" search "gururmm" 2>&1
|
|
```
|
|
Output: clients/cascades-tucson/gururmm-site-main.sops.yaml:name: GuruRMM Site Enrollment Key - Cascades of Tucson / CascadesTucson
|
|
clients/cascades-tucson/gururmm-site-main.sops.yaml: - gururmm
|
|
clients/imc/gururmm-site-main.sops.yaml:name: GuruRMM Site Enrollment Key - Instrumental Music Center / IMCMai ... [truncated]
|
|
|
|
```
|
|
bash "D:/claudetools/.claude/scripts/vault.sh" get "projects/gururmm/api-server.sops.yaml" 2>&1
|
|
```
|
|
Output: kind: api-key
|
|
name: GuruRMM API Server
|
|
external-url: https://rmm-api.azcomputerguru.com
|
|
internal-url: http://172.16.3.30:3001
|
|
status: active
|
|
tags:
|
|
- gururmm
|
|
- project
|
|
credentials:
|
|
credential: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
|
|
credential_encryption_key: 6d38f7d3cec9d62998e3 ... [truncated]
|
|
|
|
```
|
|
bash "D:/claudetools/.claude/scripts/vault.sh" get "projects/gururmm/dashboard.sops.yaml" 2>&1
|
|
```
|
|
Output: kind: service
|
|
name: GuruRMM Dashboard
|
|
url: https://rmm.azcomputerguru.com
|
|
status: active
|
|
tags:
|
|
- gururmm
|
|
- project
|
|
credentials:
|
|
username: admin@azcomputerguru.com
|
|
password: GuruRMM2025
|
|
notes: Admin role.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token // .access_token // empty')
|
|
echo "TOKEN: $TOKEN"
|
|
```
|
|
Output: TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/clients" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d '{"name":"Swanson, Len"}' | jq .
|
|
```
|
|
Output: {
|
|
|
|
"id": "607ab79d-b8de-47f2-958d-3c4dd2dd2fae",
|
|
|
|
"name": "Swanson, Len",
|
|
|
|
"code": null,
|
|
|
|
"notes": null,
|
|
|
|
"is_active": true,
|
|
|
|
"created_at": "2026-05-22T15:25:50.776077Z",
|
|
|
|
"site_count": 0
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/sites" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d '{"client_id":"607ab79d-b8de-47f2-958d-3c4dd2dd2fae","name":"Home"}' | jq .
|
|
```
|
|
Output: {
|
|
|
|
"site": {
|
|
|
|
"id": "61eda0bf-b41d-4659-9a28-38ada5560836",
|
|
|
|
"client_id": "607ab79d-b8de-47f2-958d-3c4dd2dd2fae",
|
|
|
|
"client_name": "Swanson, Len",
|
|
|
|
"name": "Home",
|
|
|
|
"site_code": "BRIGHT-STORM-7663",
|
|
|
|
"api_key": "grmm_kddvBtL6A6qpMQWyqqXV8Rv5jpBtcuO6",
|
|
|
|
"address": null, ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s "http://172.16.3.30:3001/api/agents?site_id=61eda0bf-b41d-4659-9a28-38ada5560836" \
|
|
-H "Authorization: Bearer $TOKEN" | jq .
|
|
```
|
|
Output: <persisted-output>
|
|
Output too large (34.7KB). Full output saved to: C:\Users\guru\.claude\projects\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tool-results\bhvplveby.txt
|
|
|
|
Preview (first 2KB):
|
|
[
|
|
|
|
{
|
|
|
|
"id": "49098c52-542b-44de-bef2-93182280bdc6",
|
|
|
|
"hostname": "ACG-DC16",
|
|
|
|
"os_type ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check available script/command run endpoints
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/run-script" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d '{
|
|
"language": "powershell",
|
|
"script": "$WshShell = New-Object -ComObject WScript.Shell\n$Shortcut = $WshShell.CreateShortcut(\"$env:PUBLIC\\Desktop\\Kill Chrome.lnk\")\n$Shortcut.TargetPath = \"cmd.exe\"\n$Shortcut.Arguments = \"/c taskkill /F /IM chrome.exe\"\n$Shortcut.Description = \"Force Kill Chrome\"\n$Shortcut.Save()"
|
|
}' | jq .
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Try the scripts endpoint directly
|
|
curl -s -X POST "http://172.16.3.30:3001/api/scripts/run" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d '{
|
|
"agent_id": "7236a75d-2033-4a07-8161-50a312fa08f3",
|
|
"language": "powershell",
|
|
"script": "$WshShell = New-Object -ComObject WScript.Shell\n$Shortcut = $WshShell.CreateShortcut(\"$env:PUBLIC\\Desktop\\Kill Chrome.lnk\")\n$Shortcut.TargetPath = \"cmd.exe\"\n$Shortcut.Arguments = \"/c taskkill /F /IM chrome.exe\"\n$Shortcut.Description = \"Force Kill Chrome\"\n$Shortcut.Save()"
|
|
}' | jq .
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check what endpoints exist
|
|
curl -sv "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/run-script" \
|
|
-H "Authorization: Bearer $TOKEN" 2>&1 | grep -E "< HTTP|{|}"
|
|
```
|
|
Output: < HTTP/1.1 404 Not Found
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check all available API routes
|
|
curl -s "http://172.16.3.30:3001/api" -H "Authorization: Bearer $TOKEN" | jq . 2>/dev/null
|
|
curl -sv "http://172.16.3.30:3001/api/" 2>&1 | grep "< HTTP"
|
|
# Try common script endpoint patterns
|
|
for ep in "scripts" "commands" "tasks" "run" "execute"; do
|
|
STATUS=$(curl -so /dev/null -w "%{http_code}" "http://172.16.3.30:3001/api/$ep" -H "Authorization: Bearer $TOKEN")
|
|
echo "$ep -> $STATUS"
|
|
done
|
|
```
|
|
Output: < HTTP/1.1 404 Not Found
|
|
scripts -> 200
|
|
commands -> 200
|
|
tasks -> 404
|
|
run -> 404
|
|
execute -> 404
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s "http://172.16.3.30:3001/api/scripts" -H "Authorization: Bearer $TOKEN" | jq . | head -40
|
|
curl -s "http://172.16.3.30:3001/api/commands" -H "Authorization: Bearer $TOKEN" | jq . | head -40
|
|
```
|
|
Output: [
|
|
|
|
{
|
|
|
|
"id": "cef8a25b-4270-42b8-b055-d8a2d13d39a7",
|
|
|
|
"name": "Add SSH key cmd",
|
|
|
|
"description": "",
|
|
|
|
"shell": "cmd",
|
|
|
|
"script_body": "@echo off\r\nmd \"C:\\Users\\Administrator\\.ssh\" 2>nul\r\necho ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjK ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='$WshShell = New-Object -ComObject WScript.Shell; $Shortcut = $WshShell.CreateShortcut("C:\\Users\\Public\\Desktop\\Kill Chrome.lnk"); $Shortcut.TargetPath = "cmd.exe"; $Shortcut.Arguments = "/c taskkill /F /IM chrome.exe"; $Shortcut.IconLocation = "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0"; $Shortcut.Description = "Force Kill Chrome"; $Shortcut.Save(); Write-Output "Shortcut created."'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/commands" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "{\"agent_id\":\"7236a75d-2033-4a07-8161-50a312fa08f3\",\"command_type\":\"powershell\",\"command_text\":\"$SCRIPT\"}" | jq .
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Use a here-string approach to avoid shell escaping issues
|
|
PAYLOAD=$(cat <<'EOF'
|
|
{
|
|
"agent_id": "7236a75d-2033-4a07-8161-50a312fa08f3",
|
|
"command_type": "powershell",
|
|
"command_text": "$WshShell = New-Object -ComObject WScript.Shell; $sc = $WshShell.CreateShortcut('C:\\Users\\Public\\Desktop\\Kill Chrome.lnk'); $sc.TargetPath = 'cmd.exe'; $sc.Arguments = '/c taskkill /F /IM chrome.exe'; $sc.IconLocation = 'C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0'; $sc.Description = 'Force Kill Chrome'; $sc.Save(); Write-Output 'Shortcut created.'"
|
|
}
|
|
EOF
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/commands" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD"
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -sv -X POST "http://172.16.3.30:3001/api/commands" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{"agent_id":"7236a75d-2033-4a07-8161-50a312fa08f3","command_type":"powershell","command_text":"Write-Output test"}' 2>&1 | grep -E "< HTTP|^\{|^Error|response"
|
|
```
|
|
Output: < HTTP/1.1 405 Method Not Allowed
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Try agent-scoped command endpoint
|
|
curl -sv -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/commands" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{"command_type":"powershell","command_text":"Write-Output test"}' 2>&1 | grep -E "< HTTP|^\{|^[a-z]"
|
|
```
|
|
Output: < HTTP/1.1 404 Not Found
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# commands GET worked - let's see what methods it does accept
|
|
curl -sv -X GET "http://172.16.3.30:3001/api/commands" \
|
|
-H "Authorization: Bearer $TOKEN" 2>&1 | grep -E "< HTTP|Allow:"
|
|
|
|
# Also check the existing command record to see its full shape
|
|
curl -s "http://172.16.3.30:3001/api/commands" \
|
|
-H "Authorization: Bearer $TOKEN" | python3 -c "import json,sys; d=json.load(sys.stdin); print(json.dumps(d[0] if d else {}, indent=2))" 2>&1 | head -20
|
|
```
|
|
Output: < HTTP/1.1 200 OK
|
|
/usr/bin/bash: line 17: python3: command not found
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s "http://172.16.3.30:3001/api/commands" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '.[0]'
|
|
```
|
|
Output: {
|
|
|
|
"id": "5be8d2c5-b9fe-4143-94f6-bd7e6ffbc220",
|
|
|
|
"agent_id": "6766e973-e703-47c1-be56-76950290f87c",
|
|
|
|
"command_type": "powershell",
|
|
|
|
"command_text": "Set-GPPermissions -Name \"CSC - Reception Workstation Policy\" -TargetName \"Authenticated Users\" -TargetType Group -PermissionLevel GpoRead ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/commands" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{
|
|
"command_type": "powershell",
|
|
"command": "$WshShell = New-Object -ComObject WScript.Shell; $sc = $WshShell.CreateShortcut(\"C:\\Users\\Public\\Desktop\\Kill Chrome.lnk\"); $sc.TargetPath = \"cmd.exe\"; $sc.Arguments = \"/c taskkill /F /IM chrome.exe\"; $sc.IconLocation = \"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0\"; $sc.Description = \"Force Kill Chrome\"; $sc.Save(); Write-Output \"Done.\""
|
|
}' | jq .
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check what route is actually registered
|
|
curl -sv -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/commands" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{"command_type":"powershell","command":"Write-Output test"}' 2>&1 | grep "< HTTP"
|
|
```
|
|
Output: < HTTP/1.1 404 Not Found
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{
|
|
"command_type": "powershell",
|
|
"command": "$WshShell = New-Object -ComObject WScript.Shell; $sc = $WshShell.CreateShortcut(\"C:\\Users\\Public\\Desktop\\Kill Chrome.lnk\"); $sc.TargetPath = \"cmd.exe\"; $sc.Arguments = \"/c taskkill /F /IM chrome.exe\"; $sc.IconLocation = \"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0\"; $sc.Description = \"Force Kill Chrome\"; $sc.Save(); Write-Output \"Done.\""
|
|
}' | jq .
|
|
```
|
|
Output: Exit code 5
|
|
jq: parse error: Invalid numeric literal at line 1, column 7
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -sv -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{
|
|
"command_type": "powershell",
|
|
"command": "$WshShell = New-Object -ComObject WScript.Shell; $sc = $WshShell.CreateShortcut(\"C:\\Users\\Public\\Desktop\\Kill Chrome.lnk\"); $sc.TargetPath = \"cmd.exe\"; $sc.Arguments = \"/c taskkill /F /IM chrome.exe\"; $sc.IconLocation = \"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0\"; $sc.Description = \"Force Kill Chrome\"; $sc.Save(); Write-Output \"Done.\""
|
|
}' 2>&1 | grep -E "< HTTP|^\{|command_id|status|message"
|
|
```
|
|
Output: < HTTP/1.1 400 Bad Request
|
|
{ [86 bytes data]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
--data-raw '{
|
|
"command_type": "powershell",
|
|
"command": "$WshShell = New-Object -ComObject WScript.Shell; $sc = $WshShell.CreateShortcut(\"C:\\Users\\Public\\Desktop\\Kill Chrome.lnk\"); $sc.TargetPath = \"cmd.exe\"; $sc.Arguments = \"/c taskkill /F /IM chrome.exe\"; $sc.IconLocation = \"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,0\"; $sc.Description = \"Force Kill Chrome\"; $sc.Save(); Write-Output \"Done.\""
|
|
}' 2>&1
|
|
```
|
|
Output: Failed to parse the request body as JSON: command: invalid escape at line 3 column 102
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='$WshShell = New-Object -ComObject WScript.Shell; $sc = $WshShell.CreateShortcut("C:\Users\Public\Desktop\Kill Chrome.lnk"); $sc.TargetPath = "cmd.exe"; $sc.Arguments = "/c taskkill /F /IM chrome.exe"; $sc.IconLocation = "C:\Program Files\Google\Chrome\Application\chrome.exe,0"; $sc.Description = "Force Kill Chrome"; $sc.Save(); Write-Output "Done."'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/7236a75d-2033-4a07-8161-50a312fa08f3/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD"
|
|
```
|
|
Output: {"command_id":"235271a5-e02e-4251-afb5-17a633bd3cfa","status":"running","message":"Command sent to agent"}
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
sleep 4
|
|
curl -s "http://172.16.3.30:3001/api/commands/235271a5-e02e-4251-afb5-17a633bd3cfa" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status,exit_code,stdout,stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Done.\r\n",
|
|
|
|
"stderr": ""
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check online status of both Mara's machines
|
|
curl -s "http://172.16.3.30:3001/api/agents/13cb3629-5043-4bd6-b977-6968eeccf804" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{hostname,status,last_seen}'
|
|
|
|
curl -s "http://172.16.3.30:3001/api/agents" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '[.[] | select(.client_name == "Peaceful Spirit") | {hostname, agent_id: .id, status, last_seen}]'
|
|
```
|
|
Output: {
|
|
|
|
"hostname": "Maras-HP-Laptop",
|
|
|
|
"status": "offline",
|
|
|
|
"last_seen": "2026-05-22T05:32:09.043149Z"
|
|
|
|
}
|
|
|
|
[
|
|
|
|
{
|
|
|
|
"hostname": "BridgettePSHomeComputer",
|
|
|
|
"agent_id": "074141d7-bd96-49ff-8f64-edf31159c00b",
|
|
|
|
"status": "offline",
|
|
|
|
"last_seen": "2026-05-22T04:57:12.021296Z"
|
|
|
|
}, ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Diagnostics on MaraHomeNew - VPN profile, machine cert, recent IKE errors
|
|
SCRIPT='$vpn = Get-VpnConnection -AllUserConnection -Name "Peaceful Spirit VPN" -EA SilentlyContinue; if ($vpn) { Write-Output "VPN Profile: $($vpn.Name) | Auth: $($vpn.AuthenticationMethod) | Tunnel: $($vpn.TunnelType) | Status: $($vpn.ConnectionStatus)" } else { Write-Output "VPN PROFILE NOT FOUND" }; $cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" -or $_.Subject -like "*PEACEFULSPIRIT*" } | Select-Object -First 3 | ForEach-Object { "$($_.Thumbprint) | $($_.Subject) | Exp: $($_.NotAfter)" }; Write-Output "CERTS:"; $cert; Write-Output "IKE ERRORS (last 10):"; Get-WinEvent -LogName "Microsoft-Windows-IKEExt/Operational" -MaxEvents 20 -EA SilentlyContinue | Where-Object { $_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning" } | Select-Object -First 10 | ForEach-Object { "$($_.TimeCreated) [$($_.Id)] $($_.Message.Substring(0,[Math]::Min(200,$_.Message.Length)))" }'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq '{command_id,status}'
|
|
```
|
|
Output: {
|
|
|
|
"command_id": "0b3f0ccf-e60f-47c4-a4e5-ac250b35dbcb",
|
|
|
|
"status": "running"
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check RRAS event log on PST-SERVER for recent policy/IKE errors
|
|
SCRIPT='Write-Output "=== RRAS RemoteAccess Events ==="; Get-WinEvent -LogName "System" -MaxEvents 100 -EA SilentlyContinue | Where-Object { $_.ProviderName -like "*RemoteAccess*" -or $_.ProviderName -like "*RRAS*" } | Select-Object -First 10 | ForEach-Object { "$($_.TimeCreated) [$($_.Id)] $($_.Message.Substring(0,[Math]::Min(300,$_.Message.Length)))" }; Write-Output "=== IKE Errors on SERVER ==="; Get-WinEvent -LogName "Microsoft-Windows-IKEExt/Operational" -MaxEvents 30 -EA SilentlyContinue | Where-Object { $_.LevelDisplayName -eq "Error" } | Select-Object -First 10 | ForEach-Object { "$($_.TimeCreated) [$($_.Id)] $($_.Message.Substring(0,[Math]::Min(300,$_.Message.Length)))" }'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq '{command_id,status}'
|
|
```
|
|
Output: {
|
|
|
|
"command_id": "3ddb6848-8b8f-4925-a3c7-e31e87cc23a7",
|
|
|
|
"status": "running"
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
sleep 8
|
|
|
|
# Get MaraHomeNew result
|
|
echo "=== MaraHomeNew ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/0b3f0ccf-e60f-47c4-a4e5-ac250b35dbcb" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '{status,exit_code,stdout,stderr}'
|
|
|
|
echo "=== PST-SERVER ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/3ddb6848-8b8f-4925-a3c7-e31e87cc23a7" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '{status,exit_code,stdout,stderr}'
|
|
```
|
|
Output: === MaraHomeNew ===
|
|
{
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "VPN Profile: Peaceful Spirit VPN | Auth: MachineCertificate | Tunnel: Ikev2 | Status: Disconnected\r\nCERTS:\r\nD067E07B4A670AF5C6DE27250EB533B06F28FD6A | CN=MaraHomeNew.PEACEFULSPIRIT.local | Exp: 05/10/2027 14:37:12\r\nB ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Attempt VPN connect to get the actual error, check CA root, check cipher policy
|
|
SCRIPT='
|
|
Write-Output "=== CA Root Cert in Trusted Root ===";
|
|
Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -like "*PEACEFULSPIRIT*" -or $_.Issuer -like "*PEACEFULSPIRIT*" } | ForEach-Object { "$($_.Thumbprint) | $($_.Subject) | Exp: $($_.NotAfter)" };
|
|
Write-Output "=== Machine Cert Chain Valid ===";
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
if ($cert) { $chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain; $valid = $chain.Build($cert); Write-Output "Chain valid: $valid"; $chain.ChainStatus | ForEach-Object { " Status: $($_.Status) - $($_.StatusInformation)" } };
|
|
Write-Output "=== IKEv2 Custom Cipher Policy ===";
|
|
$vpn = Get-VpnConnectionIpsecConfiguration -ConnectionName "Peaceful Spirit VPN" -EA SilentlyContinue;
|
|
if ($vpn) { $vpn | Format-List } else { Write-Output "No custom IPsec policy (using default)" };
|
|
Write-Output "=== Attempt Connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1 | Select-Object -First 5'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq '{command_id,status}'
|
|
```
|
|
Output: {
|
|
|
|
"command_id": "4e6323eb-fa92-4100-82b3-cefa60bb8782",
|
|
|
|
"status": "running"
|
|
|
|
}
|
|
|
|
```
|
|
sleep 12
|
|
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
curl -s "http://172.16.3.30:3001/api/commands/4e6323eb-fa92-4100-82b3-cefa60bb8782" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === CA Root Cert in Trusted Root ===
|
|
|
|
|
|
56DAF43C60F246BF2C80A671EE9812C727D8C298 | CN=PEACEFULSPIRIT-PST-SERVER-CA | Exp: 03/08/2061 02:32:49
|
|
|
|
|
|
=== Machine Cert Chain Valid ===
|
|
|
|
|
|
Chain valid: False
|
|
|
|
|
|
Status: RevocationStatusUnknown - The revocation function was unable to check revocation for the ce ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Get CDP URL from the cert, and check CRL cache expiry
|
|
SCRIPT='
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
Write-Output "=== CDP URLs in cert ===";
|
|
$cert.Extensions | Where-Object { $_.Oid.FriendlyName -like "*CRL*" } | ForEach-Object { $_.Format(1) };
|
|
Write-Output "=== CRL Cache ===";
|
|
certutil -urlcache CRL 2>&1 | Select-Object -First 30'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: ee64818e-3bc4-4444-976c-875455078ae8
|
|
|
|
```
|
|
sleep 8
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
curl -s "http://172.16.3.30:3001/api/commands/ee64818e-3bc4-4444-976c-875455078ae8" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === CDP URLs in cert ===
|
|
|
|
|
|
[1]CRL Distribution Point
|
|
|
|
|
|
Distribution Point Name:
|
|
|
|
|
|
Full Name:
|
|
|
|
|
|
URL=http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl
|
|
|
|
|
|
|
|
|
|
|
|
=== CRL Cache ===
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
http://www.microsoft.com/pkiops/crl/Microsoft%20TPM%20Root%20Certificate%20Aut ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Get the CRL from PST-SERVER and also check its expiry
|
|
SCRIPT='
|
|
$crlPath = "C:\Windows\System32\CertSrv\CertEnroll\PEACEFULSPIRIT-PST-SERVER-CA.crl";
|
|
if (!(Test-Path $crlPath)) {
|
|
$crlPath = (Get-ChildItem "C:\Windows\System32\CertSrv\CertEnroll\*.crl" | Select-Object -First 1).FullName
|
|
};
|
|
Write-Output "CRL path: $crlPath";
|
|
$crl = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $crlPath;
|
|
# Check next update via certutil
|
|
certutil -dump $crlPath 2>&1 | Select-String "Next CRL Publish|NextUpdate|Effective" | Select-Object -First 5;
|
|
$bytes = [System.IO.File]::ReadAllBytes($crlPath);
|
|
Write-Output "CRL_B64_START";
|
|
[Convert]::ToBase64String($bytes);
|
|
Write-Output "CRL_B64_END"'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: cfe9202e-2718-423b-82ab-a7c6b2d65262
|
|
|
|
```
|
|
sleep 12
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
curl -s "http://172.16.3.30:3001/api/commands/cfe9202e-2718-423b-82ab-a7c6b2d65262" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: CRL path: C:\Windows\System32\CertSrv\CertEnroll\PEACEFULSPIRIT-PST-SERVER-CA.crl
|
|
|
|
|
|
|
|
|
|
|
|
NextUpdate: 5/26/2026 4:38 AM
|
|
|
|
|
|
Next CRL Publish
|
|
|
|
|
|
CRL_B64_START
|
|
|
|
|
|
[base64 blob omitted]
|
|
|
|
|
|
CRL_B64_END
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
CRL_B64="MIIDFzCCAf8CAQEwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAxMcUEVBQ0VGVUxTUElSSVQtUFNULVNFUlZFUi1DQRcNMjYwNTE1MjMzODAyWhcNMjYwNTI2MTEzODAyWqCCAaIwggGeMB8GA1UdIwQYMBaAFN+f1ZrTY1kdO2a1IIlnsO8pacFvMBAGCSsGAQQBgjcVAQQDAgEAMAsGA1UdFAQEAgIHZjAcBgkrBgEEAYI3FQQEDxcNMjYwNTIzMjMzODAyWjBPBgNVHS4ESDBGMESgQqBAhj5odHRwOi8vUFNULVNFUlZFUi9DZXJ0RW5yb2xsL1BFQUNFRlVMU1BJUklULVBTVC1TRVJWRVItQ0ErLmNybDCB7AYJKwYBBAGCNxUOBIHeMIHbMIHYoIHVoIHShoHPbGRhcDovLy9DTj1QRUFDRUZVTFNQSVJJVC1QU1QtU0VSVkVSLUNBLENOPVBTVC1TRVJWRVIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9UEVBQ0VGVUxTUElSSVQsREM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBCwUAA4IBAQB7EAywPcK0Q8eWSXWmidLeOryN30Dkmf4omiQ/fdPLejEB64n8f8zRA0qzYSosVQJ/ma2ekZyqGoSThejFTokjT+nIeiOS2tPTFQ7FV9Nj8qczpDiMJkHg2HeBEZw+jTqNrtIkX+hcro+1juDMQv3Rol824OR1pyV/nZ3+4ZfxoM0OXLCZAGnYiUBLwamJdSofGgXErWGzTjUec6Seotj03hh6IHiIUcGBx6JBIl5I8j7N4l/+iiCYOp4d+SCJW2k6bV22TE7CQanRxg4uTbOHMM2xOXEv8e28/PArwFQ/B2RfL4UgVsk5+opD7b7q0YzBclDZBD9Pm6mevxEuKEXl"
|
|
|
|
SCRIPT='
|
|
$b64 = "'"$CRL_B64"'";
|
|
$bytes = [Convert]::FromBase64String($b64);
|
|
$crlPath = "$env:TEMP\PST-CA.crl";
|
|
[System.IO.File]::WriteAllBytes($crlPath, $bytes);
|
|
certutil -addstore -f CA $crlPath 2>&1;
|
|
Remove-Item $crlPath -Force;
|
|
Write-Output "=== Verify CRL cache ===";
|
|
certutil -urlcache CRL 2>&1 | Select-String "PEACEFULSPIRIT|PST-SERVER";
|
|
Write-Output "=== Test VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq '{command_id,status}'
|
|
```
|
|
Output: /usr/bin/bash: line 38: /mingw64/bin/curl: Permission denied
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
CRL_B64="MIIDFzCCAf8CAQEwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAxMcUEVBQ0VGVUxTUElSSVQtUFNULVNFUlZFUi1DQRcNMjYwNTE1MjMzODAyWhcNMjYwNTI2MTEzODAyWqCCAaIwggGeMB8GA1UdIwQYMBaAFN+f1ZrTY1kdO2a1IIlnsO8pacFvMBAGCSsGAQQBgjcVAQQDAgEAMAsGA1UdFAQEAgIHZjAcBgkrBgEEAYI3FQQEDxcNMjYwNTIzMjMzODAyWjBPBgNVHS4ESDBGMESgQqBAhj5odHRwOi8vUFNULVNFUlZFUi9DZXJ0RW5yb2xsL1BFQUNFRlVMU1BJUklULVBTVC1TRVJWRVItQ0ErLmNybDCB7AYJKwYBBAGCNxUOBIHeMIHbMIHYoIHVoIHShoHPbGRhcDovLy9DTj1QRUFDRUZVTFNQSVJJVC1QU1QtU0VSVkVSLUNBLENOPVBTVC1TRVJWRVIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9UEVBQ0VGVUxTUElSSVQsREM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBCwUAA4IBAQB7EAywPcK0Q8eWSXWmidLeOryN30Dkmf4omiQ/fdPLejEB64n8f8zRA0qzYSosVQJ/ma2ekZyqGoSThejFTokjT+nIeiOS2tPTFQ7FV9Nj8qczpDiMJkHg2HeBEZw+jTqNrtIkX+hcro+1juDMQv3Rol824OR1pyV/nZ3+4ZfxoM0OXLCZAGnYiUBLwamJdSofGgXErWGzTjUec6Seotj03hh6IHiIUcGBx6JBIl5I8j7N4l/+iiCYOp4d+SCJW2k6bV22TE7CQanRxg4uTbOHMM2xOXEv8e28/PArwFQ/B2RfL4UgVsk5+opD7b7q0YzBclDZBD9Pm6mevxEuKEXl"
|
|
|
|
SCRIPT=$(cat <<ENDSCRIPT
|
|
\$b64 = "$CRL_B64";
|
|
\$bytes = [Convert]::FromBase64String(\$b64);
|
|
\$crlPath = "\$env:TEMP\PST-CA.crl";
|
|
[System.IO.File]::WriteAllBytes(\$crlPath, \$bytes);
|
|
certutil -addstore -f CA \$crlPath 2>&1;
|
|
Remove-Item \$crlPath -Force;
|
|
Write-Output "=== Test VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
ENDSCRIPT
|
|
)
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq '{command_id,status}'
|
|
```
|
|
Output: {
|
|
|
|
"command_id": "f9a58853-cb3f-4058-a6fd-7eb584a8bc21",
|
|
|
|
"status": "running"
|
|
|
|
}
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLlPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/f9a58853-cb3f-4058-a6fd-7eb584a8bc21" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '{status,exit_code,stdout,stderr}'
|
|
```
|
|
Output: Exit code 5
|
|
jq: parse error: Invalid numeric literal at line 1, column 8
|
|
|
|
```
|
|
sleep 5
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/f9a58853-cb3f-4058-a6fd-7eb584a8bc21" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.exit_code,.stdout,.stderr'
|
|
```
|
|
Output: failed
|
|
|
|
1
|
|
|
|
CA "Intermediate Certification Authorities"
|
|
|
|
|
|
CRL "CN=PEACEFULSPIRIT-PST-SERVER-CA" added to store.
|
|
|
|
|
|
CertUtil: -addstore command completed successfully.
|
|
|
|
|
|
=== Test VPN connect ===
|
|
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== Chain valid after CRL import ===";
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain;
|
|
$chain.ChainPolicy.RevocationMode = [System.Security.Cryptography.X509Certificates.X509RevocationMode]::NoCheck;
|
|
$valid = $chain.Build($cert);
|
|
Write-Output "Chain (no revoc check): $valid";
|
|
$chain2 = New-Object System.Security.Cryptography.X509Certificates.X509Chain;
|
|
$valid2 = $chain2.Build($cert);
|
|
Write-Output "Chain (with revoc check): $valid2";
|
|
$chain2.ChainStatus | ForEach-Object { " $($_.Status): $($_.StatusInformation.Trim())" };
|
|
Write-Output "=== RasClient event log (last 5 errors) ===";
|
|
Get-WinEvent -LogName "Application" -MaxEvents 200 -EA SilentlyContinue | Where-Object { $_.ProviderName -like "*RasClient*" -and $_.LevelDisplayName -eq "Error" } | Select-Object -First 5 | ForEach-Object { "$($_.TimeCreated) ID:$($_.Id) $($_.Message.Substring(0,[Math]::Min(400,$_.Message.Length)))" };
|
|
Write-Output "=== Security/System IKE events ===";
|
|
Get-WinEvent -LogName "System" -MaxEvents 100 -EA SilentlyContinue | Where-Object { $_.Id -in @(20227,20226,20271,20272,20014) } | Select-Object -First 5 | ForEach-Object { "$($_.TimeCreated) ID:$($_.Id) $($_.Message.Substring(0,[Math]::Min(400,$_.Message.Length)))" }'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: 3de79f25-e24c-43ab-b306-868dc230f484
|
|
|
|
```
|
|
sleep 15
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/3de79f25-e24c-43ab-b306-868dc230f484" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === Chain valid after CRL import ===
|
|
|
|
|
|
Chain (no revoc check): True
|
|
|
|
|
|
Chain (with revoc check): False
|
|
|
|
|
|
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
|
|
|
|
|
|
OfflineRevocation: The revocation function was unable to check revocation because the rev ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== DNS resolution of PST-SERVER ===";
|
|
[System.Net.Dns]::GetHostAddresses("PST-SERVER") | ForEach-Object { $_.IPAddressToString } 2>&1;
|
|
Write-Output "=== HTTP test to CRL URL ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\test.crl");
|
|
Write-Output "SUCCESS - CRL downloaded";
|
|
Remove-Item "$env:TEMP\test.crl" -Force
|
|
} catch {
|
|
Write-Output "FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== Test with public IP directly ===";
|
|
try {
|
|
$wc2 = New-Object System.Net.WebClient;
|
|
$wc2.DownloadFile("http://98.190.129.150/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\test2.crl");
|
|
Write-Output "SUCCESS via public IP";
|
|
Remove-Item "$env:TEMP\test2.crl" -Force
|
|
} catch {
|
|
Write-Output "FAILED via public IP: $($_.Exception.Message)"
|
|
}'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: 435e680e-ab1c-493f-b81a-e693c5e667d6
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/435e680e-ab1c-493f-b81a-e693c5e667d6" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: null
|
|
|
|
```
|
|
sleep 15
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/435e680e-ab1c-493f-b81a-e693c5e667d6" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '{status,stdout,stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"stdout": "=== DNS resolution of PST-SERVER ===\r\n192.168.0.2\r\n=== HTTP test to CRL URL ===\r\nFAILED: Exception calling \"DownloadFile\" with \"2\" argument(s): \"Unable to connect to the remote server\"\r\n=== Test with public IP directly ===\r\nFAILED via public ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
$hostsPath = "C:\Windows\System32\drivers\etc\hosts";
|
|
$entry = "98.190.129.150 PST-SERVER";
|
|
$content = Get-Content $hostsPath -Raw;
|
|
if ($content -notmatch "PST-SERVER") {
|
|
Add-Content -Path $hostsPath -Value "`n$entry";
|
|
Write-Output "HOSTS entry added."
|
|
} else {
|
|
$content = $content -replace "(?m)^.*PST-SERVER.*$", $entry;
|
|
Set-Content -Path $hostsPath -Value $content -NoNewline;
|
|
Write-Output "HOSTS entry updated."
|
|
};
|
|
Write-Output "=== Verify CRL download ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\verify.crl");
|
|
Write-Output "CRL download: SUCCESS";
|
|
Remove-Item "$env:TEMP\verify.crl" -Force
|
|
} catch {
|
|
Write-Output "CRL download FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== Test VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq '{command_id,status}'
|
|
```
|
|
Output: {
|
|
|
|
"command_id": "40fc063c-ae5c-464b-9283-7e8947b20d65",
|
|
|
|
"status": "running"
|
|
|
|
}
|
|
|
|
```
|
|
sleep 25
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/40fc063c-ae5c-464b-9283-7e8947b20d65" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '{status,exit_code,stdout}'
|
|
```
|
|
Output: <tool_use_error>Blocked: sleep 25 followed by: TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ" /c/Windows/System32/cur ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/40fc063c-ae5c-464b-9283-7e8947b20d65" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/40fc063c-ae5c-464b-9283-7e8947b20d65" -H "Authorization: Bearer $TOKEN" | jq -r '{status,exit_code,stdout}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "HOSTS entry updated.\r\n=== Verify CRL download ===\r\nCRL download FAILED: Exception calling \"DownloadFile\" with \"2\" argument(s): \"The remote name could not be resolved: 'pst-server'\"\r\n=== Test VPN connect ===\r\nConnecting to Peacef ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== HOSTS file (PST-SERVER lines) ===";
|
|
Get-Content "C:\Windows\System32\drivers\etc\hosts" | Select-String "PST-SERVER|pst-server" -CaseSensitive:$false;
|
|
Write-Output "=== Flush DNS ===";
|
|
ipconfig /flushdns;
|
|
Write-Output "=== DNS resolve after flush ===";
|
|
[System.Net.Dns]::GetHostAddresses("PST-SERVER") | ForEach-Object { $_.IPAddressToString };
|
|
Write-Output "=== CRL download after flush ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\verify.crl");
|
|
Write-Output "CRL download: SUCCESS";
|
|
Remove-Item "$env:TEMP\verify.crl" -Force
|
|
} catch {
|
|
Write-Output "CRL download FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== Test VPN ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: ef2a158f-e519-41c2-9651-a195a19ff020
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/ef2a158f-e519-41c2-9651-a195a19ff020" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/ef2a158f-e519-41c2-9651-a195a19ff020" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === HOSTS file (PST-SERVER lines) ===
|
|
|
|
|
|
=== Flush DNS ===
|
|
|
|
|
|
|
|
|
|
|
|
Windows IP Configuration
|
|
|
|
|
|
|
|
|
|
|
|
Successfully flushed the DNS Resolver Cache.
|
|
|
|
|
|
=== DNS resolve after flush ===
|
|
|
|
|
|
=== CRL download after flush ===
|
|
|
|
|
|
CRL download FAILED: Exception calling "DownloadFile" with "2" argument(s): "The remote nam ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
$hostsPath = "C:\Windows\System32\drivers\etc\hosts";
|
|
$lines = Get-Content $hostsPath | Where-Object { $_ -notmatch "(?i)PST-SERVER" };
|
|
$lines += "98.190.129.150 PST-SERVER";
|
|
Set-Content -Path $hostsPath -Value $lines -Encoding ASCII;
|
|
ipconfig /flushdns | Out-Null;
|
|
Write-Output "=== Verify HOSTS ===";
|
|
Get-Content $hostsPath | Select-String "PST-SERVER";
|
|
Write-Output "=== DNS resolve ===";
|
|
[System.Net.Dns]::GetHostAddresses("PST-SERVER") | ForEach-Object { $_.IPAddressToString };
|
|
Write-Output "=== CRL download ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\verify.crl");
|
|
Write-Output "SUCCESS";
|
|
Remove-Item "$env:TEMP\verify.crl" -Force
|
|
} catch {
|
|
Write-Output "FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: f50e6357-a300-4e5b-96d1-38bfd3bc2980
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/f50e6357-a300-4e5b-96d1-38bfd3bc2980" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/f50e6357-a300-4e5b-96d1-38bfd3bc2980" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === Verify HOSTS ===
|
|
|
|
|
|
|
|
|
|
|
|
98.190.129.150 PST-SERVER
|
|
|
|
|
|
=== DNS resolve ===
|
|
|
|
|
|
98.190.129.150
|
|
|
|
|
|
=== CRL download ===
|
|
|
|
|
|
FAILED: Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server"
|
|
|
|
|
|
=== VPN connect ===
|
|
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying usernam ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check IIS status and what's listening on port 80 on PST-SERVER
|
|
SCRIPT='
|
|
Write-Output "=== IIS Service Status ===";
|
|
Get-Service W3SVC -EA SilentlyContinue | Select-Object Name,Status,StartType;
|
|
Write-Output "=== Listening on port 80 ===";
|
|
netstat -ano | Select-String ":80 ";
|
|
Write-Output "=== Test local CRL access ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "C:\Windows\Temp\test.crl");
|
|
Write-Output "Local access: SUCCESS";
|
|
Remove-Item "C:\Windows\Temp\test.crl" -Force
|
|
} catch {
|
|
Write-Output "Local access FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== CertEnroll virtual dir ===";
|
|
Get-WebVirtualDirectory -Site "Default Web Site" -Name "CertEnroll" -EA SilentlyContinue | Select-Object PhysicalPath'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: f6a58baf-7558-494f-bc20-8a2f7cdc332f
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/f6a58baf-7558-494f-bc20-8a2f7cdc332f" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/f6a58baf-7558-494f-bc20-8a2f7cdc332f" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === IIS Service Status ===
|
|
|
|
|
|
|
|
|
|
|
|
Name Status StartType
|
|
|
|
|
|
---- ------ ---------
|
|
|
|
|
|
W3SVC Running Automatic
|
|
|
|
|
|
=== Listening on port 80 ===
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=== Test local CRL access ===
|
|
|
|
|
|
Local access FAILED: Exception calling "DownloadF ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Import-Module WebAdministration;
|
|
$certEnrollPath = "C:\Windows\System32\CertSrv\CertEnroll";
|
|
Write-Output "=== Creating CertEnroll virtual directory ===";
|
|
New-WebVirtualDirectory -Site "Default Web Site" -Name "CertEnroll" -PhysicalPath $certEnrollPath -Force;
|
|
Write-Output "Virtual dir created.";
|
|
# Allow directory browsing and ensure .crl files are served
|
|
Set-WebConfigurationProperty -Filter "system.webServer/directoryBrowse" -PSPath "IIS:\Sites\Default Web Site\CertEnroll" -Name enabled -Value $true;
|
|
# Ensure .crl MIME type is registered
|
|
$mime = Get-WebConfigurationProperty -Filter "system.webServer/staticContent" -PSPath "IIS:\Sites\Default Web Site" -Name collection | Where-Object { $_.fileExtension -eq ".crl" };
|
|
if (-not $mime) {
|
|
Add-WebConfigurationProperty -Filter "system.webServer/staticContent" -PSPath "IIS:\Sites\Default Web Site" -Name collection -Value @{fileExtension=".crl"; mimeType="application/pkix-crl"}
|
|
Write-Output ".crl MIME type added."
|
|
} else {
|
|
Write-Output ".crl MIME type already present."
|
|
};
|
|
iisreset /noforce 2>&1 | Select-String "successfully|error";
|
|
Write-Output "=== Test local CRL access ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "C:\Windows\Temp\test.crl");
|
|
Write-Output "Local access: SUCCESS";
|
|
Remove-Item "C:\Windows\Temp\test.crl" -Force
|
|
} catch {
|
|
Write-Output "Local access FAILED: $($_.Exception.Message)"
|
|
}'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: a8707a60-b543-4eca-974c-f35fb69bfe9c
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/a8707a60-b543-4eca-974c-f35fb69bfe9c" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/a8707a60-b543-4eca-974c-f35fb69bfe9c" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === Creating CertEnroll virtual directory ===
|
|
|
|
|
|
|
|
|
|
|
|
Name PhysicalPath
|
|
|
|
|
|
---- ------------
|
|
|
|
|
|
CertEnroll C:\Windows\System32\CertSrv\CertEnroll
|
|
|
|
|
|
Virtual dir created.
|
|
|
|
|
|
.crl MIME type already present. ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== CRL download via public IP ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\verify.crl");
|
|
Write-Output "SUCCESS";
|
|
Remove-Item "$env:TEMP\verify.crl" -Force
|
|
} catch {
|
|
Write-Output "FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== Cert chain after CRL available ===";
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain;
|
|
$valid = $chain.Build($cert);
|
|
Write-Output "Chain valid: $valid";
|
|
$chain.ChainStatus | ForEach-Object { " $($_.Status): $($_.StatusInformation.Trim())" };
|
|
Write-Output "=== VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: a1568f99-b911-411e-a1b1-daaa52a4b6d5
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/a1568f99-b911-411e-a1b1-daaa52a4b6d5" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/a1568f99-b911-411e-a1b1-daaa52a4b6d5" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === CRL download via public IP ===
|
|
|
|
|
|
FAILED: Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server"
|
|
|
|
|
|
=== Cert chain after CRL available ===
|
|
|
|
|
|
Chain valid: False
|
|
|
|
|
|
RevocationStatusUnknown: The revocation function was unable to check revocation for the certi ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== Local IP addresses ===";
|
|
Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -notlike "*Loopback*" } | Select-Object InterfaceAlias,IPAddress,PrefixLength;
|
|
Write-Output "=== Windows Firewall - port 80 rules ===";
|
|
Get-NetFirewallRule | Where-Object { $_.Enabled -eq $true } | Get-NetFirewallPortFilter | Where-Object { $_.LocalPort -eq "80" -or $_.LocalPort -eq "Any" } | ForEach-Object { $rule = $_ | Get-NetFirewallRule; "$($rule.DisplayName) | $($rule.Direction) | $($rule.Action)" } | Select-Object -First 10;
|
|
Write-Output "=== Test inbound connectivity (open temp rule) ===";
|
|
$existing = Get-NetFirewallRule -DisplayName "Temp-HTTP-CRL" -EA SilentlyContinue;
|
|
if (-not $existing) {
|
|
New-NetFirewallRule -DisplayName "Temp-HTTP-CRL" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow -Profile Any | Out-Null;
|
|
Write-Output "Firewall rule added: TCP 80 inbound allowed."
|
|
} else {
|
|
Write-Output "Firewall rule already exists."
|
|
}'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: b20316fc-d106-485c-aedd-d20d64ec8a8b
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/b20316fc-d106-485c-aedd-d20d64ec8a8b" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/b20316fc-d106-485c-aedd-d20d64ec8a8b" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === Local IP addresses ===
|
|
|
|
|
|
|
|
|
|
|
|
InterfaceAlias IPAddress PrefixLength
|
|
|
|
|
|
-------------- --------- ------------
|
|
|
|
|
|
Ethernet 192.168.0.2 24
|
|
|
|
|
|
RAS (Dial In) Interface 192.168.0.240 32
|
|
|
|
|
|
=== Windows Firewall - port 80 rules ===
|
|
|
|
|
|
Network Disco ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== CRL download from PST-SERVER ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\verify.crl");
|
|
Write-Output "SUCCESS";
|
|
Remove-Item "$env:TEMP\verify.crl" -Force
|
|
} catch {
|
|
Write-Output "FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: 72266cc7-42bc-473c-be78-ae4765c33d8d
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/72266cc7-42bc-473c-be78-ae4765c33d8d" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/72266cc7-42bc-473c-be78-ae4765c33d8d" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === CRL download from PST-SERVER ===
|
|
|
|
|
|
FAILED: Exception calling "DownloadFile" with "2" argument(s): "Unable to connect to the remote server"
|
|
|
|
|
|
=== VPN connect ===
|
|
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error
|
|
|
|
```
|
|
bash "D:/claudetools/.claude/scripts/vault.sh" search "ix web\|cpanel\|azcomputerguru.com" 2>&1
|
|
```
|
|
Output: clients/cascades-tucson/gururmm-site-main.sops.yaml:url: https://rmm-api.azcomputerguru.com
|
|
clients/cascades-tucson/mdm-service-account.sops.yaml: target: howard@azcomputerguru.com
|
|
clients/cascades-tucson/mdm-service-account.sops.yaml: ForwardingSmtpAddress: smtp:howard@azcomputerguru.com
|
|
clie ... [truncated]
|
|
|
|
```
|
|
bash "D:/claudetools/.claude/scripts/vault.sh" get "infrastructure/ix-server.sops.yaml" 2>&1
|
|
```
|
|
Output: kind: server
|
|
name: IX Server
|
|
host: 172.16.3.10
|
|
port: 22
|
|
hostname: ix.azcomputerguru.com
|
|
status: active
|
|
tags:
|
|
- infrastructure
|
|
credentials:
|
|
username: root
|
|
password: t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od
|
|
notes: 'Host: 172.16.3.10 | External IP: 72.194.62.5 | SSH Port: 22 | OS: Rocky Linux (WHM/ ... [truncated]
|
|
|
|
```
|
|
CRL_B64="MIIDFzCCAf8CAQEwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAxMcUEVBQ0VGVUxTUElSSVQtUFNULVNFUlZFUi1DQRcNMjYwNTE1MjMzODAyWhcNMjYwNTI2MTEzODAyWqCCAaIwggGeMB8GA1UdIwQYMBaAFN+f1ZrTY1kdO2a1IIlnsO8pacFvMBAGCSsGAQQBgjcVAQQDAgEAMAsGA1UdFAQEAgIHZjAcBgkrBgEEAYI3FQQEDxcNMjYwNTIzMjMzODAyWjBPBgNVHS4ESDBGMESgQqBAhj5odHRwOi8vUFNULVNFUlZFUi9DZXJ0RW5yb2xsL1BFQUNFRlVMU1BJUklULVBTVC1TRVJWRVItQ0ErLmNybDCB7AYJKwYBBAGCNxUOBIHeMIHbMIHYoIHVoIHShoHPbGRhcDovLy9DTj1QRUFDRUZVTFNQSVJJVC1QU1QtU0VSVkVSLUNBLENOPVBTVC1TRVJWRVIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9UEVBQ0VGVUxTUElSSVQsREM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBCwUAA4IBAQB7EAywPcK0Q8eWSXWmidLeOryN30Dkmf4omiQ/fdPLejEB64n8f8zRA0qzYSosVQJ/ma2ekZyqGoSThejFTokjT+nIeiOS2tPTFQ7FV9Nj8qczpDiMJkHg2HeBEZw+jTqNrtIkX+hcro+1juDMQv3Rol824OR1pyV/nZ3+4ZfxoM0OXLCZAGnYiUBLwamJdSofGgXErWGzTjUec6Seotj03hh6IHiIUcGBx6JBIl5I8j7N4l/+iiCYOp4d+SCJW2k6bV22TE7CQanRxg4uTbOHMM2xOXEv8e28/PArwFQ/B2RfL4UgVsk5+opD7b7q0YzBclDZBD9Pm6mevxEuKEXl"
|
|
|
|
# Decode and upload to IX server via SSH
|
|
echo "$CRL_B64" | /c/Windows/System32/OpenSSH/ssh.exe -o StrictHostKeyChecking=no -o ConnectTimeout=10 \
|
|
root@172.16.3.10 \
|
|
'base64 -d > /tmp/PST-CA.crl && mkdir -p /home/azcomputerguru/public_html/CertEnroll && cp /tmp/PST-CA.crl "/home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" && chmod 644 "/home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" && echo "Uploaded" && ls -la "/home/azcomputerguru/public_html/CertEnroll/"'
|
|
```
|
|
Output: Command running in background with ID: b0h520dvt. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\b0h520dvt.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
# Verify it's accessible on port 80 from our side while SSH runs
|
|
/c/Windows/System32/curl.exe -sv --connect-timeout 5 "http://72.194.62.5/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -o /dev/null 2>&1 | grep "< HTTP"
|
|
```
|
|
Output: < HTTP/1.1 200 OK
|
|
|
|
```
|
|
/c/Windows/System32/OpenSSH/ssh.exe -o StrictHostKeyChecking=no -o ConnectTimeout=10 root@172.16.3.10 \
|
|
'ls -la /home/azcomputerguru/public_html/CertEnroll/ 2>&1 && echo "---" && file /home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl 2>&1'
|
|
```
|
|
Output: Command running in background with ID: bxxw3eb1y. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bxxw3eb1y.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
sshpass -p 't4qygLl7{1zJcUj#022W^FBQ>}qYp-Od' /c/Windows/System32/OpenSSH/ssh.exe -o StrictHostKeyChecking=no -o ConnectTimeout=10 root@172.16.3.10 'echo connected && ls /home/azcomputerguru/public_html/CertEnroll/ 2>&1'
|
|
```
|
|
Output: Exit code 127
|
|
/usr/bin/bash: line 1: sshpass: command not found
|
|
|
|
```
|
|
py -c "
|
|
import paramiko, base64, sys
|
|
|
|
crl_b64 = 'MIIDFzCCAf8CAQEwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAxMcUEVBQ0VGVUxTUElSSVQtUFNULVNFUlZFUi1DQRcNMjYwNTE1MjMzODAyWhcNMjYwNTI2MTEzODAyWqCCAaIwggGeMB8GA1UdIwQYMBaAFN+f1ZrTY1kdO2a1IIlnsO8pacFvMBAGCSsGAQQBgjcVAQQDAgEAMAsGA1UdFAQEAgIHZjAcBgkrBgEEAYI3FQQEDxcNMjYwNTIzMjMzODAyWjBPBgNVHS4ESDBGMESgQqBAhj5odHRwOi8vUFNULVNFUlZFUi9DZXJ0RW5yb2xsL1BFQUNFRlVMU1BJUklULVBTVC1TRVJWRVItQ0ErLmNybDCB7AYJKwYBBAGCNxUOBIHeMIHbMIHYoIHVoIHShoHPbGRhcDovLy9DTj1QRUFDRUZVTFNQSVJJVC1QU1QtU0VSVkVSLUNBLENOPVBTVC1TRVJWRVIsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9UEVBQ0VGVUxTUElSSVQsREM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MA0GCSqGSIb3DQEBCwUAA4IBAQB7EAywPcK0Q8eWSXWmidLeOryN30Dkmf4omiQ/fdPLejEB64n8f8zRA0qzYSosVQJ/ma2ekZyqGoSThejFTokjT+nIeiOS2tPTFQ7FV9Nj8qczpDiMJkHg2HeBEZw+jTqNrtIkX+hcro+1juDMQv3Rol824OR1pyV/nZ3+4ZfxoM0OXLCZAGnYiUBLwamJdSofGgXErWGzTjUec6Seotj03hh6IHiIUcGBx6JBIl5I8j7N4l/+iiCYOp4d+SCJW2k6bV22TE7CQanRxg4uTbOHMM2xOXEv8e28/PArwFQ/B2RfL4UgVsk5+opD7b7q0YzBclDZBD9Pm6mevxEuKEXl'
|
|
crl_bytes = base64.b64decode(crl_b64)
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
sftp = ssh.open_sftp()
|
|
try:
|
|
sftp.mkdir('/home/azcomputerguru/public_html/CertEnroll')
|
|
except:
|
|
pass
|
|
with sftp.open('/home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl', 'wb') as f:
|
|
f.write(crl_bytes)
|
|
sftp.chmod('/home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl', 0o644)
|
|
|
|
stdin, stdout, stderr = ssh.exec_command('ls -la /home/azcomputerguru/public_html/CertEnroll/')
|
|
print(stdout.read().decode())
|
|
ssh.close()
|
|
print('Done')
|
|
"
|
|
```
|
|
Output: total 8
|
|
|
|
drwxr-xr-x 2 root root 54 May 22 10:31 .
|
|
|
|
drwxr-x--- 34 azcomputerguru nobody 4096 May 22 10:31 ..
|
|
|
|
-rw-r--r-- 1 root root 795 May 22 10:31 PEACEFULSPIRIT-PST-SERVER-CA.crl
|
|
|
|
|
|
|
|
Done
|
|
|
|
```
|
|
py -c "
|
|
import paramiko
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
cmds = [
|
|
'cat /home/azcomputerguru/public_html/.htaccess 2>/dev/null | head -30',
|
|
'ls /home/azcomputerguru/public_html/CertEnroll/',
|
|
'cat /home/azcomputerguru/public_html/CertEnroll/.htaccess 2>/dev/null || echo no .htaccess in CertEnroll',
|
|
'file /home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl',
|
|
# Add .crl MIME type to CertEnroll .htaccess and disable rewrites
|
|
'''cat > /home/azcomputerguru/public_html/CertEnroll/.htaccess << 'EOF'
|
|
Options -Indexes
|
|
RewriteEngine Off
|
|
AddType application/pkix-crl .crl
|
|
EOF''',
|
|
'curl -sI http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl 2>&1 | head -10',
|
|
]
|
|
|
|
for cmd in cmds:
|
|
stdin, stdout, stderr = ssh.exec_command(cmd)
|
|
out = stdout.read().decode().strip()
|
|
err = stderr.read().decode().strip()
|
|
print(f'CMD: {cmd[:60]}')
|
|
if out: print(out)
|
|
if err: print('ERR:', err)
|
|
print()
|
|
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: CMD: cat /home/azcomputerguru/public_html/.htaccess 2>/dev/null |
|
|
|
|
<IfModule pagespeed_module>
|
|
|
|
ModPagespeed off
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
|
|
# BEGIN AccelerateWP
|
|
|
|
# Use UTF-8 encoding for anything served text/plain or text/html
|
|
|
|
AddDefaultCharset UTF-8
|
|
|
|
# Force UTF-8 for a number of file formats
|
|
|
|
<IfModule ... [truncated]
|
|
|
|
```
|
|
py -c "
|
|
import paramiko
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
# Get full htaccess and check Apache config
|
|
stdin, stdout, stderr = ssh.exec_command('cat /home/azcomputerguru/public_html/.htaccess')
|
|
print('=== .htaccess ===')
|
|
print(stdout.read().decode())
|
|
|
|
# Check if the CertEnroll .htaccess was written correctly
|
|
stdin, stdout, stderr = ssh.exec_command('cat /home/azcomputerguru/public_html/CertEnroll/.htaccess')
|
|
print('=== CertEnroll .htaccess ===')
|
|
print(stdout.read().decode())
|
|
|
|
# Fix: write a proper .htaccess that disables ALL rewrites for this dir
|
|
stdin, stdout, stderr = ssh.exec_command('''printf 'Options -Indexes\nRewriteEngine Off\nAddType application/pkix-crl .crl\n' > /home/azcomputerguru/public_html/CertEnroll/.htaccess''')
|
|
print('Write result:', stderr.read().decode())
|
|
|
|
# Also check file size on disk
|
|
stdin, stdout, stderr = ssh.exec_command('wc -c /home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl')
|
|
print('File size:', stdout.read().decode().strip())
|
|
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: === .htaccess ===
|
|
|
|
<IfModule pagespeed_module>
|
|
|
|
ModPagespeed off
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
|
|
# BEGIN AccelerateWP
|
|
|
|
# Use UTF-8 encoding for anything served text/plain or text/html
|
|
|
|
AddDefaultCharset UTF-8
|
|
|
|
# Force UTF-8 for a number of file formats
|
|
|
|
<IfModule mod_mime.c>
|
|
|
|
AddCharset UTF-8 .atom .css .js .js ... [truncated]
|
|
|
|
```
|
|
py -c "
|
|
import paramiko
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
# Test with verbose curl and force specific host header
|
|
stdin, stdout, stderr = ssh.exec_command('curl -sv --max-time 5 http://azcomputerguru.com/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl 2>&1 | head -40')
|
|
print(stdout.read().decode())
|
|
|
|
# Also check the CertEnroll .htaccess actually exists
|
|
stdin, stdout, stderr = ssh.exec_command('cat /home/azcomputerguru/public_html/CertEnroll/.htaccess && echo SIZE: \$(wc -c < /home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl)')
|
|
print(stdout.read().decode())
|
|
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: * Trying 104.26.9.237:80...
|
|
|
|
* Connected to azcomputerguru.com (104.26.9.237) port 80 (#0)
|
|
|
|
> GET /CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl HTTP/1.1
|
|
|
|
|
|
> Host: azcomputerguru.com
|
|
|
|
|
|
> User-Agent: curl/7.76.1
|
|
|
|
|
|
> Accept: */*
|
|
|
|
|
|
>
|
|
|
|
|
|
* Mark bundle as not supporting multiuse
|
|
|
|
< HTTP/1.1 301 Moved Per ... [truncated]
|
|
|
|
```
|
|
py -c "
|
|
import paramiko
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
# Add Apache alias for CertEnroll
|
|
conf = '''Alias /CertEnroll /home/azcomputerguru/public_html/CertEnroll
|
|
<Directory /home/azcomputerguru/public_html/CertEnroll>
|
|
Options -Indexes
|
|
AllowOverride None
|
|
Require all granted
|
|
AddType application/pkix-crl .crl
|
|
RewriteEngine Off
|
|
</Directory>
|
|
'''
|
|
|
|
stdin, stdout, stderr = ssh.exec_command('''cat > /etc/httpd/conf.d/certenroll.conf << 'APACHEEOF'
|
|
Alias /CertEnroll /home/azcomputerguru/public_html/CertEnroll
|
|
<Directory /home/azcomputerguru/public_html/CertEnroll>
|
|
Options -Indexes
|
|
AllowOverride None
|
|
Require all granted
|
|
AddType application/pkix-crl .crl
|
|
</Directory>
|
|
APACHEEOF
|
|
echo written''')
|
|
print(stdout.read().decode())
|
|
print(stderr.read().decode())
|
|
|
|
# Test config and restart
|
|
stdin, stdout, stderr = ssh.exec_command('apachectl configtest 2>&1 && service httpd restart 2>&1 | tail -3')
|
|
print(stdout.read().decode())
|
|
print(stderr.read().decode())
|
|
|
|
# Test the file locally
|
|
stdin, stdout, stderr = ssh.exec_command('curl -sv http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl 2>&1 | head -20')
|
|
print(stdout.read().decode())
|
|
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: written
|
|
|
|
|
|
|
|
bash: line 1: /etc/httpd/conf.d/certenroll.conf: No such file or directory
|
|
|
|
|
|
|
|
AH00112: Warning: DocumentRoot [/home/danaise/public_html/longtermdisabilitylawyer.co] does not exist
|
|
|
|
AH00112: Warning: DocumentRoot [/home/danaise/public_html/veterandisability.lawyer] does not exist
|
|
|
|
AH00112: ... [truncated]
|
|
|
|
```
|
|
py -c "
|
|
import paramiko
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
# Find Apache conf directory
|
|
stdin, stdout, stderr = ssh.exec_command('apachectl -V 2>&1 | grep SERVER_CONFIG_FILE; httpd -V 2>&1 | grep SERVER_CONFIG_FILE; ls /etc/apache2/conf.d/ 2>/dev/null || ls /usr/local/apache/conf/includes/ 2>/dev/null || find /etc /usr/local -name \"httpd.conf\" 2>/dev/null | head -5')
|
|
print(stdout.read().decode())
|
|
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: -D SERVER_CONFIG_FILE="conf/httpd.conf"
|
|
|
|
-D SERVER_CONFIG_FILE="conf/httpd.conf"
|
|
|
|
00-suphp.conf
|
|
|
|
access_checker.conf
|
|
|
|
autoindex.conf
|
|
|
|
cgid.conf
|
|
|
|
cperror.conf
|
|
|
|
fcgid.conf
|
|
|
|
http2.conf
|
|
|
|
i360-app-based-excludes.conf
|
|
|
|
i360.remoteip.conf
|
|
|
|
includes
|
|
|
|
ix-redirect.conf
|
|
|
|
lsapi.conf
|
|
|
|
mailman.conf
|
|
|
|
modhostingli ... [truncated]
|
|
|
|
```
|
|
py -c "
|
|
import paramiko
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
# Write to the pre_virtualhost_global.conf which runs before all vhosts
|
|
conf = '''Alias /CertEnroll /home/azcomputerguru/public_html/CertEnroll
|
|
<Directory /home/azcomputerguru/public_html/CertEnroll>
|
|
Options -Indexes
|
|
AllowOverride None
|
|
Require all granted
|
|
AddType application/pkix-crl .crl
|
|
</Directory>
|
|
'''
|
|
stdin, stdout, stderr = ssh.exec_command(f'cat >> /usr/local/apache/conf/includes/pre_virtualhost_global.conf << \'CONF\'\n{conf}\nCONF\necho done')
|
|
print('write:', stdout.read().decode(), stderr.read().decode())
|
|
|
|
stdin, stdout, stderr = ssh.exec_command('apachectl configtest 2>&1 | tail -3 && service httpd restart 2>&1 | tail -2')
|
|
print('restart:', stdout.read().decode(), stderr.read().decode())
|
|
|
|
stdin, stdout, stderr = ssh.exec_command('curl -s -o /dev/null -w \"%{http_code} %{size_download} %{content_type}\" http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl')
|
|
print('test:', stdout.read().decode())
|
|
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: write: done
|
|
|
|
|
|
|
|
restart: AH00112: Warning: DocumentRoot [/home/danaise/public_html/longtermdisabilitylawyer.co] does not exist
|
|
|
|
AH00112: Warning: DocumentRoot [/home/danaise/public_html/veterandisability.lawyer] does not exist
|
|
|
|
Syntax OK
|
|
|
|
Redirecting to /bin/systemctl restart httpd.service
|
|
|
|
|
|
|
|
test: ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
$hostsPath = "C:\Windows\System32\drivers\etc\hosts";
|
|
$lines = Get-Content $hostsPath | Where-Object { $_ -notmatch "(?i)PST-SERVER" };
|
|
$lines += "72.194.62.5 PST-SERVER";
|
|
Set-Content -Path $hostsPath -Value $lines -Encoding ASCII;
|
|
ipconfig /flushdns | Out-Null;
|
|
Write-Output "=== HOSTS entry ===";
|
|
Get-Content $hostsPath | Select-String "PST-SERVER";
|
|
Write-Output "=== DNS resolve ===";
|
|
[System.Net.Dns]::GetHostAddresses("PST-SERVER") | ForEach-Object { $_.IPAddressToString };
|
|
Write-Output "=== CRL download ===";
|
|
try {
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", "$env:TEMP\verify.crl");
|
|
$size = (Get-Item "$env:TEMP\verify.crl").Length;
|
|
Write-Output "SUCCESS - $size bytes";
|
|
Remove-Item "$env:TEMP\verify.crl" -Force
|
|
} catch {
|
|
Write-Output "FAILED: $($_.Exception.Message)"
|
|
};
|
|
Write-Output "=== VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: 622c2a82-ca4d-41f4-9e30-32f628669a38
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/622c2a82-ca4d-41f4-9e30-32f628669a38" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/622c2a82-ca4d-41f4-9e30-32f628669a38" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === HOSTS entry ===
|
|
|
|
|
|
|
|
|
|
|
|
72.194.62.5 PST-SERVER
|
|
|
|
|
|
=== DNS resolve ===
|
|
|
|
|
|
72.194.62.5
|
|
|
|
|
|
=== CRL download ===
|
|
|
|
|
|
SUCCESS - 795 bytes
|
|
|
|
|
|
=== VPN connect ===
|
|
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== Cert chain validation ===";
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain;
|
|
$valid = $chain.Build($cert);
|
|
Write-Output "Chain valid: $valid";
|
|
$chain.ChainStatus | ForEach-Object { " $($_.Status): $($_.StatusInformation.Trim())" };
|
|
Write-Output "=== Restarting IKE / RasMan ===";
|
|
Restart-Service IKEEXT -Force 2>&1;
|
|
Restart-Service RasMan -Force 2>&1;
|
|
Write-Output "Services restarted.";
|
|
Start-Sleep 3;
|
|
Write-Output "=== VPN connect after restart ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: 7889fe8d-5161-4fc3-8c92-d313387d10bf
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
until /c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/7889fe8d-5161-4fc3-8c92-d313387d10bf" -H "Authorization: Bearer $TOKEN" | jq -e '.status == "completed" or .status == "failed"' > /dev/null 2>&1; do sleep 3; done
|
|
/c/Windows/System32/curl.exe -s "http://172.16.3.30:3001/api/commands/7889fe8d-5161-4fc3-8c92-d313387d10bf" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === Cert chain validation ===
|
|
|
|
|
|
Chain valid: False
|
|
|
|
|
|
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
|
|
|
|
|
|
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.
|
|
|
|
|
|
=== Restarting IKE / ... [truncated]
|
|
|
|
```
|
|
TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
SCRIPT='
|
|
Write-Output "=== Flush URL cache ===";
|
|
certutil -urlcache * delete 2>&1 | tail -3;
|
|
Write-Output "=== Download + import CRL ===";
|
|
$crlPath = "$env:TEMP\PST-CA-fresh.crl";
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", $crlPath);
|
|
Write-Output "Downloaded: $((Get-Item $crlPath).Length) bytes";
|
|
certutil -addstore -f CA $crlPath 2>&1 | Select-String "added|success|error";
|
|
Remove-Item $crlPath -Force;
|
|
Write-Output "=== Chain validation after cache flush + import ===";
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain;
|
|
$valid = $chain.Build($cert);
|
|
Write-Output "Chain valid: $valid";
|
|
$chain.ChainStatus | ForEach-Object { " $($_.Status): $($_.StatusInformation.Trim())" };
|
|
Write-Output "=== VPN connect ===";
|
|
rasdial "Peaceful Spirit VPN" 2>&1'
|
|
|
|
PAYLOAD=$(jq -n --arg cmd "$SCRIPT" '{"command_type":"powershell","command":$cmd}')
|
|
/c/Windows/System32/curl.exe -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-d "$PAYLOAD" | jq -r '.command_id'
|
|
```
|
|
Output: /usr/bin/bash: line 48: /c/Windows/System32/curl.exe: Permission denied
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
$SCRIPT = @'
|
|
certutil -urlcache * delete 2>&1 | Select-Object -Last 3;
|
|
$crlPath = "$env:TEMP\PST-CA-fresh.crl";
|
|
$wc = New-Object System.Net.WebClient;
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl", $crlPath);
|
|
Write-Output "Downloaded: $((Get-Item $crlPath).Length) bytes";
|
|
certutil -addstore -f CA $crlPath 2>&1 | Select-String "added|success|error";
|
|
Remove-Item $crlPath -Force;
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1;
|
|
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain;
|
|
$valid = $chain.Build($cert);
|
|
Write-Output "Chain valid: $valid";
|
|
$chain.ChainStatus | ForEach-Object { " $($_.Status): $($_.StatusInformation.Trim())" };
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
'@
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$result.command_id
|
|
```
|
|
Output: 00b28092-ce0a-41d6-af16-2b016d4794cc
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/00b28092-ce0a-41d6-af16-2b016d4794cc" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$r.stdout
|
|
```
|
|
Output: CertUtil: -URLCache command FAILED: 0x80070078 (WIN32/HTTP: 120 ERROR_CALL_NOT_IMPLEMENTED)
|
|
|
|
CertUtil: This function is not supported on this system.
|
|
|
|
Downloaded: 795 bytes
|
|
|
|
|
|
|
|
CertUtil: -addstore command completed successfully.
|
|
|
|
Chain valid: False
|
|
|
|
RevocationStatusUnknown: The revocation function ... [truncated]
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Check all CRL files on PST-SERVER + get delta CRL if exists
|
|
$SCRIPT = @'
|
|
Write-Output "=== CertEnroll files on PST-SERVER ===";
|
|
Get-ChildItem "C:\Windows\System32\CertSrv\CertEnroll\" | Select-Object Name,Length
|
|
'@
|
|
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$id = $result.command_id
|
|
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/$id" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$r.stdout
|
|
```
|
|
Output: === CertEnroll files on PST-SERVER ===
|
|
|
|
|
|
|
|
Name Length
|
|
|
|
---- ------
|
|
|
|
nsrev_PEACEFULSPIRIT-PST-SERVER-CA.asp 352
|
|
|
|
PEACEFULSPIRIT-PST-SERVER-CA+.crl ... [truncated]
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
# Get delta CRL from PST-SERVER as base64
|
|
$SCRIPT = @'
|
|
$bytes = [System.IO.File]::ReadAllBytes("C:\Windows\System32\CertSrv\CertEnroll\PEACEFULSPIRIT-PST-SERVER-CA+.crl")
|
|
Write-Output "DELTA_B64_START"
|
|
[Convert]::ToBase64String($bytes)
|
|
Write-Output "DELTA_B64_END"
|
|
'@
|
|
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$id = $result.command_id
|
|
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/$id" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$stdout = $r.stdout
|
|
$b64 = ($stdout -split "`n" | Where-Object { $_ -notmatch "DELTA_B64" } | Where-Object { $_.Trim() -ne "" }) -join ""
|
|
Write-Output "Delta CRL b64 length: $($b64.Length)"
|
|
$b64
|
|
```
|
|
Output: Delta CRL b64 length: 969
|
|
|
|
[base64 blob omitted]
|
|
|
|
```
|
|
py -c "
|
|
import paramiko, base64
|
|
|
|
delta_b64 = 'MIIC0DCCAbgCAQEwDQYJKoZIhvcNAQELBQAwJzElMCMGA1UEAxMcUEVBQ0VGVUxTUElSSVQtUFNULVNFUlZFUi1DQRcNMjYwNTIwMjMzODAyWhcNMjYwNTI0MjMzODAyWqCCAVswggFXMB8GA1UdIwQYMBaAFN+f1ZrTY1kdO2a1IIlnsO8pacFvMBAGCSsGAQQBgjcVAQQDAgEAMAsGA1UdFAQEAgIHazAcBgkrBgEEAYI3FQQEDxcNMjYwNTIyMjMzODAyWjAOBgNVHRsBAf8EBAICB2YwgeYGCSsGAQQBgjcVDgSB2DCB1TCB0qCBz6CBzIaByWxkYXA6Ly8vQ049UEVBQ0VGVUxTUElSSVQtUFNULVNFUlZFUi1DQSxDTj1QU1QtU0VSVkVSLENOPUNEUCxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPVBFQUNFRlVMU1BJUklULERDPWxvY2FsP2RlbHRhUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDANBgkqhkiG9w0BAQsFAAOCAQEAlXPz21TQ42tkXkz9Z9SirYUcvmmd/8lPUiVtvpWmp6Q+vhuyCVkE+n1Hm669K82kwZm+MYE3KPrBKRpu0juTHGiJqoVdX2fiZs5qeqZ2I1PKhk9GYuSco+8VfN5IiLs6RgJbv5MTBEetq5zKOF9LO/kfC2zaHNHOJCI2ZtcFeISfvhCBrKOS4TQbPH8QjGYQAld6Qcr26eqRnIM5o3KCMMjmjQWSZ0TydZv+7/VNX/N7sFM9LoR/NhSYgLwX9O/dOWT0l82n0DoA1VxNHBpmwsIiTVbbHj4LCjR75iH4HS87/i3wnN/8uijJPOjwPa9fedU4+6AGJSQnVPy26ojg3w=='
|
|
delta_bytes = base64.b64decode(delta_b64)
|
|
|
|
ssh = paramiko.SSHClient()
|
|
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
|
ssh.connect('172.16.3.10', username='root', password='t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od', timeout=10)
|
|
|
|
sftp = ssh.open_sftp()
|
|
with sftp.open('/home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA+.crl', 'wb') as f:
|
|
f.write(delta_bytes)
|
|
sftp.chmod('/home/azcomputerguru/public_html/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA+.crl', 0o644)
|
|
|
|
stdin, stdout, stderr = ssh.exec_command('ls -la /home/azcomputerguru/public_html/CertEnroll/')
|
|
print(stdout.read().decode())
|
|
ssh.close()
|
|
"
|
|
```
|
|
Output: total 16
|
|
|
|
drwxr-xr-x 2 root root 120 May 22 10:39 .
|
|
|
|
drwxr-x--- 34 azcomputerguru nobody 4096 May 22 10:31 ..
|
|
|
|
-rw-r--r-- 1 root root 69 May 22 10:33 .htaccess
|
|
|
|
-rw-r--r-- 1 root root 724 May 22 10:39 PEACEFULSPIRIT-PST-SERVER-CA+.crl
|
|
|
|
-rw-r--r-- 1 root ... [truncated]
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
$SCRIPT = @'
|
|
$wc = New-Object System.Net.WebClient
|
|
$wc.DownloadFile("http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA+.crl", "$env:TEMP\delta.crl")
|
|
Write-Output "Delta CRL: $((Get-Item $env:TEMP\delta.crl).Length) bytes"
|
|
certutil -addstore -f CA "$env:TEMP\delta.crl" 2>&1 | Select-String "added|success|error|FAILED"
|
|
Remove-Item "$env:TEMP\delta.crl" -Force
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1
|
|
$chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
|
|
$valid = $chain.Build($cert)
|
|
Write-Output "Chain valid: $valid"
|
|
$chain.ChainStatus | ForEach-Object { " $($_.Status): $($_.StatusInformation.Trim())" }
|
|
Write-Output "=== VPN connect ==="
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
'@
|
|
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$id = $result.command_id
|
|
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/$id" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$r.stdout
|
|
```
|
|
Output: Delta CRL: 724 bytes
|
|
|
|
|
|
|
|
CRL "CN=PEACEFULSPIRIT-PST-SERVER-CA" added to store.
|
|
|
|
CertUtil: -addstore command completed successfully.
|
|
|
|
Chain valid: True
|
|
|
|
=== VPN connect ===
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
Verifying username and password...Policy match error
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmdzIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
$SCRIPT = @'
|
|
Restart-Service IKEEXT -Force 2>&1 | Out-Null
|
|
Restart-Service RasMan -Force 2>&1 | Out-Null
|
|
Start-Sleep 4
|
|
Write-Output "Services restarted. Connecting..."
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Output "=== Event log error code ==="
|
|
Get-WinEvent -LogName Application -MaxEvents 50 -EA SilentlyContinue | Where-Object { $_.ProviderName -like "*RasClient*" -and $_.Id -eq 20227 } | Select-Object -First 3 | ForEach-Object { "$($_.TimeCreated) - $($_.Message -replace '\s+',' ' | Select-Object -First 1)" }
|
|
'@
|
|
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$id = $result.command_id
|
|
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/$id" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$r.stdout
|
|
```
|
|
Output: Services restarted. Connecting...
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
Verifying username and password...Policy match error === Event log error code ===
|
|
|
|
05/22/2026 10:40:26 - CoId={21BC14A3-E6CD-4153-86EF-F488FF3D006A}: The user SYSTEM dialed a connection named Peaceful Spirit VPN which has failed ... [truncated]
|
|
|
|
```
|
|
$TOKEN = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0OTBlMmQwZi0wNjdkLTQxMzAtOThmZC04M2YwNmVkMGI5MzIiLCJyb2xlIjoiYWRtaW4iLCJvcmczIjpbXSwiZXhwIjoxNzc5NTQ5OTM4LCJpYXQiOjE3Nzk0NjM1Mzh9.FoWQLnPG890Hjy24I8FinJhzDK4SlIZq8ZDuSqQ0ClQ"
|
|
|
|
$SCRIPT = @'
|
|
Write-Output "=== VPN profile cert details ==="
|
|
$vpn = Get-VpnConnection -AllUserConnection -Name "Peaceful Spirit VPN"
|
|
$vpn | Select-Object -ExpandProperty AuthenticationMethod
|
|
$vpn | Select-Object -ExpandProperty EapConfigXmlStream 2>$null
|
|
|
|
Write-Output "=== Machine cert EKU ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1
|
|
$cert.EnhancedKeyUsageList | ForEach-Object { "$($_.FriendlyName) ($($_.ObjectId))" }
|
|
|
|
Write-Output "=== Restart CryptSvc ==="
|
|
Restart-Service CryptSvc -Force 2>&1 | Out-Null
|
|
Restart-Service IKEEXT -Force 2>&1 | Out-Null
|
|
Restart-Service RasMan -Force 2>&1 | Out-Null
|
|
Start-Sleep 5
|
|
Write-Output "Services restarted."
|
|
|
|
Write-Output "=== VPN connect ==="
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
'@
|
|
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$id = $result.command_id
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/$id" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$r.stdout
|
|
```
|
|
Output: Command was manually backgrounded by user with ID: bfx325deg. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bfx325deg.output
|
|
|
|
```
|
|
$login = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/auth/login" -Method POST -ContentType "application/json" -Body '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}'
|
|
$TOKEN = $login.token
|
|
|
|
$SCRIPT = @'
|
|
Write-Output "=== Cert EKU ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -like "*MaraHomeNew*" } | Select-Object -First 1
|
|
$cert.EnhancedKeyUsageList | ForEach-Object { "$($_.FriendlyName) ($($_.ObjectId))" }
|
|
Write-Output "=== Restart CryptSvc + IKE + RasMan ==="
|
|
Restart-Service CryptSvc -Force 2>&1 | Out-Null
|
|
Restart-Service IKEEXT -Force 2>&1 | Out-Null
|
|
Restart-Service RasMan -Force 2>&1 | Out-Null
|
|
Start-Sleep 5
|
|
Write-Output "=== VPN connect ==="
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Output "=== Error code ==="
|
|
Get-WinEvent -LogName Application -MaxEvents 10 -EA SilentlyContinue | Where-Object { $_.ProviderName -like "*RasClient*" -and $_.Id -eq 20227 } | Select-Object -First 2 | ForEach-Object { $_.Message -replace '\s+',' ' }
|
|
'@
|
|
|
|
$body = $SCRIPT | ConvertTo-Json -Compress | ForEach-Object { '{"command_type":"powershell","command":' + $_ + '}' }
|
|
$result = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" -Method POST -Headers @{"Authorization"="Bearer $TOKEN";"Content-Type"="application/json"} -Body $body
|
|
$id = $result.command_id
|
|
do { Start-Sleep 3; $r = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/commands/$id" -Headers @{"Authorization"="Bearer $TOKEN"} } while ($r.status -notin @("completed","failed"))
|
|
$r.stdout
|
|
```
|
|
Output: === Cert EKU ===
|
|
|
|
Client Authentication (1.3.6.1.5.5.7.3.2)
|
|
|
|
Server Authentication (1.3.6.1.5.5.7.3.1)
|
|
|
|
=== Restart CryptSvc + IKE + RasMan ===
|
|
|
|
=== VPN connect ===
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
Verifying username and password...Policy match error === Error code ===
|
|
|
|
CoId={BF70DD78-8902-4BF2 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
echo "Token: ${TOKEN:0:20}..."
|
|
|
|
SCRIPT='Restart-Computer -Force'
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')"
|
|
```
|
|
Output: Token: eyJ0eXAiOiJKV1QiLCJh...
|
|
{"command_id":"6599ca23-ff47-4bad-b356-7f4b7e3ce61e","status":"running","message":"Command sent to agent"}
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Check machine cert store
|
|
Write-Host "=== MACHINE CERTS (LocalMachine\My) ==="
|
|
Get-ChildItem Cert:\LocalMachine\My | ForEach-Object {
|
|
Write-Host "Subject: $($_.Subject)"
|
|
Write-Host " Issuer: $($_.Issuer)"
|
|
Write-Host " Thumbprint: $($_.Thumbprint)"
|
|
Write-Host " NotAfter: $($_.NotAfter)"
|
|
$eku = $_.EnhancedKeyUsageList
|
|
Write-Host " EKUs: $(if($eku){$eku.FriendlyName -join ", "}else{"(none)"})"
|
|
Write-Host " HasPrivateKey: $($_.HasPrivateKey)"
|
|
Write-Host ""
|
|
}
|
|
|
|
Write-Host "=== ROOT CA (LocalMachine\Root) matching PEACEFULSPIRIT ==="
|
|
Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -match "PEACEFULSPIRIT|PST" } | ForEach-Object {
|
|
Write-Host "Subject: $($_.Subject)"
|
|
Write-Host " Thumbprint: $($_.Thumbprint)"
|
|
Write-Host " NotAfter: $($_.NotAfter)"
|
|
Write-Host ""
|
|
}
|
|
|
|
Write-Host "=== VPN Connection Auth Method ==="
|
|
$vpn = Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -ErrorAction SilentlyContinue
|
|
if (-not $vpn) { $vpn = Get-VpnConnection -Name "Peaceful Spirit VPN" -ErrorAction SilentlyContinue }
|
|
if ($vpn) {
|
|
Write-Host "AuthMethod: $($vpn.AuthenticationMethod)"
|
|
Write-Host "TunnelType: $($vpn.TunnelType)"
|
|
Write-Host "EncryptionLevel: $($vpn.EncryptionLevel)"
|
|
Write-Host "MachineCertificate: $($vpn.MachineCertificateIssuerFilter)"
|
|
Write-Host "EapConfig: $(if($vpn.EapConfigXmlStream){"present"}else{"none"})"
|
|
} else {
|
|
Write-Host "VPN connection not found"
|
|
}
|
|
'
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: 664a5595-9a7a-4b01-bb9e-6274915e5558
|
|
|
|
```
|
|
sleep 12
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/664a5595-9a7a-4b01-bb9e-6274915e5558" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.output // .result // .error // .'
|
|
```
|
|
Output: {
|
|
|
|
"id": "664a5595-9a7a-4b01-bb9e-6274915e5558",
|
|
|
|
"agent_id": "c778b6a3-c646-4454-a065-8c8bdcb1578e",
|
|
|
|
"command_type": "powershell",
|
|
|
|
"command_text": "\n# Check machine cert store\nWrite-Host \"=== MACHINE CERTS (LocalMachine\\My) ===\"\nGet-ChildItem Cert:\\LocalMachine\\My | ForEach-Object ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Enable CAPI2 operational log
|
|
wevtutil sl "Microsoft-Windows-CAPI2/Operational" /e:true /ms:4194304 2>&1
|
|
|
|
# Clear it so we get a clean run
|
|
wevtutil cl "Microsoft-Windows-CAPI2/Operational" 2>&1
|
|
|
|
Write-Host "CAPI2 log cleared and enabled"
|
|
|
|
# Remove the PST-SERVER cert from LocalMachine\My (should not be on this machine)
|
|
$toRemove = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -match "PST-SERVER" }
|
|
if ($toRemove) {
|
|
Write-Host "Removing cert: $($toRemove.Subject) [$($toRemove.Thumbprint)]"
|
|
$toRemove | Remove-Item -Force
|
|
Write-Host "Cert removed"
|
|
} else {
|
|
Write-Host "No PST-SERVER cert found to remove"
|
|
}
|
|
|
|
# Confirm what remains
|
|
Write-Host ""
|
|
Write-Host "=== Remaining certs in LocalMachine\My ==="
|
|
Get-ChildItem Cert:\LocalMachine\My | ForEach-Object {
|
|
Write-Host " $($_.Subject) [$($_.Thumbprint)]"
|
|
}
|
|
|
|
# Now try the VPN
|
|
Write-Host ""
|
|
Write-Host "=== Attempting VPN connection ==="
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host $result
|
|
Write-Host "Exit code: $LASTEXITCODE"
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: 601a1e33-4f58-4da7-ba7f-d9bef7383b3b
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/601a1e33-4f58-4da7-ba7f-d9bef7383b3b" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: CAPI2 log cleared and enabled
|
|
|
|
Removing cert: CN=PST-SERVER.PEACEFULSPIRIT.local [BF2B2482541D0EF4ED79F231729BEE892EF8C89E]
|
|
|
|
Cert removed
|
|
|
|
|
|
|
|
=== Remaining certs in LocalMachine\My ===
|
|
|
|
CN=MaraHomeNew.PEACEFULSPIRIT.local [D067E07B4A670AF5C6DE27250EB533B06F28FD6A]
|
|
|
|
|
|
|
|
=== Attempting VPN connection = ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Pull CAPI2 events - look for chain build / policy check failures
|
|
$events = Get-WinEvent -LogName "Microsoft-Windows-CAPI2/Operational" -MaxEvents 100 -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.Id -in @(11,30,40,41,90) } # chain build, verify, policy
|
|
|
|
foreach ($e in $events) {
|
|
Write-Host "--- Event $($e.Id) at $($e.TimeCreated) ---"
|
|
$xml = [xml]$e.ToXml()
|
|
Write-Host ($xml.Event.EventData | Out-String)
|
|
Write-Host ""
|
|
}
|
|
|
|
if (-not $events) {
|
|
Write-Host "No relevant CAPI2 events found, dumping all events:"
|
|
Get-WinEvent -LogName "Microsoft-Windows-CAPI2/Operational" -MaxEvents 30 -ErrorAction SilentlyContinue |
|
|
ForEach-Object { Write-Host "ID=$($_.Id) Time=$($_.TimeCreated) Msg=$($_.Message.Substring(0,[Math]::Min(200,$_.Message.Length)))" }
|
|
}
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: 4e19ea07-5ec1-4222-8f87-b8311d4b1578
|
|
|
|
```
|
|
sleep 15
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/4e19ea07-5ec1-4222-8f87-b8311d4b1578" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: --- Event 90 at 05/22/2026 10:52:12 ---
|
|
|
|
|
|
|
|
|
|
|
|
--- Event 30 at 05/22/2026 10:52:12 ---
|
|
|
|
|
|
|
|
|
|
|
|
--- Event 30 at 05/22/2026 10:52:12 ---
|
|
|
|
|
|
|
|
|
|
|
|
--- Event 30 at 05/22/2026 10:52:12 ---
|
|
|
|
|
|
|
|
|
|
|
|
--- Event 11 at 05/22/2026 10:52:12 ---
|
|
|
|
|
|
|
|
|
|
|
|
--- Event 11 at 05/22/2026 10:52:12 ---
|
|
|
|
|
|
|
|
|
|
|
|
--- Event 11 at 05/22/2026 10: ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Clear CAPI2 log, attempt VPN, then dump raw event XML
|
|
wevtutil cl "Microsoft-Windows-CAPI2/Operational" 2>&1
|
|
|
|
# Try VPN
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
|
|
# Get first few CAPI2 events with full XML
|
|
$events = Get-WinEvent -LogName "Microsoft-Windows-CAPI2/Operational" -MaxEvents 50 -ErrorAction SilentlyContinue
|
|
Write-Host "Total CAPI2 events: $($events.Count)"
|
|
Write-Host ""
|
|
|
|
# Find events with actual error info (non-zero status) in the XML
|
|
foreach ($e in $events[0..9]) {
|
|
$x = [xml]$e.ToXml()
|
|
$raw = $x.Event.EventData.InnerXml
|
|
if ($raw.Length -gt 10) {
|
|
Write-Host "=== Event ID=$($e.Id) ==="
|
|
Write-Host $raw
|
|
Write-Host ""
|
|
}
|
|
}
|
|
|
|
Write-Host "VPN result: $result"
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: d8cd04fe-9509-49bb-a155-4b67c62d70d1
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/d8cd04fe-9509-49bb-a155-4b67c62d70d1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: Total CAPI2 events: 50
|
|
|
|
|
|
|
|
VPN result: Connecting to Peaceful Spirit VPN... Verifying username and password...Policy match error
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Try VPN first to generate fresh events
|
|
rasdial "Peaceful Spirit VPN" 2>&1 | Out-Null
|
|
|
|
# Read CAPI2 via wevtutil text mode
|
|
Write-Host "=== CAPI2 events (last 5) ==="
|
|
wevtutil qe "Microsoft-Windows-CAPI2/Operational" /c:5 /rd:true /f:text 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== System log IKEEXT/RasMan errors (last 10 mins) ==="
|
|
$cutoff = (Get-Date).AddMinutes(-10)
|
|
Get-WinEvent -LogName System -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.TimeCreated -gt $cutoff -and ($_.ProviderName -match "IKEEXT|RasMan|RemoteAccess" -or $_.Id -in @(20227,20225,20226)) } |
|
|
ForEach-Object { Write-Host "[$($_.TimeCreated)] ID=$($_.Id) Provider=$($_.ProviderName): $($_.Message.Substring(0,[Math]::Min(400,$_.Message.Length)))" }
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Application log errors ==="
|
|
Get-WinEvent -LogName Application -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.TimeCreated -gt $cutoff -and $_.LevelDisplayName -eq "Error" } |
|
|
Select-Object -First 5 |
|
|
ForEach-Object { Write-Host "[$($_.TimeCreated)] $($_.ProviderName): $($_.Message.Substring(0,[Math]::Min(300,$_.Message.Length)))" }
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: d44d6d04-efc2-477a-8cd5-12cd89bec1a1
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: null
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '.'
|
|
```
|
|
Output: {
|
|
|
|
"id": "d44d6d04-efc2-477a-8cd5-12cd89bec1a1",
|
|
|
|
"agent_id": "c778b6a3-c646-4454-a065-8c8bdcb1578e",
|
|
|
|
"command_type": "powershell",
|
|
|
|
"command_text": "\n# Try VPN first to generate fresh events\nrasdial \"Peaceful Spirit VPN\" 2>&1 | Out-Null\n\n# Read CAPI2 via wevtutil text mode\nWrite-Hos ... [truncated]
|
|
|
|
```
|
|
sleep 30
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: <tool_use_error>Blocked: sleep 30 followed by: TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token') curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-4 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 3; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: b85afncji. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\b85afncji.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'
|
|
```
|
|
Output: running
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Get VPN server address
|
|
$vpn = Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -ErrorAction SilentlyContinue
|
|
if (-not $vpn) { $vpn = Get-VpnConnection -Name "Peaceful Spirit VPN" -ErrorAction SilentlyContinue }
|
|
Write-Host "VPN ServerAddress: $($vpn.ServerAddress)"
|
|
Write-Host "VPN SplitTunneling: $($vpn.SplitTunneling)"
|
|
|
|
# Test connectivity to VPN server
|
|
Write-Host ""
|
|
Write-Host "=== Connectivity to VPN server ==="
|
|
$tc = Test-NetConnection -ComputerName $vpn.ServerAddress -Port 500 -ErrorAction SilentlyContinue
|
|
Write-Host "TCP 500: $($tc.TcpTestSucceeded)"
|
|
$tc2 = Test-NetConnection -ComputerName $vpn.ServerAddress -Port 4500 -ErrorAction SilentlyContinue
|
|
Write-Host "TCP 4500: $($tc2.TcpTestSucceeded)"
|
|
|
|
# Test WinHTTP CRL fetch via Invoke-WebRequest (same stack CAPI2 uses)
|
|
Write-Host ""
|
|
Write-Host "=== WinHTTP CRL download test ==="
|
|
try {
|
|
$r = Invoke-WebRequest -Uri "http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10
|
|
Write-Host "Status: $($r.StatusCode) Bytes: $($r.Content.Length) ContentType: $($r.Headers["Content-Type"])"
|
|
} catch {
|
|
Write-Host "ERROR: $_"
|
|
}
|
|
|
|
# Check HOSTS file
|
|
Write-Host ""
|
|
Write-Host "=== HOSTS entry ==="
|
|
Get-Content "C:\Windows\System32\drivers\etc\hosts" | Where-Object { $_ -match "PST-SERVER|72.194" }
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: ce0d21c9-713b-4f39-a663-4e80ecc46010
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/ce0d21c9-713b-4f39-a663-4e80ecc46010" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: running
|
|
|
|
null
|
|
|
|
null
|
|
|
|
```
|
|
sleep 25
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/ce0d21c9-713b-4f39-a663-4e80ecc46010" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: <tool_use_error>Blocked: sleep 25 followed by: TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token') curl -s "http://172.16.3.30:3001/api/commands/ce0d21c9-713b-4 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/ce0d21c9-713b-4f39-a663-4e80ecc46010" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/ce0d21c9-713b-4f39-a663-4e80ecc46010" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: VPN ServerAddress: 98.190.129.150
|
|
|
|
VPN SplitTunneling: True
|
|
|
|
|
|
|
|
=== Connectivity to VPN server ===
|
|
|
|
WARNING: TCP connect to (98.190.129.150 : 500) failed
|
|
|
|
WARNING: Ping to 98.190.129.150 failed with status: TimedOut
|
|
|
|
TCP 500: False
|
|
|
|
WARNING: TCP connect to (98.190.129.150 : 4500) failed
|
|
|
|
WARNING: Pin ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Enable RAS/IKE tracing
|
|
netsh ras diag set rastracing * enabled 2>&1
|
|
|
|
Write-Host "Tracing enabled. Attempting VPN..."
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
|
|
# Disable tracing
|
|
netsh ras diag set rastracing * disabled 2>&1
|
|
|
|
# Read the IKE trace log (most detailed for cert errors)
|
|
$ikeLog = "$env:windir\tracing\ikeext.log"
|
|
if (Test-Path $ikeLog) {
|
|
Write-Host ""
|
|
Write-Host "=== IKEEXT trace (last 80 lines) ==="
|
|
Get-Content $ikeLog -Tail 80
|
|
} else {
|
|
Write-Host "ikeext.log not found, checking available logs:"
|
|
Get-ChildItem "$env:windir\tracing\" -Filter "*.log" | Sort-Object LastWriteTime -Descending | Select-Object -First 10 | ForEach-Object { Write-Host " $($_.Name) ($($_.Length) bytes)" }
|
|
}
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: 57f90139-84b6-4429-a30b-da1cb4aabeb8
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/57f90139-84b6-4429-a30b-da1cb4aabeb8" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/57f90139-84b6-4429-a30b-da1cb4aabeb8" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | tail -100
|
|
```
|
|
Output: Tracing enabled. Attempting VPN...
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error
|
|
|
|
|
|
ikeext.log not found, checking available logs:
|
|
|
|
rasdial_RASAPI32.LOG (9503 bytes)
|
|
|
|
RASTAPI.LOG (6923 bytes)
|
|
|
|
rasdial_RASMANCS.LOG (427 bytes)
|
|
|
|
svchost_RASMANCS.LO ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
Write-Host "=== RASTAPI.LOG ==="
|
|
Get-Content "$env:windir\tracing\RASTAPI.LOG" -Tail 60
|
|
|
|
Write-Host ""
|
|
Write-Host "=== rasdial_RASAPI32.LOG ==="
|
|
Get-Content "$env:windir\tracing\rasdial_RASAPI32.LOG" -Tail 60
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: 05320016-56f0-472a-af98-1c257cb00962
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/05320016-56f0-472a-af98-1c257cb00962" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/05320016-56f0-472a-af98-1c257cb00962" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === RASTAPI.LOG ===
|
|
|
|
[6996] 05-22 11:00:46:464: DwGetConnectInfo
|
|
|
|
|
|
[6996] 05-22 11:00:46:464: DwGetIDInformation
|
|
|
|
|
|
[6996] 05-22 11:00:46:464: DwGetIDInformation. 0
|
|
|
|
|
|
[6996] 05-22 11:00:46:464: SizeRequired for CallID=0
|
|
|
|
|
|
[6996] 05-22 11:00:46:464: CallIDSize=ConnectResponseSize=0
|
|
|
|
|
|
[6996] 05-22 11:0 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
$thumb = "D067E07B4A670AF5C6DE27250EB533B06F28FD6A"
|
|
$cert = Get-ChildItem "Cert:\LocalMachine\My\$thumb"
|
|
|
|
Write-Host "=== Full cert extension detail ==="
|
|
Write-Host "Subject: $($cert.Subject)"
|
|
Write-Host "SubjectAltName:"
|
|
$cert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.17" } | ForEach-Object {
|
|
Write-Host " $($_.Format($true))"
|
|
}
|
|
Write-Host "Key Usage:"
|
|
$cert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.5.7" -or $_.Oid.FriendlyName -eq "Key Usage" } | ForEach-Object {
|
|
Write-Host " $($_.Format($true))"
|
|
}
|
|
Write-Host "All Extensions:"
|
|
$cert.Extensions | ForEach-Object {
|
|
Write-Host " OID=$($_.Oid.Value) ($($_.Oid.FriendlyName)): $($_.Format($false))"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== certutil verify with URL fetch ==="
|
|
certutil -verify -urlfetch "$env:windir\system32\certutil.exe" 2>&1 | Out-Null
|
|
# Export cert to temp file for certutil
|
|
$certFile = "$env:TEMP\machinecert.cer"
|
|
[System.IO.File]::WriteAllBytes($certFile, $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert))
|
|
$result = certutil -verify -urlfetch $certFile 2>&1
|
|
Write-Host ($result -join "`n")
|
|
Remove-Item $certFile -ErrorAction SilentlyContinue
|
|
|
|
Write-Host ""
|
|
Write-Host "=== All certs in LocalMachine\Root matching PEACEFULSPIRIT ==="
|
|
Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -match "PEACEFUL" } | ForEach-Object {
|
|
Write-Host "Thumbprint: $($_.Thumbprint)"
|
|
Write-Host "Subject: $($_.Subject)"
|
|
Write-Host "NotAfter: $($_.NotAfter)"
|
|
}
|
|
'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: f665eb4a-a636-425a-b60c-8fedbc7a0701
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/f665eb4a-a636-425a-b60c-8fedbc7a0701" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/f665eb4a-a636-425a-b60c-8fedbc7a0701" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === Full cert extension detail ===
|
|
|
|
Subject: CN=MaraHomeNew.PEACEFULSPIRIT.local
|
|
|
|
SubjectAltName:
|
|
|
|
DNS Name=MaraHomeNew.PEACEFULSPIRIT.local
|
|
|
|
|
|
|
|
|
|
Key Usage:
|
|
|
|
Digital Signature, Key Encipherment (a0)
|
|
|
|
|
|
|
|
|
|
All Extensions:
|
|
|
|
OID=1.3.6.1.4.1.311.20.2 (Certificate Template Name): Machine
|
|
|
|
OID=2.5.29 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Check for PST-SERVER agent and check private key provider on MaraHomeNew in parallel
|
|
curl -s "http://172.16.3.30:3001/api/agents?search=PST" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.[] | "\(.id) \(.hostname) \(.status)"'
|
|
echo "---"
|
|
curl -s "http://172.16.3.30:3001/api/agents?search=peaceful" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.[] | "\(.id) \(.hostname) \(.status)"'
|
|
```
|
|
Output: 49098c52-542b-44de-bef2-93182280bdc6 ACG-DC16 online
|
|
|
|
7d4f823c-f23d-40b8-ae72-b83cd2ccb09d NEPTUNE online
|
|
|
|
da70e875-1510-4c26-80eb-073e8be30681 ix.azcomputerguru.com online
|
|
|
|
49c66d8b-39e3-42a1-8bc0-c4b6f4df104c AD2 online
|
|
|
|
443bfabb-9213-4157-8be6-2b6d5d3113b2 Jupiter online
|
|
|
|
5316f56f-a1b3-4ac5-97ac- ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# PST-SERVER: check NPS event log for VPN auth failures
|
|
PST_SCRIPT='
|
|
Write-Host "=== NPS Events (last 30 min) ==="
|
|
$cutoff = (Get-Date).AddMinutes(-30)
|
|
Get-WinEvent -LogName "Security" -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.TimeCreated -gt $cutoff -and $_.Id -in @(6272,6273,6274,6276,6277,6278) } |
|
|
Select-Object -First 10 |
|
|
ForEach-Object {
|
|
Write-Host "[$($_.TimeCreated)] ID=$($_.Id): $($_.Message.Substring(0,[Math]::Min(500,$_.Message.Length)))"
|
|
Write-Host "---"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== RRAS Events (last 30 min) ==="
|
|
Get-WinEvent -LogName "System" -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.TimeCreated -gt $cutoff -and ($_.ProviderName -match "RemoteAccess|IKEEXT|RasMan" -or $_.Id -in @(20227,20225,20226,20189)) } |
|
|
Select-Object -First 10 |
|
|
ForEach-Object {
|
|
Write-Host "[$($_.TimeCreated)] ID=$($_.Id) $($_.ProviderName): $($_.Message.Substring(0,[Math]::Min(400,$_.Message.Length)))"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEv2 trusted CA config ==="
|
|
netsh ras show type 2>&1
|
|
netsh ras show authtype 2>&1
|
|
'
|
|
|
|
# MaraHomeNew: check private key provider
|
|
MARA_SCRIPT='
|
|
$thumb = "D067E07B4A670AF5C6DE27250EB533B06F28FD6A"
|
|
$cert = Get-ChildItem "Cert:\LocalMachine\My\$thumb"
|
|
$key = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
|
|
Write-Host "Key provider: $($key.GetType().Name)"
|
|
if ($key -is [System.Security.Cryptography.RSACng]) {
|
|
Write-Host "CNG Key name: $($key.Key.KeyName)"
|
|
Write-Host "Provider: $($key.Key.Provider)"
|
|
Write-Host "Storage flags: $($key.Key.ExportPolicy)"
|
|
} else {
|
|
Write-Host "Key type: $($key.GetType().FullName)"
|
|
}
|
|
'
|
|
|
|
PST_CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
|
|
MARA_CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$MARA_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
|
|
echo "PST_CMD=$PST_CMD"
|
|
echo "MARA_CMD=$MARA_CMD"
|
|
```
|
|
Output: PST_CMD=a06594f9-4988-4937-9faf-de2b024ee133
|
|
MARA_CMD=b2053aa5-aead-40d0-b213-4fd22f243028
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/a06594f9-4988-4937-9faf-de2b024ee133" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
echo "=== PST-SERVER ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/a06594f9-4988-4937-9faf-de2b024ee133" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
echo "=== MARA KEY ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/b2053aa5-aead-40d0-b213-4fd22f243028" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: b11gulu1b. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\b11gulu1b.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/a06594f9-4988-4937-9faf-de2b024ee133" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'
|
|
curl -s "http://172.16.3.30:3001/api/commands/b2053aa5-aead-40d0-b213-4fd22f243028" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'
|
|
```
|
|
Output: running
|
|
|
|
completed
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
echo "=== MARA KEY PROVIDER ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/b2053aa5-aead-40d0-b213-4fd22f243028" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === MARA KEY PROVIDER ===
|
|
Key provider: RSACng
|
|
|
|
CNG Key name: tq-2206ddad-3cbc-4c2b-b2db-0d2f8f7d6d28
|
|
|
|
Provider: Microsoft RSA SChannel Cryptographic Provider
|
|
|
|
Storage flags: None
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/a06594f9-4988-4937-9faf-de2b024ee133" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 5; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/a06594f9-4988-4937-9faf-de2b024ee133" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: blxb7wk4r. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\blxb7wk4r.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Step 1: On PST-SERVER, enable and clear CAPI2 log
|
|
PST_PREP='
|
|
wevtutil sl "Microsoft-Windows-CAPI2/Operational" /e:true /ms:4194304 2>&1
|
|
wevtutil cl "Microsoft-Windows-CAPI2/Operational" 2>&1
|
|
Write-Host "CAPI2 ready on PST-SERVER"
|
|
'
|
|
|
|
PST_PREP_CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_PREP" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
|
|
echo "PST prep: $PST_PREP_CMD"
|
|
```
|
|
Output: PST prep: 61395125-1006-47b4-b0ac-c3ca3442d59f
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/61395125-1006-47b4-b0ac-c3ca3442d59f" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
echo "PST prep done:"
|
|
curl -s "http://172.16.3.30:3001/api/commands/61395125-1006-47b4-b0ac-c3ca3442d59f" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
|
|
# Now trigger VPN attempt from MaraHomeNew
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
VPN_CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n '{command_type:"powershell",command:"rasdial \"Peaceful Spirit VPN\" 2>&1"}')" | jq -r '.command_id')
|
|
echo "VPN attempt: $VPN_CMD"
|
|
```
|
|
Output: PST prep done:
|
|
CAPI2 ready on PST-SERVER
|
|
|
|
|
|
|
|
VPN attempt: 71f41fed-6c28-4953-857b-cde36ae6fc89
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/71f41fed-6c28-4953-857b-cde36ae6fc89" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
|
|
# Now read PST-SERVER's CAPI2 log
|
|
PST_READ='
|
|
$events = Get-WinEvent -LogName "Microsoft-Windows-CAPI2/Operational" -MaxEvents 200 -ErrorAction SilentlyContinue
|
|
Write-Host "Total events: $($events.Count)"
|
|
foreach ($e in $events) {
|
|
$x = [xml]$e.ToXml()
|
|
$inner = $x.Event.EventData.InnerXml
|
|
if ($inner.Length -gt 5) {
|
|
Write-Host "=== ID=$($e.Id) $($e.TimeCreated) ==="
|
|
Write-Host $inner
|
|
}
|
|
}
|
|
'
|
|
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_READ_CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_READ" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "PST CAPI2 read: $PST_READ_CMD"
|
|
```
|
|
Output: Command running in background with ID: bynascp2u. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bynascp2u.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/71f41fed-6c28-4953-857b-cde36ae6fc89" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout'
|
|
```
|
|
Output: failed
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
# Check if PST-SERVER CAPI2 read is done yet
|
|
curl -s "http://172.16.3.30:3001/api/commands/$(cat /tmp/pst_cmd 2>/dev/null || echo 'unknown')" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status' 2>/dev/null
|
|
|
|
# Also send PST_READ_CMD (we need to track it)
|
|
# Let me send it fresh since I don't have the ID from the background task output
|
|
PST_READ2='
|
|
$events = Get-WinEvent -LogName "Microsoft-Windows-CAPI2/Operational" -MaxEvents 100 -ErrorAction SilentlyContinue
|
|
Write-Host "Events captured: $($events.Count)"
|
|
$shown = 0
|
|
foreach ($e in ($events | Sort-Object TimeCreated)) {
|
|
$x = [xml]$e.ToXml()
|
|
$inner = $x.Event.EventData.InnerXml
|
|
if ($inner -and $inner.Length -gt 20) {
|
|
Write-Host "=== ID=$($e.Id) ==="
|
|
# Look for error status or cert info
|
|
if ($x.Event.EventData.Data) {
|
|
$x.Event.EventData.Data | ForEach-Object { Write-Host " $($_.name): $_" }
|
|
}
|
|
Write-Host $inner.Substring(0,[Math]::Min(800,$inner.Length))
|
|
$shown++
|
|
if ($shown -ge 5) { break }
|
|
}
|
|
}
|
|
if ($shown -eq 0) { Write-Host "No events with data found" }
|
|
'
|
|
PST_CMD2=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_READ2" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "PST_CMD2=$PST_CMD2"
|
|
```
|
|
Output: PST_CMD2=2745eba1-dc2d-4404-ae35-015b577d80fc
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/2745eba1-dc2d-4404-ae35-015b577d80fc" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/2745eba1-dc2d-4404-ae35-015b577d80fc" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Events captured: 100
|
|
|
|
No events with data found
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_SCRIPT='
|
|
Write-Host "=== PST-SERVER machine certs ==="
|
|
Get-ChildItem Cert:\LocalMachine\My | ForEach-Object {
|
|
Write-Host "Subject: $($_.Subject)"
|
|
Write-Host " Thumbprint: $($_.Thumbprint)"
|
|
Write-Host " NotAfter: $($_.NotAfter)"
|
|
Write-Host " EKUs: $($_.EnhancedKeyUsageList.FriendlyName -join ", ")"
|
|
Write-Host " HasPrivateKey: $($_.HasPrivateKey)"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== RRAS machine cert config ==="
|
|
netsh ras show config 2>&1
|
|
netsh ras show authtype 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== CAPI2 wevtutil text (last 10) ==="
|
|
wevtutil qe "Microsoft-Windows-CAPI2/Operational" /c:10 /rd:true /f:text 2>&1 | Select-Object -First 100
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=6d2dedba-b4cf-41ca-aeb2-1363ee5d4a8e
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/6d2dedba-b4cf-41ca-aeb2-1363ee5d4a8e" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/6d2dedba-b4cf-41ca-aeb2-1363ee5d4a8e" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === PST-SERVER machine certs ===
|
|
|
|
Subject: CN=PST-SERVER.PEACEFULSPIRIT.local
|
|
|
|
Thumbprint: DB71981ABE4CBA1DE96FEEEAF178F6259663B543
|
|
|
|
NotAfter: 05/09/2027 13:57:36
|
|
|
|
EKUs: Client Authentication, Server Authentication
|
|
|
|
HasPrivateKey: True
|
|
|
|
Subject: CN=PST-SERVER
|
|
|
|
Thumbprint: 8B39ADB0A4347CD40 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_SCRIPT='
|
|
Write-Host "=== RRAS service start time ==="
|
|
(Get-Service RemoteAccess).Status
|
|
$svc = Get-WmiObject Win32_Service -Filter "Name='"'"'RemoteAccess'"'"'"
|
|
Write-Host "State: $($svc.State)"
|
|
|
|
# Check IKEv2 cert in registry
|
|
Write-Host ""
|
|
Write-Host "=== IKEv2 cert registry ==="
|
|
$keys = @(
|
|
"HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2",
|
|
"HKLM:\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters"
|
|
)
|
|
foreach ($k in $keys) {
|
|
if (Test-Path $k) {
|
|
Write-Host "Key: $k"
|
|
Get-ItemProperty $k | Format-List
|
|
}
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== RemoteAccess Parameters ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters" -ErrorAction SilentlyContinue | Format-List
|
|
|
|
Write-Host ""
|
|
Write-Host "=== certutil -store My PST-SERVER certs ==="
|
|
certutil -store My "PST-SERVER" 2>&1 | Select-Object -First 60
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=a78618fa-3e29-41a0-b9ba-f5bd9d389c0d
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/a78618fa-3e29-41a0-b9ba-f5bd9d389c0d" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/a78618fa-3e29-41a0-b9ba-f5bd9d389c0d" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: bjy1ne9xz. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bjy1ne9xz.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/a78618fa-3e29-41a0-b9ba-f5bd9d389c0d" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: failed
|
|
|
|
=== RRAS service start time ===
|
|
|
|
Running
|
|
|
|
|
|
State: Running
|
|
|
|
|
|
|
|
=== IKEv2 cert registry ===
|
|
|
|
Key: HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ConfigOptions : 0
|
|
|
|
|
|
idleTimeout : 300
|
|
|
|
|
|
networkBlackoutTime : 1800
|
|
|
|
|
|
saDataSize : 335 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_SCRIPT='
|
|
Write-Host "=== Serial number of RRAS cert (DB71981A...) ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "DB71981ABE4CBA1DE96FEEEAF178F6259663B543" }
|
|
Write-Host "Serial: $($cert.SerialNumber)"
|
|
Write-Host "NotBefore: $($cert.NotBefore)"
|
|
Write-Host "NotAfter: $($cert.NotAfter)"
|
|
|
|
Write-Host ""
|
|
Write-Host "=== CRL content (local CA) ==="
|
|
certutil -dump "C:\Windows\System32\CertSrv\CertEnroll\PEACEFULSPIRIT-PST-SERVER-CA.crl" 2>&1 | Select-Object -First 60
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Delta CRL content ==="
|
|
$deltaFiles = Get-ChildItem "C:\Windows\System32\CertSrv\CertEnroll\*+.crl" -ErrorAction SilentlyContinue
|
|
if ($deltaFiles) {
|
|
certutil -dump $deltaFiles[0].FullName 2>&1 | Select-Object -First 40
|
|
} else {
|
|
Write-Host "No delta CRL files found in CertEnroll"
|
|
Get-ChildItem "C:\Windows\System32\CertSrv\CertEnroll\" | ForEach-Object { Write-Host " $($_.Name) ($($_.Length) bytes)" }
|
|
}
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=9ae2344e-c5fa-4d8f-bd11-0d24ddf5ca22
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/9ae2344e-c5fa-4d8f-bd11-0d24ddf5ca22" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/9ae2344e-c5fa-4d8f-bd11-0d24ddf5ca22" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === Serial number of RRAS cert (DB71981A...) ===
|
|
|
|
Serial: 520000003E737D7BEBF88E852100000000003E
|
|
|
|
NotBefore: 05/09/2026 13:57:36
|
|
|
|
NotAfter: 05/09/2027 13:57:36
|
|
|
|
|
|
|
|
=== CRL content (local CA) ===
|
|
|
|
X509 Certificate Revocation List:
|
|
|
|
|
|
Version: 2
|
|
|
|
|
|
Signature Algorithm:
|
|
|
|
|
|
Algorithm ObjectId: 1.2.840.1 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Export PST-SERVER's RRAS cert as base64 from PST-SERVER
|
|
PST_EXPORT='
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "DB71981ABE4CBA1DE96FEEEAF178F6259663B543" }
|
|
$bytes = $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
|
|
[Convert]::ToBase64String($bytes)
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_EXPORT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=75d27565-602e-4859-bc28-037bc2901531
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/75d27565-602e-4859-bc28-037bc2901531" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
CERT_B64=$(curl -s "http://172.16.3.30:3001/api/commands/75d27565-602e-4859-bc28-037bc2901531" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | tr -d '\n')
|
|
echo "Cert length: ${#CERT_B64}"
|
|
echo "$CERT_B64" | head -c 60
|
|
```
|
|
Output: Cert length: 1855
|
|
MIIFaDCCBFCgAwIBAgITUgAAAD5zfXvr+I6FIQAAAAAAPjANBgkqhkiG9w0B
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
CERT_B64=$(curl -s "http://172.16.3.30:3001/api/commands/75d27565-602e-4859-bc28-037bc2901531" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | tr -d '\n\r')
|
|
|
|
# Build script to verify PST-SERVER cert from MaraHomeNew's perspective
|
|
MARA_SCRIPT="
|
|
\$certB64 = '$CERT_B64'
|
|
\$bytes = [Convert]::FromBase64String(\$certB64)
|
|
\$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(\$bytes)
|
|
Write-Host 'Cert subject: ' \$cert.Subject
|
|
Write-Host 'Thumbprint: ' \$cert.Thumbprint
|
|
Write-Host 'Valid from: ' \$cert.NotBefore
|
|
Write-Host 'Valid to: ' \$cert.NotAfter
|
|
|
|
# Save to file and verify with certutil
|
|
\$tmpFile = \$env:TEMP + '\pst_server_cert.cer'
|
|
[IO.File]::WriteAllBytes(\$tmpFile, \$bytes)
|
|
Write-Host ''
|
|
Write-Host '=== certutil verify of PST-SERVER cert from MaraHomeNew ==='
|
|
certutil -verify -urlfetch \$tmpFile 2>&1
|
|
Remove-Item \$tmpFile -ErrorAction SilentlyContinue
|
|
"
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$MARA_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=a0164049-5bdd-4b28-956e-f3f922d7f3d5
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/a0164049-5bdd-4b28-956e-f3f922d7f3d5" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/a0164049-5bdd-4b28-956e-f3f922d7f3d5" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Cert subject:
|
|
|
|
Thumbprint:
|
|
|
|
Valid from:
|
|
|
|
Valid to:
|
|
|
|
|
|
|
|
=== certutil verify of PST-SERVER cert from MaraHomeNew ===
|
|
|
|
Issuer:
|
|
|
|
|
|
CN=PEACEFULSPIRIT-PST-SERVER-CA
|
|
|
|
|
|
Name Hash(sha1): 22fedd59c4372cfd606d13bf5329054ae41f4043
|
|
|
|
|
|
Name Hash(md5): 663cec3ba4e5e71ad51c9567dfd97053
|
|
|
|
|
|
Subject: ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
Write-Host "=== OS Version ==="
|
|
[System.Environment]::OSVersion
|
|
(Get-WmiObject Win32_OperatingSystem).Caption
|
|
(Get-WmiObject Win32_OperatingSystem).BuildNumber
|
|
|
|
Write-Host ""
|
|
Write-Host "=== VPN Phonebook entry (Peaceful Spirit VPN) ==="
|
|
$pbk = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
|
|
if (Test-Path $pbk) {
|
|
$content = Get-Content $pbk -Raw
|
|
# Extract just the Peaceful Spirit VPN section
|
|
if ($content -match "(?s)\[Peaceful Spirit VPN\](.*?)(?=\[|$)") {
|
|
$matches[0] | Out-String
|
|
}
|
|
} else {
|
|
Write-Host "No system phonebook found"
|
|
$userPbk = "$env:APPDATA\Microsoft\Network\Connections\Pbk\rasphone.pbk"
|
|
if (Test-Path $userPbk) {
|
|
Get-Content $userPbk -Raw | Select-String -Pattern "Peaceful Spirit" -Context 50
|
|
}
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IPsec configuration ==="
|
|
Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -ErrorAction SilentlyContinue | Select-Object * | Out-String
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=5602bc6d-00d9-4b41-9048-54bcf40d869d
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/5602bc6d-00d9-4b41-9048-54bcf40d869d" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/5602bc6d-00d9-4b41-9048-54bcf40d869d" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === OS Version ===
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=== VPN Phonebook entry (Peaceful Spirit VPN) ===
|
|
|
|
|
|
|
|
=== IPsec configuration ===
|
|
|
|
Platform ServicePack Version VersionString
|
|
|
|
|
|
-------- ----------- ------- -------------
|
|
|
|
|
|
Win32NT 10.0.26200.0 Microsoft Windows N ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
$pbk = "C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk"
|
|
$content = Get-Content $pbk -Raw
|
|
# Change DisableIKENameEkuCheck=0 to =1 for the Peaceful Spirit VPN section
|
|
$updated = $content -replace "(?<=\[Peaceful Spirit VPN\][^\[]*?)DisableIKENameEkuCheck=0", "DisableIKENameEkuCheck=1"
|
|
if ($updated -ne $content) {
|
|
Set-Content $pbk $updated -NoNewline
|
|
Write-Host "DisableIKENameEkuCheck set to 1 in phonebook"
|
|
} else {
|
|
Write-Host "No change made - pattern not found or already =1"
|
|
}
|
|
|
|
# Verify
|
|
$check = Get-Content $pbk -Raw
|
|
if ($check -match "DisableIKENameEkuCheck=1") { Write-Host "Verified: DisableIKENameEkuCheck=1" }
|
|
|
|
# Restart RasMan to pick up phonebook changes
|
|
Restart-Service RasMan -Force 2>&1
|
|
Write-Host "RasMan restarted"
|
|
|
|
# Try VPN
|
|
Start-Sleep -Seconds 3
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host "VPN result: $result"
|
|
Write-Host "Exit code: $LASTEXITCODE"
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=b05296e8-9dfa-46d3-9b9a-6233ef8dad8d
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/b05296e8-9dfa-46d3-9b9a-6233ef8dad8d" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/b05296e8-9dfa-46d3-9b9a-6233ef8dad8d" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: DisableIKENameEkuCheck set to 1 in phonebook
|
|
|
|
Verified: DisableIKENameEkuCheck=1
|
|
|
|
RasMan restarted
|
|
|
|
VPN result: Connecting to Peaceful Spirit VPN... Verifying username and password...Policy match error
|
|
|
|
Exit code: 13868
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Restart RRAS and IKEEXT on PST-SERVER
|
|
PST_RESTART='
|
|
Write-Host "Restarting IKEEXT..."
|
|
Restart-Service IKEEXT -Force
|
|
Start-Sleep -Seconds 2
|
|
Write-Host "Restarting RemoteAccess (RRAS)..."
|
|
Restart-Service RemoteAccess -Force
|
|
Start-Sleep -Seconds 3
|
|
Write-Host "Services restarted"
|
|
|
|
# Verify which cert RRAS is now using
|
|
$ikeConfig = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2" -ErrorAction SilentlyContinue
|
|
$hashBytes = $ikeConfig.MachineCertificateHash
|
|
$thumbprint = ($hashBytes | ForEach-Object { $_.ToString("x2") }) -join ""
|
|
Write-Host "RRAS cert thumbprint: $thumbprint"
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq $thumbprint.ToUpper() }
|
|
if ($cert) {
|
|
Write-Host "Cert: $($cert.Subject) (NotAfter: $($cert.NotAfter)) - VALID: $((Get-Date) -lt $cert.NotAfter)"
|
|
} else {
|
|
Write-Host "Cert NOT FOUND in store!"
|
|
}
|
|
'
|
|
|
|
PST_CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_RESTART" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "PST_CMD=$PST_CMD"
|
|
```
|
|
Output: PST_CMD=c93bf365-4bcf-4df6-a5ad-28342c052f84
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/c93bf365-4bcf-4df6-a5ad-28342c052f84" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
echo "=== PST-SERVER restart result ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/c93bf365-4bcf-4df6-a5ad-28342c052f84" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === PST-SERVER restart result ===
|
|
Restarting IKEEXT...
|
|
|
|
Restarting RemoteAccess (RRAS)...
|
|
|
|
WARNING: Waiting for service 'Routing and Remote Access (RemoteAccess)' to
|
|
|
|
|
|
stop...
|
|
|
|
Services restarted
|
|
|
|
RRAS cert thumbprint: db71981abe4cba1de96feeeaf178f6259663b543
|
|
|
|
Cert: CN=PST-SERVER.PEACEFULSPIRIT.loc ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n '{command_type:"powershell",command:"rasdial \"Peaceful Spirit VPN\" 2>&1; Write-Host \"Exit: $LASTEXITCODE\""}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=7530731a-e478-4921-ac27-5f3b903ccd1e
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/7530731a-e478-4921-ac27-5f3b903ccd1e" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/7530731a-e478-4921-ac27-5f3b903ccd1e" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error Exit: 13868
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_SCRIPT='
|
|
Write-Host "=== NPS Service Status ==="
|
|
Get-Service IAS -ErrorAction SilentlyContinue | Select-Object Name, Status, StartType
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Security log event 6273 (last 30 min) ==="
|
|
$cutoff = (Get-Date).AddMinutes(-30)
|
|
try {
|
|
$events = Get-WinEvent -FilterHashtable @{LogName="Security"; Id=6273; StartTime=$cutoff} -ErrorAction Stop -MaxEvents 10
|
|
foreach ($e in $events) {
|
|
Write-Host "[$($e.TimeCreated)] $($e.Message.Substring(0,[Math]::Min(600,$e.Message.Length)))"
|
|
Write-Host "---"
|
|
}
|
|
} catch {
|
|
Write-Host "No 6273 events found or access denied: $_"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Security log event 6272 (success, last 30 min) ==="
|
|
try {
|
|
$ev2 = Get-WinEvent -FilterHashtable @{LogName="Security"; Id=6272; StartTime=$cutoff} -ErrorAction Stop -MaxEvents 5
|
|
Write-Host "Success events: $($ev2.Count)"
|
|
} catch {
|
|
Write-Host "No 6272 events: $_"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== NPS connection request policies (netsh) ==="
|
|
netsh nps show crp 2>&1 | Select-Object -First 40
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=4d27ed1f-b63b-47c4-9fa3-102cb27e7970
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/4d27ed1f-b63b-47c4-9fa3-102cb27e7970" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/4d27ed1f-b63b-47c4-9fa3-102cb27e7970" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: b8y4um8el. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\b8y4um8el.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/4d27ed1f-b63b-47c4-9fa3-102cb27e7970" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'
|
|
```
|
|
Output: failed
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/4d27ed1f-b63b-47c4-9fa3-102cb27e7970" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === NPS Service Status ===
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=== Security log event 6273 (last 30 min) ===
|
|
|
|
No 6273 events found or access denied: No events were found that match the specified selection criteria.
|
|
|
|
|
|
|
|
=== Security log event 6272 (success, last 30 min) ===
|
|
|
|
No 6272 events: No events were found that match the spec ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_SCRIPT='
|
|
Write-Host "=== CRL accessibility from PST-SERVER itself ==="
|
|
try {
|
|
$r = Invoke-WebRequest -Uri "http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10
|
|
Write-Host "localhost CRL: $($r.StatusCode) ($($r.Content.Length) bytes)"
|
|
} catch {
|
|
Write-Host "localhost CRL ERROR: $_"
|
|
}
|
|
|
|
try {
|
|
$r2 = Invoke-WebRequest -Uri "http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10
|
|
Write-Host "PST-SERVER CRL: $($r2.StatusCode) ($($r2.Content.Length) bytes)"
|
|
} catch {
|
|
Write-Host "PST-SERVER CRL ERROR: $_"
|
|
}
|
|
|
|
try {
|
|
$r3 = Invoke-WebRequest -Uri "http://192.168.0.2/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10
|
|
Write-Host "192.168.0.2 CRL: $($r3.StatusCode) ($($r3.Content.Length) bytes)"
|
|
} catch {
|
|
Write-Host "192.168.0.2 CRL ERROR: $_"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IIS CertEnroll virtual directory ==="
|
|
Import-Module WebAdministration -ErrorAction SilentlyContinue
|
|
Get-WebVirtualDirectory -Site "Default Web Site" -Name "CertEnroll" -ErrorAction SilentlyContinue | Format-List
|
|
|
|
Write-Host ""
|
|
Write-Host "=== certutil verify client cert (MaraHomeNew) from PST-SERVER ==="
|
|
$clientCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -match "MaraHomeNew" }
|
|
if ($clientCert) {
|
|
Write-Host "Found client cert: $($clientCert.Subject) [$($clientCert.Thumbprint)]"
|
|
$tmpFile = $env:TEMP + "\client_cert.cer"
|
|
[IO.File]::WriteAllBytes($tmpFile, $clientCert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert))
|
|
certutil -verify -urlfetch $tmpFile 2>&1 | Where-Object { $_ -match "Verified|Error|FAIL|chain|CRL|AIA|error" }
|
|
Remove-Item $tmpFile -ErrorAction SilentlyContinue
|
|
} else {
|
|
Write-Host "MaraHomeNew cert not found in PST-SERVER My store"
|
|
}
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$PST_SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: EPERM: operation not permitted, uv_spawn 'C:\Program Files\Git\bin\bash.exe'
|
|
|
|
```
|
|
$TOKEN = (curl -s -X POST http://172.16.3.30:3001/api/auth/login -H "Content-Type: application/json" -d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | ConvertFrom-Json).token
|
|
|
|
$PST_SCRIPT = @'
|
|
Write-Host "=== CRL accessibility from PST-SERVER itself ==="
|
|
try {
|
|
$r = Invoke-WebRequest -Uri "http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10
|
|
Write-Host "localhost CRL: $($r.StatusCode) ($($r.Content.Length) bytes)"
|
|
} catch {
|
|
Write-Host "localhost CRL ERROR: $_"
|
|
}
|
|
|
|
try {
|
|
$r2 = Invoke-WebRequest -Uri "http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10
|
|
Write-Host "PST-SERVER CRL: $($r2.StatusCode) ($($r2.Content.Length) bytes)"
|
|
} catch {
|
|
Write-Host "PST-SERVER CRL ERROR: $_"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== certutil verify MaraHomeNew cert from PST-SERVER ==="
|
|
$clientCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Subject -match "MaraHomeNew" }
|
|
if ($clientCert) {
|
|
Write-Host "Found: $($clientCert.Thumbprint)"
|
|
$tmpFile = $env:TEMP + "\client_cert.cer"
|
|
[IO.File]::WriteAllBytes($tmpFile, $clientCert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert))
|
|
certutil -verify -urlfetch $tmpFile 2>&1 | Where-Object { $_ -match "Verified|Failed|error|CRL|chain" }
|
|
Remove-Item $tmpFile -ErrorAction SilentlyContinue
|
|
} else {
|
|
Write-Host "MaraHomeNew cert not in PST-SERVER My store"
|
|
}
|
|
'@
|
|
|
|
$body = @{command_type="powershell"; command=$PST_SCRIPT} | ConvertTo-Json
|
|
$resp = Invoke-RestMethod -Uri "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" -Method POST -Headers @{Authorization="Bearer $TOKEN"; "Content-Type"="application/json"} -Body $body
|
|
$resp.command_id
|
|
```
|
|
Output: EPERM: operation not permitted, uv_spawn 'C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe'
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='Write-Host "CRL test"; try { $r = Invoke-WebRequest -Uri "http://localhost/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10; Write-Host "localhost: $($r.StatusCode) $($r.Content.Length)bytes" } catch { Write-Host "localhost ERR: $_" }; try { $r2 = Invoke-WebRequest -Uri "http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl" -UseBasicParsing -TimeoutSec 10; Write-Host "PST-SERVER: $($r2.StatusCode) $($r2.Content.Length)bytes" } catch { Write-Host "PST-SERVER ERR: $_" }'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id'
|
|
```
|
|
Output: df1ac23e-998e-415f-9d47-fc079dc55cde
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/df1ac23e-998e-415f-9d47-fc079dc55cde" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 3; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/df1ac23e-998e-415f-9d47-fc079dc55cde" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: CRL test
|
|
|
|
localhost: 200 795bytes
|
|
|
|
PST-SERVER: 200 795bytes
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Two commands in parallel: attempt VPN and immediately check System log
|
|
SCRIPT='rasdial "Peaceful Spirit VPN" 2>&1; Start-Sleep 1; wevtutil qe System /q:"*[System[TimeCreated[timediff(@SystemTime) <= 60000] and (Provider[@Name='"'"'RemoteAccess'"'"'] or Provider[@Name='"'"'RasClient'"'"'] or EventID=20019 or EventID=20227 or EventID=20226 or EventID=20225 or EventID=20189)]]" /c:10 /f:text 2>&1'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=c2c99f6c-d77e-4777-be7b-6c43a28124f7
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/c2c99f6c-d77e-4777-be7b-6c43a28124f7" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/c2c99f6c-d77e-4777-be7b-6c43a28124f7" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='Write-Host "=== NPS Network Policies ==="; netsh nps show np 2>&1 | Select-Object -First 80; Write-Host ""; Write-Host "=== NPS Log last 30 lines ==="; $log = "C:\Windows\System32\LogFiles\IN*.log"; $files = Get-ChildItem $log -ErrorAction SilentlyContinue | Sort-Object LastWriteTime -Descending; if ($files) { Get-Content $files[0].FullName -Tail 30 } else { Write-Host "No NPS log files found" }'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/6b6106a7-8515-4b6b-857d-0dc6ede53f35/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=65bd8b9c-64b6-4116-b417-1d8e8073cd18
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/65bd8b9c-64b6-4116-b417-1d8e8073cd18" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 4; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/65bd8b9c-64b6-4116-b417-1d8e8073cd18" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === NPS Network Policies ===
|
|
|
|
|
|
|
|
|
|
Network policy configuration:
|
|
|
|
|
|
---------------------------------------------------------
|
|
|
|
|
|
Name = Connections to other access servers
|
|
|
|
|
|
State = Enabled
|
|
|
|
|
|
Processing order = 999999
|
|
|
|
|
|
Policy source = 0
|
|
|
|
|
|
|
|
|
|
|
|
Condition attributes:
|
|
|
|
|
|
|
|
|
|
|
|
N ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
# Start packet capture
|
|
netsh trace start capture=yes scenario=VpnClient report=disabled maxsize=20 tracefile="C:\Temp\ike_trace.etl" 2>&1
|
|
Write-Host "Trace started"
|
|
|
|
# Attempt VPN
|
|
$vpnResult = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host "VPN: $vpnResult"
|
|
|
|
# Stop trace
|
|
netsh trace stop 2>&1
|
|
Write-Host "Trace stopped"
|
|
|
|
# Convert to text
|
|
netsh trace convert "C:\Temp\ike_trace.etl" output="C:\Temp\ike_trace.txt" overwrite=yes 2>&1
|
|
Write-Host "Conversion done"
|
|
|
|
# Read the relevant parts (look for IKE/IKEEXT keywords)
|
|
if (Test-Path "C:\Temp\ike_trace.txt") {
|
|
$lines = Get-Content "C:\Temp\ike_trace.txt"
|
|
Write-Host "Total lines: $($lines.Count)"
|
|
$ikeLines = $lines | Where-Object { $_ -match "IKE|AUTH|cert|error|NOTIFY|13868|policy|CERT" } | Select-Object -First 50
|
|
$ikeLines | ForEach-Object { Write-Host $_ }
|
|
} else {
|
|
Write-Host "No trace file found"
|
|
Get-ChildItem "C:\Temp\" -ErrorAction SilentlyContinue | ForEach-Object { Write-Host $_.Name }
|
|
}
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=f103af83-a84b-461a-a4a0-5ff71326aa8a
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/f103af83-a84b-461a-a4a0-5ff71326aa8a" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" = "completed" ]; do sleep 5; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/f103af83-a84b-461a-a4a0-5ff71326aa8a" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Trace configuration:
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Status: Running
|
|
|
|
|
|
Trace File: C:\Temp\ike_trace.etl
|
|
|
|
|
|
Append: Off
|
|
|
|
|
|
Circular: On
|
|
|
|
|
|
Max Size: 20 MB
|
|
|
|
|
|
Report: Disabled
|
|
|
|
|
|
|
|
|
|
|
|
Trace started
|
|
|
|
VPN: ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
SCRIPT='
|
|
Write-Host "=== Machine FQDN ==="
|
|
[System.Net.Dns]::GetHostEntry("").HostName
|
|
$cs = Get-WmiObject Win32_ComputerSystem
|
|
Write-Host "ComputerName: $($cs.Name)"
|
|
Write-Host "Domain: $($cs.Domain)"
|
|
Write-Host "FQDN: $($cs.DNSHostName).$($cs.Domain)"
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Cert SAN ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "D067E07B4A670AF5C6DE27250EB533B06F28FD6A" }
|
|
($cert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.17" }).Format($false)
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Setting registry DisableIKENameEkuCheck ==="
|
|
# Try multiple possible registry paths
|
|
$paths = @(
|
|
"HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2",
|
|
"HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Parameters"
|
|
)
|
|
foreach ($p in $paths) {
|
|
if (Test-Path $p) {
|
|
Set-ItemProperty -Path $p -Name "DisableIKENameEkuCheck" -Value 1 -Type DWORD -Force
|
|
Write-Host "Set DisableIKENameEkuCheck=1 at $p"
|
|
}
|
|
}
|
|
|
|
# Restart RasMan
|
|
Restart-Service RasMan -Force 2>&1
|
|
Write-Host "RasMan restarted"
|
|
Start-Sleep 3
|
|
|
|
Write-Host ""
|
|
Write-Host "=== VPN test ==="
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host $result
|
|
Write-Host "Exit: $LASTEXITCODE"
|
|
'
|
|
|
|
CMD=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$(jq -n --arg cmd "$SCRIPT" '{command_type:"powershell",command:$cmd}')" | jq -r '.command_id')
|
|
echo "CMD=$CMD"
|
|
```
|
|
Output: CMD=86505a98-0dc9-49e3-93f8-a94b3794e372
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/86505a98-0dc9-49e3-93f8-a94b3794e372" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr,.exit_code'
|
|
```
|
|
Output: completed
|
|
|
|
=== Machine FQDN ===
|
|
|
|
MaraHomeNew.PEACEFULSPIRIT.local
|
|
|
|
|
|
ComputerName: MARAHOMENEW
|
|
|
|
Domain: PEACEFULSPIRIT.local
|
|
|
|
FQDN: MaraHomeNew.PEACEFULSPIRIT.local
|
|
|
|
|
|
|
|
=== Cert SAN ===
|
|
|
|
DNS Name=MaraHomeNew.PEACEFULSPIRIT.local
|
|
|
|
|
|
|
|
|
|
=== Setting registry DisableIKENameEkuCheck ===
|
|
|
|
Set DisableIKENameEk ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== CA certs in LocalMachine\Root (PEACEFULSPIRIT) ==="
|
|
Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Subject -like "*PEACEFUL*" -or $_.Issuer -like "*PEACEFUL*" } | ForEach-Object {
|
|
Write-Host "Subject: $($_.Subject)"
|
|
Write-Host "Thumbprint: $($_.Thumbprint)"
|
|
Write-Host "NotBefore: $($_.NotBefore)"
|
|
Write-Host "NotAfter: $($_.NotAfter)"
|
|
Write-Host "---"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== CA certs in LocalMachine\CA (Intermediate) ==="
|
|
Get-ChildItem Cert:\LocalMachine\CA | Where-Object { $_.Subject -like "*PEACEFUL*" -or $_.Issuer -like "*PEACEFUL*" } | ForEach-Object {
|
|
Write-Host "Subject: $($_.Subject)"
|
|
Write-Host "Thumbprint: $($_.Thumbprint)"
|
|
Write-Host "NotAfter: $($_.NotAfter)"
|
|
Write-Host "---"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEEXT service restart + VPN test ==="
|
|
Restart-Service IKEEXT -Force 2>&1
|
|
Write-Host "IKEEXT restarted: $LASTEXITCODE"
|
|
Start-Sleep 3
|
|
Restart-Service RasMan -Force 2>&1
|
|
Write-Host "RasMan restarted"
|
|
Start-Sleep 3
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host $result
|
|
Write-Host "Exit: $LASTEXITCODE"
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEEXT System event log (last 10 entries) ==="
|
|
Get-WinEvent -LogName System -MaxEvents 50 | Where-Object { $_.ProviderName -like "*IKEEXT*" -or $_.ProviderName -like "*IPSEC*" } | Select-Object -First 10 | ForEach-Object {
|
|
Write-Host "ID:$($_.Id) Source:$($_.ProviderName) Time:$($_.TimeCreated) Msg:$($_.Message.Substring(0,[Math]::Min(200,$_.Message.Length)))"
|
|
Write-Host "---"
|
|
}
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 99a5f097-775c-4938-a59c-2c11ace7ce72
|
|
|
|
```
|
|
sleep 25
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/99a5f097-775c-4938-a59c-2c11ace7ce72" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: <tool_use_error>Blocked: sleep 25 followed by: TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token') curl -s "http://172.16.3.30:3001/api/commands/99a5f097-775c-4 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/99a5f097-775c-4938-a59c-2c11ace7ce72" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 5
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/99a5f097-775c-4938-a59c-2c11ace7ce72" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === CA certs in LocalMachine\Root (PEACEFULSPIRIT) ===
|
|
|
|
Subject: CN=PEACEFULSPIRIT-PST-SERVER-CA
|
|
|
|
Thumbprint: 56DAF43C60F246BF2C80A671EE9812C727D8C298
|
|
|
|
NotBefore: 03/16/2021 02:32:49
|
|
|
|
NotAfter: 03/08/2061 02:32:49
|
|
|
|
---
|
|
|
|
|
|
|
|
=== CA certs in LocalMachine\CA (Intermediate) ===
|
|
|
|
Subject: CN=PEACEFULSPIRIT ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
# Enable CAPI2 operational log
|
|
wevtutil sl "Microsoft-Windows-CAPI2/Operational" /e:true 2>&1
|
|
|
|
# Clear existing CAPI2 events
|
|
wevtutil cl "Microsoft-Windows-CAPI2/Operational" 2>&1
|
|
|
|
# Capture fresh IKE trace
|
|
netsh trace start capture=no scenario=VpnClient tracefile=C:\Temp\ike2.etl overwrite=yes maxsize=20 2>&1
|
|
Start-Sleep 2
|
|
|
|
# Trigger VPN
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
|
|
Start-Sleep 2
|
|
netsh trace stop 2>&1
|
|
Start-Sleep 3
|
|
|
|
# Convert trace
|
|
netsh trace convert C:\Temp\ike2.etl output=C:\Temp\ike2.txt 2>&1
|
|
Start-Sleep 5
|
|
|
|
# Read trace - focus on vpnike and cert lines
|
|
Write-Host "=== IKE TRACE (cert/policy/error lines) ==="
|
|
if (Test-Path "C:\Temp\ike2.txt") {
|
|
Get-Content "C:\Temp\ike2.txt" | Where-Object {
|
|
$_ -match "Cert|cert|EKU|eku|Policy|policy|DisableIKE|Error|error|fail|Fail|13868|chain|Chain|revoc|Revoc"
|
|
} | Select-Object -First 60 | ForEach-Object { Write-Host $_ }
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== CAPI2 XML events (last 5) ==="
|
|
wevtutil qe "Microsoft-Windows-CAPI2/Operational" /c:5 /rd:true /f:xml 2>&1 | Select-Object -First 200
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Registry verify ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2" -Name DisableIKENameEkuCheck -ErrorAction SilentlyContinue
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RasMan\Parameters" -Name DisableIKENameEkuCheck -ErrorAction SilentlyContinue
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 77fee2e7-ee47-413b-9a64-e3901a5e5302
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/77fee2e7-ee47-413b-9a64-e3901a5e5302" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 8
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/77fee2e7-ee47-413b-9a64-e3901a5e5302" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Trace configuration:
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
Status: Running
|
|
|
|
|
|
Trace File: C:\Temp\ike2.etl
|
|
|
|
|
|
Append: Off
|
|
|
|
|
|
Circular: On
|
|
|
|
|
|
Max Size: 20 MB
|
|
|
|
|
|
Report: Off
|
|
|
|
|
|
|
|
|
|
|
|
Connecting to Peaceful Spirit ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== Full trace window 11:49:54.380 to 11:49:54.420 ==="
|
|
if (Test-Path "C:\Temp\ike2.txt") {
|
|
Get-Content "C:\Temp\ike2.txt" | Where-Object {
|
|
$_ -match "11:49:54\.(38[0-9]|39[0-9]|4[01][0-9])"
|
|
} | ForEach-Object { Write-Host $_ }
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== All providers in trace (unique tags) ==="
|
|
if (Test-Path "C:\Temp\ike2.txt") {
|
|
Get-Content "C:\Temp\ike2.txt" | Select-String "\[Microsoft-Windows-[^\]]+\]" -AllMatches |
|
|
ForEach-Object { $_.Matches } | ForEach-Object { $_.Value } |
|
|
Sort-Object -Unique | ForEach-Object { Write-Host $_ }
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== certutil dump of MaraHomeNew cert ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "D067E07B4A670AF5C6DE27250EB533B06F28FD6A" }
|
|
$cert | Export-Certificate -FilePath "C:\Temp\marahome.cer" -Type CERT 2>&1
|
|
certutil -dump "C:\Temp\marahome.cer" 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== StrongCRLCheck registry ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2" -ErrorAction SilentlyContinue | Select-Object * | Where-Object { $_ -notmatch "PSPath|PSParent|PSChild|PSDrive|PSProvider" }
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 2f0edc22-0163-4785-bbdf-28d709090dde
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/2f0edc22-0163-4785-bbdf-28d709090dde" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 6
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/2f0edc22-0163-4785-bbdf-28d709090dde" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -200
|
|
```
|
|
Output: === Full trace window 11:49:54.380 to 11:49:54.420 ===
|
|
|
|
[0]43CC.281C::2026/05/22-11:49:54.382887500 [Unknown]Unknown( 145): GUID=05d2c850-4120-3d87-f275-dbb9d9c80fbc (No Format Information found).
|
|
|
|
[0]43CC.281C::2026/05/22-11:49:54.382890200 [Microsoft-Windows-RRAS]Leaving ClientBFEHandler::PlumbPol ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/2f0edc22-0163-4785-bbdf-28d709090dde" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | tail -n +201
|
|
```
|
|
Output: [11]43CC.30BC::2026/05/22-11:49:54.413052400 [Unknown]Unknown( 26): GUID=91366446-2431-34fa-0583-e6d0286e0c5a (No Format Information found).
|
|
|
|
[11]43CC.30BC::2026/05/22-11:49:54.413052700 [Unknown]Unknown( 28): GUID=91366446-2431-34fa-0583-e6d0286e0c5a (No Format Information found).
|
|
|
|
[11]43CC.30BC::2 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== CA cert dump (SKI check) ==="
|
|
$ca = Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Thumbprint -eq "56DAF43C60F246BF2C80A671EE9812C727D8C298" }
|
|
$ca | Export-Certificate -FilePath "C:\Temp\ca.cer" -Type CERT 2>&1
|
|
certutil -dump "C:\Temp\ca.cer" 2>&1 | Select-String -Pattern "Subject Key|Key Id Hash|Serial|NotBefore|NotAfter|Issuer|Subject:|Algorithm" | ForEach-Object { Write-Host $_ }
|
|
|
|
Write-Host ""
|
|
Write-Host "=== StrongCRLCheck (Ikev2 key all values) ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2" -ErrorAction SilentlyContinue
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Flush CRL cache then re-verify ==="
|
|
certutil -urlcache CRL delete 2>&1
|
|
Write-Host "--- After flush, verify with urlfetch ---"
|
|
certutil -verify -urlfetch "C:\Temp\marahome.cer" 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Windows build / update info ==="
|
|
(Get-WmiObject -Class Win32_OperatingSystem).Version
|
|
(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").UBR
|
|
(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ReleaseId
|
|
(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").DisplayVersion
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 25b09c85-db62-445b-9993-8ce5969a09d8
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/25b09c85-db62-445b-9993-8ce5969a09d8" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 8
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/25b09c85-db62-445b-9993-8ce5969a09d8" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === CA cert dump (SKI check) ===
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Directory: C:\Temp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Mode LastWriteTime Length Name
|
|
|
|
|
|
---- ------------- ------ ---- ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== IKEEXT event logs available ==="
|
|
wevtutil el | Where-Object { $_ -match "IKE|ipsec|ike" } | ForEach-Object { Write-Host $_ }
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEEXT operational log events ==="
|
|
wevtutil qe "Microsoft-Windows-IKEEXT-Operational" /c:20 /rd:true /f:text 2>&1 | Select-Object -First 100
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEEXT service PID ==="
|
|
$svc = Get-WmiObject Win32_Service | Where-Object { $_.Name -eq "IKEEXT" }
|
|
Write-Host "PID: $($svc.ProcessId)"
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Enable CAPI2 + VPN test + CAPI2 events from IKEEXT PID ==="
|
|
$pid = (Get-WmiObject Win32_Service | Where-Object { $_.Name -eq "IKEEXT" }).ProcessId
|
|
wevtutil sl "Microsoft-Windows-CAPI2/Operational" /e:true 2>&1
|
|
wevtutil cl "Microsoft-Windows-CAPI2/Operational" 2>&1
|
|
Write-Host "IKEEXT PID: $pid"
|
|
Start-Sleep 2
|
|
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
Start-Sleep 2
|
|
|
|
Write-Host ""
|
|
Write-Host "--- CAPI2 events after VPN attempt (all SecurityUserID=S-1-5-18 / LocalSystem) ---"
|
|
wevtutil qe "Microsoft-Windows-CAPI2/Operational" /c:30 /rd:true /f:text 2>&1 |
|
|
Select-String -Pattern "EventID|ProcessID|Time|Result|Error|Policy|CertVerify|BuildChain|TRUST|Chain|revoc" |
|
|
ForEach-Object { Write-Host $_ }
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: ac216ecc-4aee-43bb-a3e8-9e053482ec1d
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/ac216ecc-4aee-43bb-a3e8-9e053482ec1d" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 8
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/ac216ecc-4aee-43bb-a3e8-9e053482ec1d" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: === IKEEXT event logs available ===
|
|
|
|
Microsoft-Windows-IKE/Operational
|
|
|
|
Microsoft-Windows-IKEDBG/Debug
|
|
|
|
Microsoft-Windows-IPSEC-SRV/Diagnostic
|
|
|
|
|
|
|
|
=== IKEEXT operational log events ===
|
|
|
|
|
|
|
|
=== IKEEXT service PID ===
|
|
|
|
PID: 9892
|
|
|
|
|
|
|
|
=== Enable CAPI2 + VPN test + CAPI2 events from IKEEXT PID ===
|
|
|
|
IKEEXT P ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== Enable IKE/IKEDBG logs ==="
|
|
wevtutil sl "Microsoft-Windows-IKE/Operational" /e:true 2>&1
|
|
wevtutil sl "Microsoft-Windows-IKEDBG/Debug" /e:true 2>&1
|
|
wevtutil cl "Microsoft-Windows-IKE/Operational" 2>&1
|
|
wevtutil cl "Microsoft-Windows-IKEDBG/Debug" 2>&1
|
|
Write-Host "Logs enabled and cleared"
|
|
|
|
Start-Sleep 2
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
Start-Sleep 2
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKE Operational events ==="
|
|
wevtutil qe "Microsoft-Windows-IKE/Operational" /c:20 /rd:true /f:text 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEDBG Debug events ==="
|
|
wevtutil qe "Microsoft-Windows-IKEDBG/Debug" /c:30 /rd:true /f:text 2>&1 | Select-Object -First 150
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IPSEC-SRV Diagnostic ==="
|
|
wevtutil sl "Microsoft-Windows-IPSEC-SRV/Diagnostic" /e:true 2>&1
|
|
wevtutil cl "Microsoft-Windows-IPSEC-SRV/Diagnostic" 2>&1
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
Start-Sleep 2
|
|
wevtutil qe "Microsoft-Windows-IPSEC-SRV/Diagnostic" /c:20 /rd:true /f:text 2>&1 | Select-Object -First 100
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 5ac90ce0-0faf-4e48-9e6e-1f8166d23724
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 8
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: bt6lsvpx1. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bt6lsvpx1.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 8
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: byiheuyqo. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\byiheuyqo.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr' 2>/dev/null | head -100
|
|
```
|
|
Output: running
|
|
|
|
null
|
|
|
|
null
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" -H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 10
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr' | head -200
|
|
```
|
|
Output: Execution error: Command timeout
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== IKE Operational events (after fresh VPN attempt) ==="
|
|
wevtutil sl "Microsoft-Windows-IKE/Operational" /e:true 2>&1
|
|
wevtutil cl "Microsoft-Windows-IKE/Operational" 2>&1
|
|
rasdial "Peaceful Spirit VPN" 2>&1
|
|
Start-Sleep 2
|
|
wevtutil qe "Microsoft-Windows-IKE/Operational" /c:20 /rd:true /f:text 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Recent Windows Updates (last 30 days) ==="
|
|
Get-HotFix | Where-Object { $_.InstalledOn -gt (Get-Date).AddDays(-60) } | Sort-Object InstalledOn | ForEach-Object {
|
|
Write-Host "KB:$($_.HotFixID) Type:$($_.Description) Installed:$($_.InstalledOn)"
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Certificate template and Application policies (detailed) ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "D067E07B4A670AF5C6DE27250EB533B06F28FD6A" }
|
|
Write-Host "HasPrivateKey: $($cert.HasPrivateKey)"
|
|
Write-Host "PrivateKeyExportable: unknown"
|
|
$cert.Extensions | ForEach-Object {
|
|
Write-Host "OID: $($_.Oid.Value) ($($_.Oid.FriendlyName))"
|
|
if ($_.Oid.Value -eq "2.5.29.37") {
|
|
$eku = [System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension]$_
|
|
$eku.EnhancedKeyUsages | ForEach-Object { Write-Host " EKU: $($_.Value) ($($_.FriendlyName))" }
|
|
}
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Check if RRAS/IKEEXT reads from different paths ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters" -ErrorAction SilentlyContinue
|
|
Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\RemoteAccess" -ErrorAction SilentlyContinue
|
|
Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\RemoteAccess\Client" -ErrorAction SilentlyContinue
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: fd209110-5f39-4c0b-a3d5-8ee751b4216c
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Check both: the new command and the previously completed IKE debug command
|
|
curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr' | head -60
|
|
|
|
echo "---NEW CMD---"
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/fd209110-5f39-4c0b-a3d5-8ee751b4216c" -H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 8
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/fd209110-5f39-4c0b-a3d5-8ee751b4216c" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: bc9af4wox. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bc9af4wox.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Check the timed-out IKE debug cmd for what completed
|
|
curl -s "http://172.16.3.30:3001/api/commands/5ac90ce0-0faf-4e48-9e6e-1f8166d23724" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status,exit_code,stdout_length: (.stdout|length),stderr_length: (.stderr|length)}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": -1,
|
|
|
|
"stdout_length": 0,
|
|
|
|
"stderr_length": 32
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
until STATUS=$(curl -s "http://172.16.3.30:3001/api/commands/fd209110-5f39-4c0b-a3d5-8ee751b4216c" -H "Authorization: Bearer $TOKEN" | jq -r '.status'); [ "$STATUS" = "completed" ] || [ "$STATUS" = "failed" ]; do
|
|
sleep 5
|
|
done
|
|
curl -s "http://172.16.3.30:3001/api/commands/fd209110-5f39-4c0b-a3d5-8ee751b4216c" -H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: bo59k3pmd. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bo59k3pmd.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
STATUS=""
|
|
ATTEMPTS=0
|
|
while [ "$STATUS" != "completed" ] && [ "$STATUS" != "failed" ] && [ $ATTEMPTS -lt 20 ]; do
|
|
RESPONSE=$(curl -s "http://172.16.3.30:3001/api/commands/fd209110-5f39-4c0b-a3d5-8ee751b4216c" -H "Authorization: Bearer $TOKEN")
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
ATTEMPTS=$((ATTEMPTS+1))
|
|
sleep 5
|
|
done
|
|
echo "Status: $STATUS after $ATTEMPTS attempts"
|
|
echo "$RESPONSE" | jq -r '.stdout,.stderr' | head -150
|
|
```
|
|
Output: Status: running after 20 attempts
|
|
null
|
|
|
|
null
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# Stop the slow Get-HotFix command and send a faster one
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== IKE Operational log ==="
|
|
wevtutil qe "Microsoft-Windows-IKE/Operational" /c:20 /rd:true /f:text 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Recent updates (fast method) ==="
|
|
(New-Object -ComObject Microsoft.Update.Session).CreateUpdateSearcher().GetTotalHistoryCount()
|
|
try {
|
|
$hist = (New-Object -ComObject Microsoft.Update.Session).CreateUpdateSearcher().QueryHistory(0,10)
|
|
$hist | ForEach-Object { Write-Host "$($_.Date) - $($_.Title)" }
|
|
} catch { Write-Host "WUA query failed: $_" }
|
|
|
|
Write-Host ""
|
|
Write-Host "=== HKLM IKEEXT Parameters ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters" -ErrorAction SilentlyContinue
|
|
Write-Host ""
|
|
Write-Host "=== RRAS client policies ==="
|
|
Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\RemoteAccess\Client" -ErrorAction SilentlyContinue
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Check KB5014754 / cert auth enforcement ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Kdc" -Name StrongCertificateBindingEnforcement -ErrorAction SilentlyContinue
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client" -ErrorAction SilentlyContinue | Select-Object * | Where-Object { $_ -notmatch "PSPath" }
|
|
|
|
Write-Host ""
|
|
Write-Host "=== SCHANNEL cert mapping ==="
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL" -ErrorAction SilentlyContinue | Select-Object * | Where-Object { $_ -notmatch "PSPath|PSParent|PSChild|PSDrive|PSProvider" }
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 694113c3-46b5-45d1-9aad-02af03fcac33
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
STATUS=""
|
|
ATTEMPTS=0
|
|
while [ "$STATUS" != "completed" ] && [ "$STATUS" != "failed" ] && [ $ATTEMPTS -lt 18 ]; do
|
|
RESPONSE=$(curl -s "http://172.16.3.30:3001/api/commands/694113c3-46b5-45d1-9aad-02af03fcac33" -H "Authorization: Bearer $TOKEN")
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
ATTEMPTS=$((ATTEMPTS+1))
|
|
sleep 6
|
|
done
|
|
echo "Status: $STATUS"
|
|
echo "$RESPONSE" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Status: running
|
|
null
|
|
|
|
null
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# Just read the IKE Operational log - simple and fast
|
|
CMD='wevtutil qe "Microsoft-Windows-IKE/Operational" /c:20 /rd:true /f:text 2>&1'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 624a80ef-a8d9-4a9e-9196-65e6e8ad3f0f
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
STATUS=""
|
|
while [ "$STATUS" != "completed" ] && [ "$STATUS" != "failed" ]; do
|
|
RESPONSE=$(curl -s "http://172.16.3.30:3001/api/commands/624a80ef-a8d9-4a9e-9196-65e6e8ad3f0f" -H "Authorization: Bearer $TOKEN")
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
sleep 5
|
|
done
|
|
echo "Status: $STATUS"
|
|
echo "$RESPONSE" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: bmuru4f4u. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bmuru4f4u.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Find PST-SERVER's agent ID
|
|
curl -s "http://172.16.3.30:3001/api/agents" -H "Authorization: Bearer $TOKEN" | jq -r '.[] | "\(.id) \(.hostname)"' | grep -i "PST\|pst\|peaceful\|spirit" | head -5
|
|
```
|
|
Output: 6b6106a7-8515-4b6b-857d-0dc6ede53f35 PST-SERVER
|
|
4a993b61-59b3-42f4-bdb5-d4362941f7d6 PST-SURFACE
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# Get IKE log results from background task
|
|
curl -s "http://172.16.3.30:3001/api/commands/fd209110-5f39-4c0b-a3d5-8ee751b4216c" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout' | head -80
|
|
```
|
|
Output: failed
|
|
|
|
null
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Get PST-SERVER's VPN cert SAN
|
|
CMD='$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "DB71981ABE4CBA1DE96FEEEAF178F6259663B543" }; if (!$cert) { Write-Host "Cert not found, listing all:"; Get-ChildItem Cert:\LocalMachine\My | ForEach-Object { Write-Host "$($_.Thumbprint) $($_.Subject)" }; exit }; Write-Host "Subject: $($_.Subject)"; certutil -dump "$env:TEMP\pstcert.cer" 2>&1; $cert | Export-Certificate -FilePath "$env:TEMP\pstcert.cer" -Type CERT; certutil -dump "$env:TEMP\pstcert.cer" | Select-String "Subject|SAN|Alternative|Extension|EKU|Enhanced"'
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: b371a326-f3b8-489d-a8b8-1d40f5b9f6ec
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
# In parallel, send the MaraHomeNew IKE log command again (simple, just wevtutil)
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
CMD2='wevtutil qe "Microsoft-Windows-IKE/Operational" /c:10 /rd:true /f:text 2>&1'
|
|
CMD2_ID=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD2" | jq -Rs .)}" | jq -r '.command_id')
|
|
echo "IKE log cmd: $CMD2_ID"
|
|
|
|
# Wait for PST cert dump
|
|
sleep 20
|
|
curl -s "http://172.16.3.30:3001/api/commands/b371a326-f3b8-489d-a8b8-1d40f5b9f6ec" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr' | head -60
|
|
echo ""
|
|
echo "=== IKE log from MaraHomeNew ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD2_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: IKE log cmd: c8642a67-194f-4254-8946-b845a4e06212
|
|
completed
|
|
|
|
Subject:
|
|
|
|
CertUtil: -dump command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)
|
|
|
|
|
|
CertUtil: The system cannot find the file specified.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Directory: C:\Windows\TEMP
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Mode LastWriteTime Length Na ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# Get full PST cert dump
|
|
CMD1='certutil -dump "$env:TEMP\pstcert.cer" 2>&1 | Select-Object -First 120'
|
|
ID1=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD1" | jq -Rs .)}" | jq -r '.command_id')
|
|
|
|
echo "PST cert cmd: $ID1"
|
|
|
|
sleep 15
|
|
curl -s "http://172.16.3.30:3001/api/commands/$ID1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: PST cert cmd: b374057b-24c4-42df-b1b0-5321ecd885c0
|
|
completed
|
|
|
|
X509 Certificate:
|
|
|
|
|
|
Version: 3
|
|
|
|
|
|
Serial Number: 520000003e737d7bebf88e852100000000003e
|
|
|
|
|
|
Signature Algorithm:
|
|
|
|
|
|
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
|
|
|
|
|
|
Algorithm Parameters:
|
|
|
|
|
|
05 00
|
|
|
|
|
|
Issuer:
|
|
|
|
|
|
CN=PEACEFULSPI ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== RRAS event log (last hour) ==="
|
|
wevtutil qe "System" /c:50 /rd:true /f:text 2>&1 |
|
|
Where-Object { $_ -match "RemoteAccess|RRAS|RasMan|IKE|VPN|25[0-9][0-9]" } |
|
|
Select-Object -First 60
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKE Operational log (PST-SERVER side) ==="
|
|
wevtutil sl "Microsoft-Windows-IKE/Operational" /e:true 2>&1
|
|
wevtutil cl "Microsoft-Windows-IKE/Operational" 2>&1
|
|
Write-Host "Ready. Waiting for client VPN attempt..."
|
|
Start-Sleep 5
|
|
Write-Host "Checking IKE events now..."
|
|
wevtutil qe "Microsoft-Windows-IKE/Operational" /c:10 /rd:true /f:text 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== RRAS connection log (last entries) ==="
|
|
if (Test-Path "C:\Windows\tracing\ppp.log") {
|
|
Get-Content "C:\Windows\tracing\ppp.log" | Select-Object -Last 30
|
|
} else {
|
|
Write-Host "No ppp.log"
|
|
}
|
|
|
|
if (Test-Path "C:\Windows\tracing\RASIPHLP.LOG") {
|
|
Get-Content "C:\Windows\tracing\RASIPHLP.LOG" | Select-Object -Last 20
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host "=== IKEEXT recent (System log) ==="
|
|
Get-WinEvent -LogName System -MaxEvents 100 -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.TimeCreated -gt (Get-Date).AddHours(-2) -and ($_.ProviderName -match "IKE|RemoteAccess|RRAS|Ras") } |
|
|
ForEach-Object { Write-Host "ID:$($_.Id) Source:$($_.ProviderName) $($_.Message.Substring(0,[Math]::Min(200,$_.Message.Length)))" }
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: Command was manually backgrounded by user with ID: bzp8zz8vb. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bzp8zz8vb.output
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
curl -s "http://172.16.3.30:3001/api/commands/0678adb3-4faa-4265-9f90-1ddf8c54c580" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: completed
|
|
|
|
=== RRAS event log (last hour) ===
|
|
|
|
|
|
|
|
=== IKE Operational log (PST-SERVER side) ===
|
|
|
|
Ready. Waiting for client VPN attempt...
|
|
|
|
Checking IKE events now...
|
|
|
|
|
|
|
|
=== RRAS connection log (last entries) ===
|
|
|
|
No ppp.log
|
|
|
|
|
|
|
|
=== IKEEXT recent (System log) ===
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== Pre-populating LocalSystem CRL cache ==="
|
|
# Create scheduled task that runs certutil as SYSTEM to download CRL
|
|
schtasks /create /tn "VPN-CRL-Cache" /tr "certutil -f -syncWithWU" /sc once /sd 01/01/2099 /st 00:00 /ru SYSTEM /f 2>&1
|
|
|
|
# Better: run certutil -verify as SYSTEM to fetch and cache the CRL
|
|
schtasks /create /tn "VPN-CRL-Fetch" /tr "certutil -verify -urlfetch C:\Temp\marahome.cer" /sc once /sd 01/01/2099 /st 00:00 /ru SYSTEM /f 2>&1
|
|
schtasks /run /tn "VPN-CRL-Fetch" 2>&1
|
|
Write-Host "Waiting 15s for SYSTEM certutil to run..."
|
|
Start-Sleep 15
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Testing VPN after SYSTEM CRL pre-population ==="
|
|
Restart-Service RasMan -Force 2>&1
|
|
Start-Sleep 3
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host $result
|
|
Write-Host "Exit: $LASTEXITCODE"
|
|
|
|
# Cleanup
|
|
schtasks /delete /tn "VPN-CRL-Fetch" /f 2>&1
|
|
schtasks /delete /tn "VPN-CRL-Cache" /f 2>&1
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: EPERM: operation not permitted, uv_spawn 'C:\Program Files\Git\bin\bash.exe'
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
Write-Host "=== Pre-populating LocalSystem CRL cache ==="
|
|
schtasks /create /tn "VPN-CRL-Fetch" /tr "certutil -verify -urlfetch C:\Temp\marahome.cer" /sc once /sd 01/01/2099 /st 00:00 /ru SYSTEM /f 2>&1
|
|
schtasks /run /tn "VPN-CRL-Fetch" 2>&1
|
|
Write-Host "Waiting 15s for SYSTEM certutil to run..."
|
|
Start-Sleep 15
|
|
Write-Host "=== Testing VPN after SYSTEM CRL pre-population ==="
|
|
Restart-Service RasMan -Force 2>&1
|
|
Start-Sleep 3
|
|
$result = rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Host $result
|
|
Write-Host "Exit: $LASTEXITCODE"
|
|
schtasks /delete /tn "VPN-CRL-Fetch" /f 2>&1
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 8dad9802-9d55-473c-8c94-284da62ca61c
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
STATUS=""
|
|
while [ "$STATUS" != "completed" ] && [ "$STATUS" != "failed" ]; do
|
|
RESPONSE=$(curl -s "http://172.16.3.30:3001/api/commands/8dad9802-9d55-473c-8c94-284da62ca61c" -H "Authorization: Bearer $TOKEN")
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
sleep 6
|
|
done
|
|
echo "Status: $STATUS"
|
|
echo "$RESPONSE" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Status: completed
|
|
=== Pre-populating LocalSystem CRL cache ===
|
|
|
|
SUCCESS: The scheduled task "VPN-CRL-Fetch" has successfully been created.
|
|
|
|
|
|
SUCCESS: Attempted to run the scheduled task "VPN-CRL-Fetch".
|
|
|
|
|
|
Waiting 15s for SYSTEM certutil to run...
|
|
|
|
=== Testing VPN after SYSTEM CRL pre-population === ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
# Test private key accessibility as SYSTEM
|
|
$testScript = @'
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "D067E07B4A670AF5C6DE27250EB533B06F28FD6A" }
|
|
if (!$cert) { Write-Output "CERT NOT FOUND AS SYSTEM"; exit 1 }
|
|
Write-Output "Cert found as SYSTEM: $($cert.Subject)"
|
|
try {
|
|
$pk = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
|
|
if ($pk) {
|
|
$data = [System.Text.Encoding]::UTF8.GetBytes("test")
|
|
$sig = $pk.SignData($data, [System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.RSASignaturePadding]::Pkcs1)
|
|
Write-Output "PRIVATE KEY ACCESSIBLE AND WORKING as SYSTEM. Sig length: $($sig.Length)"
|
|
} else {
|
|
Write-Output "NO PRIVATE KEY FOUND as SYSTEM"
|
|
}
|
|
} catch {
|
|
Write-Output "PRIVATE KEY ERROR as SYSTEM: $_"
|
|
}
|
|
# Check key container info
|
|
$cert.PrivateKey
|
|
Write-Output "HasPrivateKey: $($cert.HasPrivateKey)"
|
|
'@
|
|
$testScript | Out-File -FilePath "C:\Temp\test_pk.ps1" -Encoding UTF8
|
|
|
|
schtasks /create /tn "VPN-PK-Test" /tr "powershell.exe -ExecutionPolicy Bypass -File C:\Temp\test_pk.ps1 > C:\Temp\pk_result.txt 2>&1" /sc once /sd 01/01/2099 /st 00:00 /ru SYSTEM /f 2>&1
|
|
schtasks /run /tn "VPN-PK-Test" 2>&1
|
|
Write-Host "Waiting 10s for SYSTEM task..."
|
|
Start-Sleep 10
|
|
Get-Content "C:\Temp\pk_result.txt" 2>&1
|
|
schtasks /delete /tn "VPN-PK-Test" /f 2>&1
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Private key file ACLs ==="
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "D067E07B4A670AF5C6DE27250EB533B06F28FD6A" }
|
|
$csp = $cert.PrivateKey
|
|
if ($csp) {
|
|
Write-Host "Legacy CSP: $($csp.CspKeyContainerInfo.ProviderName)"
|
|
Write-Host "Container: $($csp.CspKeyContainerInfo.KeyContainerName)"
|
|
$keyFile = Join-Path $env:ProgramData "Microsoft\Crypto\RSA\MachineKeys\$($csp.CspKeyContainerInfo.UniqueKeyContainerName)"
|
|
if (Test-Path $keyFile) {
|
|
(Get-Acl $keyFile).Access | ForEach-Object { Write-Host "$($_.IdentityReference) - $($_.AccessControlType) - $($_.FileSystemRights)" }
|
|
}
|
|
}
|
|
# For CNG keys
|
|
try {
|
|
$pk = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
|
|
if ($pk.GetType().Name -eq "RSACng") {
|
|
Write-Host "CNG key name: $($pk.Key.UniqueName)"
|
|
$keyPath = Join-Path $env:ProgramData "Microsoft\Crypto\Keys\$($pk.Key.UniqueName)"
|
|
if (Test-Path $keyPath) {
|
|
(Get-Acl $keyPath).Access | ForEach-Object { Write-Host "$($_.IdentityReference) - $($_.AccessControlType) - $($_.FileSystemRights)" }
|
|
} else { Write-Host "CNG key path not found at $keyPath" }
|
|
}
|
|
} catch { Write-Host "CNG check failed: $_" }
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: bf861e27-4581-4310-b959-a4814a61558d
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
STATUS=""
|
|
while [ "$STATUS" != "completed" ] && [ "$STATUS" != "failed" ]; do
|
|
RESPONSE=$(curl -s "http://172.16.3.30:3001/api/commands/bf861e27-4581-4310-b959-a4814a61558d" -H "Authorization: Bearer $TOKEN")
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
sleep 6
|
|
done
|
|
echo "$RESPONSE" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: SUCCESS: The scheduled task "VPN-PK-Test" has successfully been created.
|
|
|
|
|
|
SUCCESS: Attempted to run the scheduled task "VPN-PK-Test".
|
|
|
|
|
|
Waiting 10s for SYSTEM task...
|
|
|
|
SUCCESS: The scheduled task "VPN-PK-Test" was successfully deleted.
|
|
|
|
|
|
|
|
|
|
=== Private key file ACLs ===
|
|
|
|
Legacy CSP: Microsoft RSA SC ... [truncated]
|
|
|
|
```
|
|
VAULT="D:/vault/.claude/scripts/vault.sh"
|
|
bash "$VAULT" search "peaceful spirit" 2>/dev/null | head -20
|
|
bash "$VAULT" search "UCG" 2>/dev/null | head -10
|
|
bash "$VAULT" search "unifi" 2>/dev/null | head -10
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
VAULT="D:/vault/.claude/scripts/vault.sh"
|
|
bash "$VAULT" list 2>/dev/null | grep -i "peaceful\|pst\|spirit\|ucg\|unifi"
|
|
echo "---"
|
|
bash "$VAULT" list 2>/dev/null | grep -i "client\|mara"
|
|
```
|
|
Output: ---
|
|
|
|
```
|
|
VAULT="D:/vault/.claude/scripts/vault.sh"
|
|
bash "$VAULT" list 2>/dev/null | head -40
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" get "peaceful-spirit/vpn" 2>/dev/null
|
|
echo "---"
|
|
bash "$VAULT" get "peaceful-spirit/server" 2>/dev/null
|
|
```
|
|
Output: Exit code 1
|
|
---
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" get-field "peaceful-spirit/vpn" 2>/dev/null || true
|
|
# Try different syntax
|
|
cat D:/vault/peaceful-spirit/vpn.sops.yaml 2>/dev/null | head -5
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
cat D:/claudetools/.claude/scripts/vault.sh | head -30
|
|
```
|
|
Output: #!/usr/bin/env bash
|
|
# vault.sh — ClaudeTools wrapper for the SOPS vault.
|
|
#
|
|
# Reads vault_path from .claude/identity.json (per-machine, gitignored).
|
|
# Delegates all arguments to the real vault.sh in that directory.
|
|
#
|
|
# Usage (from any directory):
|
|
# bash "$(git -C "$(dirname "${BASH_SOURCE[0]}")" re ... [truncated]
|
|
|
|
```
|
|
bash D:/claudetools/.claude/scripts/vault.sh get "peaceful-spirit/vpn" 2>&1 | head -20
|
|
```
|
|
Output: [ERROR] File not found: /d/vault/peaceful-spirit/vpn
|
|
|
|
```
|
|
bash D:/claudetools/.claude/scripts/vault.sh get "peaceful-spirit/vpn.sops.yaml" 2>&1 | head -30
|
|
```
|
|
Output: [ERROR] File not found: /d/vault/peaceful-spirit/vpn.sops.yaml
|
|
|
|
```
|
|
ls C:/Users/guru/.ssh/ 2>/dev/null | grep -i pst
|
|
ls D:/vault/ssh-keys/ 2>/dev/null | grep -i pst
|
|
```
|
|
Output: pst-cc-ucg
|
|
pst-cc-ucg.pub
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Try to reach the UCG from PST-SERVER and check port forwards
|
|
CMD='Write-Host "=== Gateway/router ==="
|
|
(Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.DefaultIPGateway }).DefaultIPGateway
|
|
Write-Host ""
|
|
Write-Host "=== IKE listening ports on PST-SERVER ==="
|
|
netstat -an | Where-Object { $_ -match ":500\b|:4500\b" }
|
|
Write-Host ""
|
|
Write-Host "=== RRAS IKEv2 service ==="
|
|
Get-Service RemoteAccess,RasMan,IKEEXT | Select-Object Name,Status'
|
|
|
|
CMD_ID=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id')
|
|
echo "CMD: $CMD_ID"
|
|
sleep 12
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
```
|
|
Output: CMD: 0455daf5-20e5-4906-94d2-fb3ac73c9fa8
|
|
completed
|
|
|
|
=== Gateway/router ===
|
|
|
|
192.168.0.10
|
|
|
|
|
|
|
|
|
|
=== IKE listening ports on PST-SERVER ===
|
|
|
|
UDP 0.0.0.0:500 *:*
|
|
|
|
|
|
UDP 0.0.0.0:4500 *:*
|
|
|
|
|
|
UDP [::]:500 *:* ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# Parallel: check UCG port forwards from PST-SERVER, and trigger VPN from MaraHomeNew while PST IKE log is listening
|
|
|
|
# PST-SERVER: clear IKE log, check UCG forwards
|
|
CMD_PST=$(cat <<'PWSH'
|
|
Write-Host "=== SSH to UCG for port forward check ==="
|
|
$sshResult = & "C:\OpenSSH\ssh.exe" -o StrictHostKeyChecking=no -o ConnectTimeout=10 `
|
|
-i "C:\OpenSSH\pst-cc-ucg" `
|
|
"root@192.168.0.10" `
|
|
"iptables -t nat -L PREROUTING -n --line-numbers 2>/dev/null || ip6tables -t nat -L PREROUTING -n 2>/dev/null" 2>&1
|
|
if (!$sshResult) {
|
|
# Try with password (sshpass equivalent - doesn't work on Windows natively, try other approaches)
|
|
Write-Host "SSH with key failed, trying direct..."
|
|
Write-Host "UCG gateway confirmed at: 192.168.0.10"
|
|
}
|
|
Write-Host $sshResult
|
|
|
|
Write-Host ""
|
|
Write-Host "=== Clear IKE log and watch for MaraHomeNew connection ==="
|
|
wevtutil sl "Microsoft-Windows-IKE/Operational" /e:true 2>&1
|
|
wevtutil cl "Microsoft-Windows-IKE/Operational" 2>&1
|
|
Write-Host "IKE log cleared - ready for client connection"
|
|
Start-Sleep 20
|
|
Write-Host "--- IKE events captured ---"
|
|
wevtutil qe "Microsoft-Windows-IKE/Operational" /c:20 /rd:true /f:text 2>&1
|
|
PWSH
|
|
)
|
|
PST_CMD_ID=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD_PST" | jq -Rs .)}" | jq -r '.command_id')
|
|
echo "PST cmd: $PST_CMD_ID"
|
|
|
|
# Wait a moment then trigger VPN from MaraHomeNew
|
|
sleep 5
|
|
CMD_MARA='rasdial "Peaceful Spirit VPN" 2>&1; Write-Host "Exit: $LASTEXITCODE"'
|
|
MARA_CMD_ID=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD_MARA" | jq -Rs .)}" | jq -r '.command_id')
|
|
echo "Mara VPN trigger: $MARA_CMD_ID"
|
|
```
|
|
Output: PST cmd: d8ebfd2f-ba74-4a39-b641-5254e5089d0e
|
|
Mara VPN trigger: f0c2e9f2-814b-47ab-b932-d8599560dcd5
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
# Wait for both commands
|
|
sleep 30
|
|
|
|
# Check Mara VPN result first
|
|
echo "=== MaraHomeNew VPN result ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/f0c2e9f2-814b-47ab-b932-d8599560dcd5" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr'
|
|
|
|
echo ""
|
|
echo "=== PST-SERVER IKE log ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/d8ebfd2f-ba74-4a39-b641-5254e5089d0e" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.status,.stdout,.stderr' | head -80
|
|
```
|
|
Output: === MaraHomeNew VPN result ===
|
|
completed
|
|
|
|
Connecting to Peaceful Spirit VPN...
|
|
|
|
Verifying username and password...Policy match error Exit: 13868
|
|
|
|
|
|
|
|
|
|
|
|
|
|
=== PST-SERVER IKE log ===
|
|
running
|
|
|
|
null
|
|
|
|
null
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
STATUS=""
|
|
while [ "$STATUS" != "completed" ] && [ "$STATUS" != "failed" ]; do
|
|
RESPONSE=$(curl -s "http://172.16.3.30:3001/api/commands/d8ebfd2f-ba74-4a39-b641-5254e5089d0e" -H "Authorization: Bearer $TOKEN")
|
|
STATUS=$(echo "$RESPONSE" | jq -r '.status')
|
|
sleep 5
|
|
done
|
|
echo "$RESPONSE" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: Command running in background with ID: bvlulhyox. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bvlulhyox.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
# Try SSH to PST-SERVER via WAN IP
|
|
"C:\Windows\System32\OpenSSH\ssh.exe" -o StrictHostKeyChecking=no -o ConnectTimeout=10 \
|
|
-i "C:/Users/guru/.ssh/pst-cc-ucg" \
|
|
-o "ServerAliveInterval=5" \
|
|
"sysadmin@98.190.129.150" \
|
|
"netstat -an | findstr :500 && echo VPN_PORT_OK" 2>&1 | head -20
|
|
```
|
|
Output: ssh: connect to host 98.190.129.150 port 22: Connection timed out
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST http://172.16.3.30:3001/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"admin@azcomputerguru.com","password":"GuruRMM2025"}' | jq -r '.token')
|
|
AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
CMD=$(cat <<'PWSH'
|
|
# Generate a CSR for a new machine cert with IP Security IKE Intermediate EKU
|
|
$inf = @"
|
|
[Version]
|
|
Signature="`$Windows NT`$"
|
|
|
|
[NewRequest]
|
|
Subject = "CN=MaraHomeNew.PEACEFULSPIRIT.local"
|
|
KeySpec = 1
|
|
KeyLength = 2048
|
|
Exportable = FALSE
|
|
MachineKeySet = TRUE
|
|
SMIME = FALSE
|
|
PrivateKeyArchive = FALSE
|
|
UserProtected = FALSE
|
|
UseExistingKeySet = FALSE
|
|
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
|
|
ProviderType = 12
|
|
RequestType = PKCS10
|
|
KeyUsage = 0xa0
|
|
HashAlgorithm = SHA256
|
|
|
|
[EnhancedKeyUsageExtension]
|
|
OID=1.3.6.1.5.5.7.3.2 ; Client Authentication
|
|
OID=1.3.6.1.5.5.7.3.1 ; Server Authentication
|
|
OID=1.3.6.1.5.5.8.2.2 ; IP Security IKE Intermediate
|
|
|
|
[Extensions]
|
|
2.5.29.17 = "{text}dns=MaraHomeNew.PEACEFULSPIRIT.local"
|
|
"@
|
|
|
|
$inf | Out-File -FilePath "C:\Temp\marahomenew_vpn.inf" -Encoding ASCII
|
|
Write-Host "=== Generating CSR ==="
|
|
certreq -new -machine "C:\Temp\marahomenew_vpn.inf" "C:\Temp\marahomenew_vpn.csr" 2>&1
|
|
if (Test-Path "C:\Temp\marahomenew_vpn.csr") {
|
|
Write-Host "CSR generated successfully"
|
|
Write-Host "=== CSR content ==="
|
|
Get-Content "C:\Temp\marahomenew_vpn.csr"
|
|
} else {
|
|
Write-Host "[ERROR] CSR generation failed"
|
|
}
|
|
PWSH
|
|
)
|
|
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"command_type\":\"powershell\",\"command\":$(echo "$CMD" | jq -Rs .)}" | jq -r '.command_id'
|
|
```
|
|
Output: 021e4389-a03d-4a56-b97e-6c05b66d1c4c
|
|
|
|
```
|
|
curl -s "http://172.16.3.30:3001/api/agents" -H "Content-Type: application/json" | jq '.[] | select(.hostname == "MaraHomeNew") | {id, hostname, status, last_seen}'
|
|
```
|
|
Output: Exit code 5
|
|
jq: parse error: Invalid numeric literal at line 1, column 8
|
|
|
|
```
|
|
curl -s "http://172.16.3.30:3001/api/agents" 2>&1 | head -c 500
|
|
```
|
|
Output: Missing authorization header
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" get-field projects/gururmm/api.sops.yaml credentials.token 2>&1 || bash "$VAULT" search "gururmm api" 2>&1 | head -20
|
|
```
|
|
Output: [ERROR] File not found: /d/vault/projects/gururmm/api.sops.yaml
|
|
projects/gururmm/api-server.sops.yaml:name: GuruRMM API Server
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" get-field projects/gururmm/api-server.sops.yaml credentials.token 2>&1
|
|
```
|
|
Output: null
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" get "projects/gururmm/api-server.sops.yaml" 2>&1 | head -20
|
|
```
|
|
Output: kind: api-key
|
|
name: GuruRMM API Server
|
|
external-url: https://rmm-api.azcomputerguru.com
|
|
internal-url: http://172.16.3.30:3001
|
|
status: active
|
|
tags:
|
|
- gururmm
|
|
- project
|
|
credentials:
|
|
credential: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
|
|
credential_encryption_key: 6d38f7d3cec9d62998e3 ... [truncated]
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" search "gururmm admin" 2>&1 | head -20
|
|
```
|
|
Output: No matches found for: gururmm admin
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" list 2>&1 | grep -i "rmm\|guru"
|
|
```
|
|
Output: clients/birthbiologic/gururmm-site-main.sops.yaml
|
|
clients/cascades-tucson/gururmm-site-main.sops.yaml
|
|
clients/imc/gururmm-site-main.sops.yaml
|
|
clients/kittle/gururmm-site-main.sops.yaml
|
|
clients/stamback-septic/gururmm-site-main.sops.yaml
|
|
infrastructure/guru-beast-rog-local.sops.yaml
|
|
infrastructure/gu ... [truncated]
|
|
|
|
```
|
|
VAULT="D:/claudetools/.claude/scripts/vault.sh"
|
|
bash "$VAULT" get "infrastructure/gururmm-server.sops.yaml" 2>&1
|
|
```
|
|
Output: kind: server
|
|
name: GuruRMM Server
|
|
host: 172.16.3.30
|
|
port: 22
|
|
hostname: gururmm / gururmm-build
|
|
status: active
|
|
tags:
|
|
- infrastructure
|
|
credentials:
|
|
username: guru
|
|
password: Gptf*77ttb123!@#-rmm
|
|
databases:
|
|
mariadb-database: claudetools
|
|
mariadb-user: claudetools
|
|
m ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
echo "Token: ${TOKEN:0:40}..."
|
|
# Find MaraHomeNew agent
|
|
curl -s "http://172.16.3.30:3001/api/agents" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '.[] | select(.hostname == "MaraHomeNew") | {id, hostname, status, last_seen}' 2>/dev/null || \
|
|
curl -s "http://172.16.3.30:3001/api/agents" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '.[0:3]' 2>/dev/null | head -30
|
|
```
|
|
Output: Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ...
|
|
{
|
|
|
|
"id": "c778b6a3-c646-4454-a065-8c8bdcb1578e",
|
|
|
|
"hostname": "MaraHomeNew",
|
|
|
|
"status": "online",
|
|
|
|
"last_seen": "2026-05-22T19:42:13.538662Z"
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
# Check recent command results
|
|
curl -s "http://172.16.3.30:3001/api/agents/$AGENT_ID/commands?limit=5" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '.[] | {id, command: .command[0:60], status, created_at, output: .output[0:200]}' 2>/dev/null | head -60
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
curl -s "http://172.16.3.30:3001/api/agents/$AGENT_ID/commands" \
|
|
-H "Authorization: Bearer $TOKEN" 2>&1 | head -200
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
# Try different endpoint formats
|
|
curl -v "http://172.16.3.30:3001/api/agents/$AGENT_ID" \
|
|
-H "Authorization: Bearer $TOKEN" 2>&1 | tail -20
|
|
```
|
|
Output: * using HTTP/1.x
|
|
|
|
> GET /api/agents/c778b6a3-c646-4454-a065-8c8bdcb1578e HTTP/1.1
|
|
|
|
|
|
> Host: 172.16.3.30:3001
|
|
|
|
|
|
> User-Agent: curl/8.18.0
|
|
|
|
|
|
> Accept: */*
|
|
|
|
|
|
> Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI0ZDc1NGYzNi0wNzYzLTRmMzUtOWFhMi0wYjk4YmJjZGIzMDkiLCJyb2xlIjoiYWRtaW4iLCJv ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
# Check CSR file exists
|
|
curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT_ID/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"command":"powershell -NonInteractive -Command \"if (Test-Path C:\\\\Temp\\\\marahomenew_vpn.csr) { Get-Content C:\\\\Temp\\\\marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }\""}' | jq -r '.'
|
|
```
|
|
Output: Exit code 5
|
|
jq: parse error: Invalid numeric literal at line 1, column 7
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT_ID/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"command":"powershell -NonInteractive -Command \"if (Test-Path C:\\\\Temp\\\\marahomenew_vpn.csr) { Get-Content C:\\\\Temp\\\\marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }\""}')
|
|
echo "$RESULT" | head -c 1000
|
|
```
|
|
Output: Failed to deserialize the JSON body into the target type: missing field `command_type` at line 1 column 179
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT_ID/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"command_type":"powershell","command":"if (Test-Path C:\\Temp\\marahomenew_vpn.csr) { Get-Content C:\\Temp\\marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }"}')
|
|
echo "$RESULT"
|
|
```
|
|
Output: Failed to parse the request body as JSON: command: invalid escape at line 1 column 58
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
PAYLOAD=$(jq -n '{
|
|
command_type: "powershell",
|
|
command: "if (Test-Path C:\\Temp\\marahomenew_vpn.csr) { Get-Content C:\\Temp\\marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }"
|
|
}')
|
|
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT_ID/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
echo "$RESULT"
|
|
```
|
|
Output: jq: error: Invalid escape at line 1, column 4 (while parsing '"\T"') at <top-level>, line 3, column 29:
|
|
|
|
command: "if (Test-Path C:\Temp\marahomenew_vpn.csr) { Get-Content C:\Temp\marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }"
|
|
|
|
^^
|
|
|
|
jq: error: Invalid ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT_ID/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
--data-raw '{"command_type":"powershell","command":"if (Test-Path C:\\Temp\\marahomenew_vpn.csr) { Get-Content C:\\Temp\\marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }"}')
|
|
echo "$RESULT"
|
|
```
|
|
Output: Failed to parse the request body as JSON: command: invalid escape at line 1 column 58
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
AGENT_ID="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# Use forward slashes instead
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$AGENT_ID/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
--data-raw '{"command_type":"powershell","command":"if (Test-Path C:/Temp/marahomenew_vpn.csr) { Get-Content C:/Temp/marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }"}')
|
|
echo "$RESULT"
|
|
```
|
|
Output: {"command_id":"2937b3eb-b2a9-4ae9-a8ea-5eb78e24197c","status":"running","message":"Command sent to agent"}
|
|
|
|
```
|
|
sleep 8
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/2937b3eb-b2a9-4ae9-a8ea-5eb78e24197c" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, output, error}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"output": null,
|
|
|
|
"error": null
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/2937b3eb-b2a9-4ae9-a8ea-5eb78e24197c" \
|
|
-H "Authorization: Bearer $TOKEN"
|
|
```
|
|
Output: {"id":"2937b3eb-b2a9-4ae9-a8ea-5eb78e24197c","agent_id":"c778b6a3-c646-4454-a065-8c8bdcb1578e","command_type":"powershell","command_text":"if (Test-Path C:/Temp/marahomenew_vpn.csr) { Get-Content C:/Temp/marahomenew_vpn.csr } else { Write-Output NO_CSR_FOUND }","status":"completed","exit_code":0,"st ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/agents" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '.[] | {hostname, status, os_type, last_seen}' 2>/dev/null
|
|
```
|
|
Output: {
|
|
|
|
"hostname": "ACG-DC16",
|
|
|
|
"status": "online",
|
|
|
|
"os_type": "windows",
|
|
|
|
"last_seen": "2026-05-22T19:45:13.063898Z"
|
|
|
|
}
|
|
|
|
{
|
|
|
|
"hostname": "NEPTUNE",
|
|
|
|
"status": "online",
|
|
|
|
"os_type": "windows",
|
|
|
|
"last_seen": "2026-05-22T19:45:10.721936Z"
|
|
|
|
}
|
|
|
|
{
|
|
|
|
"hostname": "ix.azcomputerguru.com",
|
|
|
|
"s ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/agents" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.[] | select(.hostname == "PST-SERVER") | .id'
|
|
```
|
|
Output: 6b6106a7-8515-4b6b-857d-0dc6ede53f35
|
|
|
|
```
|
|
CSR_B64=$(base64 -w0 /tmp/marahomenew_vpn.csr)
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Build command that decodes CSR, writes to file, submits to CA
|
|
PS_CMD='$b64="'"$CSR_B64"'"; $csrBytes=[System.Convert]::FromBase64String($b64); $csrContent=[System.Text.Encoding]::UTF8.GetString($csrBytes); if(!(Test-Path C:\Temp)){New-Item -ItemType Directory -Path C:\Temp | Out-Null}; Set-Content -Path "C:\Temp\marahomenew_vpn.csr" -Value $csrContent; certreq -f -q -submit -config "PST-SERVER\PEACEFULSPIRIT-PST-SERVER-CA" "C:\Temp\marahomenew_vpn.csr" "C:\Temp\marahomenew_vpn.cer" 2>&1'
|
|
|
|
PAYLOAD=$(python3 -c "import json,sys; cmd=sys.argv[1]; print(json.dumps({'command_type':'powershell','command':cmd}))" "$PS_CMD")
|
|
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
echo "$RESULT"
|
|
```
|
|
Output: /usr/bin/bash: line 27: python3: command not found
|
|
Failed to parse the request body as JSON: EOF while parsing a value at line 1 column 0
|
|
|
|
```
|
|
CSR_B64=$(base64 -w0 /tmp/marahomenew_vpn.csr)
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Use py (Windows Python from WSL/bash context) or build JSON with jq
|
|
# Build the PS command as a single line using jq for safe JSON encoding
|
|
PS_CMD="\$b64='${CSR_B64}'; \$csrBytes=[System.Convert]::FromBase64String(\$b64); \$csrContent=[System.Text.Encoding]::UTF8.GetString(\$csrBytes); if(!(Test-Path 'C:/Temp')){New-Item -ItemType Directory -Path 'C:/Temp' | Out-Null}; Set-Content -Path 'C:/Temp/marahomenew_vpn.csr' -Value \$csrContent -NoNewline; certreq -f -q -submit -config 'PST-SERVER\\PEACEFULSPIRIT-PST-SERVER-CA' 'C:/Temp/marahomenew_vpn.csr' 'C:/Temp/marahomenew_vpn.cer' 2>&1"
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
echo "Payload size: ${#PAYLOAD}"
|
|
echo "Sending..."
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
echo "$RESULT"
|
|
```
|
|
Output: Payload size: 2439
|
|
Sending...
|
|
{"command_id":"7e2c81e8-6bd3-4c0a-aab2-e33df739a250","status":"running","message":"Command sent to agent"}
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/7e2c81e8-6bd3-4c0a-aab2-e33df739a250" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "RequestId: 69\r\nRequestId: \"69\"\r\nCertificate not issued (Denied) Denied by Policy Module 0x80094801, The request does not contain a certificate template extension or the CertificateTemplate request attribute.\r\r\n The request contains ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
PS_CMD='certutil -getconfig 2>&1; Write-Output "---CATYPE---"; (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration" -ErrorAction SilentlyContinue); Write-Output "---TEMPLATES---"; certutil -template 2>&1 | Select-String "Name\|Template" | head -40'
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "Command ID: $CMD_ID"
|
|
```
|
|
Output: Command ID: 3aeb14bd-62b3-499d-be93-4d36ea533654
|
|
|
|
```
|
|
sleep 15
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/3aeb14bd-62b3-499d-be93-4d36ea533654" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -80
|
|
```
|
|
Output: Config String: "PST-SERVER.PEACEFULSPIRIT.local\PEACEFULSPIRIT-PST-SERVER-CA"
|
|
|
|
|
|
CertUtil: -getconfig command completed successfully.
|
|
|
|
|
|
---CATYPE---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Active : PEACEFULSPIRIT-PST-SERVER-CA
|
|
|
|
|
|
DBDirectory : C:\Windows\system32\CertLog
|
|
|
|
|
|
DBLogDirectory : C:\Windows\system32\Cer ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Get CA type and policy module info
|
|
PS_CMD='$caReg = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\PEACEFULSPIRIT-PST-SERVER-CA" -ErrorAction SilentlyContinue; Write-Output "CAType (0=Enterprise,3=Standalone): $($caReg.CAType)"; Write-Output "LDAPFlags: $($caReg.LDAPFlags)"; $pmReg = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\PEACEFULSPIRIT-PST-SERVER-CA\PolicyModules" -ErrorAction SilentlyContinue; Write-Output "PolicyModules default: $($pmReg.Active)"; certutil -getreg policy\EditFlags 2>&1'
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
sleep 12
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: CAType (0=Enterprise,3=Standalone): 0
|
|
|
|
|
|
LDAPFlags:
|
|
|
|
|
|
PolicyModules default: CertificateAuthority_MicrosoftDefault.Policy
|
|
|
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\PEACEFULSPIRIT-PST-SERVER-CA\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy\EditFlags: ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
PS_CMD='(Get-WmiObject Win32_ComputerSystem).DomainRole; Get-Module ActiveDirectory -ListAvailable | Select Name,Version; $env:LOGONSERVER; nltest /dsgetdc:PEACEFULSPIRIT.local 2>&1 | Select-String "DC\|Domain"'
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
sleep 12
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: 5
|
|
|
|
|
|
|
|
|
|
|
|
Name Version
|
|
|
|
|
|
---- -------
|
|
|
|
|
|
ActiveDirectory 1.0.0.0
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'EOF'
|
|
Import-Module ActiveDirectory -ErrorAction Stop
|
|
$domain = (Get-ADDomain).DistinguishedName
|
|
$configNC = "CN=Configuration,$domain"
|
|
$templateBase = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
|
|
# Get Machine template
|
|
$machineTpl = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=Machine)" -Properties *
|
|
if (-not $machineTpl) { Write-Output "ERROR: Machine template not found"; exit 1 }
|
|
Write-Output "Machine template found. Current EKUs: $($machineTpl.pKIExtendedKeyUsage -join ', ')"
|
|
|
|
# Check if IKEv2Machine already exists
|
|
$existing = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=IKEv2Machine)" -ErrorAction SilentlyContinue
|
|
if ($existing) { Write-Output "IKEv2Machine already exists: $($existing.DistinguishedName)"; exit 0 }
|
|
|
|
# Generate unique OID
|
|
$r1 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$r2 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$newOID = "1.3.6.1.4.1.311.21.8.$r1.$r2"
|
|
|
|
# Build EKU list with IP Security IKE Intermediate added
|
|
$existingEKU = @($machineTpl.pKIExtendedKeyUsage)
|
|
$ikeOID = "1.3.6.1.5.5.8.2.2"
|
|
$newEKU = ($existingEKU + $ikeOID) | Select-Object -Unique
|
|
Write-Output "New EKUs: $($newEKU -join ', ')"
|
|
|
|
# Build attribute hash - only include non-null values
|
|
$tplAttribs = @{
|
|
"displayName" = "IKEv2 Machine Certificate"
|
|
"flags" = [int]$machineTpl.flags
|
|
"revision" = "100.0"
|
|
"pKIDefaultKeySpec" = $machineTpl.pKIDefaultKeySpec
|
|
"pKIKeyUsage" = $machineTpl.pKIKeyUsage
|
|
"pKIMaxIssuingDepth" = $machineTpl.pKIMaxIssuingDepth
|
|
"pKICriticalExtensions" = $machineTpl.pKICriticalExtensions
|
|
"pKIExpirationPeriod" = $machineTpl.pKIExpirationPeriod
|
|
"pKIOverlapPeriod" = $machineTpl.pKIOverlapPeriod
|
|
"pKIExtendedKeyUsage" = $newEKU
|
|
"msPKI-Cert-Template-OID" = $newOID
|
|
"msPKI-Certificate-Name-Flag" = $machineTpl."msPKI-Certificate-Name-Flag"
|
|
"msPKI-Enrollment-Flag" = $machineTpl."msPKI-Enrollment-Flag"
|
|
"msPKI-Private-Key-Flag" = $machineTpl."msPKI-Private-Key-Flag"
|
|
"msPKI-Minimal-Key-Size" = $machineTpl."msPKI-Minimal-Key-Size"
|
|
"msPKI-RA-Signature" = $machineTpl."msPKI-RA-Signature"
|
|
"msPKI-Template-Minor-Revision" = [int]1
|
|
"msPKI-Template-Schema-Version" = $machineTpl."msPKI-Template-Schema-Version"
|
|
}
|
|
if ($machineTpl.pKIDefaultCSPs) { $tplAttribs["pKIDefaultCSPs"] = $machineTpl.pKIDefaultCSPs }
|
|
|
|
New-ADObject -Name "IKEv2Machine" -Type "pKICertificateTemplate" -Path $templateBase -OtherAttributes $tplAttribs
|
|
Write-Output "Created IKEv2Machine template (OID: $newOID)"
|
|
|
|
# Add to CA enrollment services
|
|
$caObj = Get-ADObject -SearchBase "CN=Enrollment Services,CN=Public Key Services,CN=Services,$configNC" -LDAPFilter "(cn=PEACEFULSPIRIT-PST-SERVER-CA)" -Properties certificateTemplates
|
|
if (-not ($caObj.certificateTemplates -contains "IKEv2Machine")) {
|
|
Set-ADObject -Identity $caObj.DistinguishedName -Add @{certificateTemplates = "IKEv2Machine"}
|
|
Write-Output "Added IKEv2Machine to CA enrollment services"
|
|
}
|
|
|
|
# Grant Domain Computers Enroll permission on the template
|
|
$tplObj = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=IKEv2Machine)"
|
|
$acl = Get-Acl -Path "AD:$($tplObj.DistinguishedName)"
|
|
$domainComputersSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-21-1105246401-3156558273-4088333098-515")
|
|
$enrollGuid = New-Object Guid "0e10c968-78fb-11d2-90d4-00c04f79dc55"
|
|
$readGuid = [Guid]::Empty
|
|
$ace1 = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($domainComputersSID, "ReadProperty,GenericExecute", "Allow", $readGuid, "None", $readGuid)
|
|
$ace2 = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($domainComputersSID, "ExtendedRight", "Allow", $enrollGuid, "None", $readGuid)
|
|
$acl.AddAccessRule($ace1); $acl.AddAccessRule($ace2)
|
|
Set-Acl -Path "AD:$($tplObj.DistinguishedName)" -AclObject $acl
|
|
Write-Output "Granted Domain Computers enroll permission"
|
|
Write-Output "DONE"
|
|
EOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "Command ID: $CMD_ID"
|
|
```
|
|
Output: Command ID: 8122bba0-55c5-4943-b0fa-49ec374c6037
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/8122bba0-55c5-4943-b0fa-49ec374c6037" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Machine template found. Current EKUs: 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.1\r\nNew EKUs: 1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.8.2.2\r\nCreated IKEv2Machine template (OID: 1.3.6.1.4.1.311.21.8.62855893.23429789)\r\nAdded IKEv2Ma ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'EOF'
|
|
Import-Module ActiveDirectory -ErrorAction Stop
|
|
$domain = (Get-ADDomain).DistinguishedName
|
|
$configNC = "CN=Configuration,$domain"
|
|
$templateBase = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
|
|
# Check if IKEv2Machine exists
|
|
$existing = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=IKEv2Machine)" -Properties pKIExtendedKeyUsage -ErrorAction SilentlyContinue
|
|
if ($existing) {
|
|
Write-Output "IKEv2Machine EXISTS. EKUs: $($existing.pKIExtendedKeyUsage -join ', ')"
|
|
} else {
|
|
Write-Output "IKEv2Machine NOT FOUND - need to create"
|
|
|
|
# Check Machine template EKU raw types
|
|
$mt = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=Machine)" -Properties pKIExtendedKeyUsage
|
|
$eku = $mt.pKIExtendedKeyUsage
|
|
Write-Output "Machine EKU type: $($eku.GetType().FullName)"
|
|
Write-Output "Machine EKUs: $($eku -join ',')"
|
|
}
|
|
EOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
sleep 12
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout,.stderr'
|
|
```
|
|
Output: IKEv2Machine NOT FOUND - need to create
|
|
|
|
|
|
Machine EKU type: Microsoft.ActiveDirectory.Management.ADPropertyValueCollection
|
|
|
|
|
|
Machine EKUs: 1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.1
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'EOF'
|
|
Import-Module ActiveDirectory -ErrorAction Stop
|
|
$ErrorActionPreference = "Stop"
|
|
$domain = (Get-ADDomain).DistinguishedName
|
|
$configNC = "CN=Configuration,$domain"
|
|
$templateBase = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
|
|
$machineTpl = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=Machine)" -Properties *
|
|
|
|
# Convert ADPropertyValueCollection to plain string arrays
|
|
$newEKU = [string[]]@("1.3.6.1.5.5.7.3.2","1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.8.2.2")
|
|
|
|
# Generate OID
|
|
$r1 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$r2 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$newOID = "1.3.6.1.4.1.311.21.8.$r1.$r2"
|
|
|
|
# Build safe attribute hash with explicit types
|
|
$tplAttribs = @{}
|
|
$tplAttribs["displayName"] = [string]"IKEv2 Machine Certificate"
|
|
$tplAttribs["flags"] = [int]$machineTpl.flags
|
|
$tplAttribs["revision"] = [string]"100.0"
|
|
$tplAttribs["pKIDefaultKeySpec"] = [int]$machineTpl.pKIDefaultKeySpec
|
|
if ($machineTpl.pKIKeyUsage) { $tplAttribs["pKIKeyUsage"] = [byte[]]$machineTpl.pKIKeyUsage }
|
|
$tplAttribs["pKIMaxIssuingDepth"] = [int]$machineTpl.pKIMaxIssuingDepth
|
|
if ($machineTpl.pKICriticalExtensions) { $tplAttribs["pKICriticalExtensions"] = [string[]]$machineTpl.pKICriticalExtensions }
|
|
$tplAttribs["pKIExpirationPeriod"] = [byte[]]$machineTpl.pKIExpirationPeriod
|
|
$tplAttribs["pKIOverlapPeriod"] = [byte[]]$machineTpl.pKIOverlapPeriod
|
|
$tplAttribs["pKIExtendedKeyUsage"] = $newEKU
|
|
$tplAttribs["msPKI-Cert-Template-OID"] = [string]$newOID
|
|
$tplAttribs["msPKI-Certificate-Name-Flag"] = [int]$machineTpl."msPKI-Certificate-Name-Flag"
|
|
$tplAttribs["msPKI-Enrollment-Flag"] = [int]$machineTpl."msPKI-Enrollment-Flag"
|
|
$tplAttribs["msPKI-Private-Key-Flag"] = [int]$machineTpl."msPKI-Private-Key-Flag"
|
|
$tplAttribs["msPKI-Minimal-Key-Size"] = [int]$machineTpl."msPKI-Minimal-Key-Size"
|
|
$tplAttribs["msPKI-RA-Signature"] = [int]$machineTpl."msPKI-RA-Signature"
|
|
$tplAttribs["msPKI-Template-Minor-Revision"] = [int]1
|
|
$tplAttribs["msPKI-Template-Schema-Version"] = [int]$machineTpl."msPKI-Template-Schema-Version"
|
|
if ($machineTpl.pKIDefaultCSPs) { $tplAttribs["pKIDefaultCSPs"] = [string[]]$machineTpl.pKIDefaultCSPs }
|
|
|
|
Write-Output "Creating template with OID $newOID"
|
|
New-ADObject -Name "IKEv2Machine" -Type "pKICertificateTemplate" -Path $templateBase -OtherAttributes $tplAttribs
|
|
Write-Output "Template created successfully"
|
|
|
|
# Add to CA enrollment services
|
|
$caObj = Get-ADObject -SearchBase "CN=Enrollment Services,CN=Public Key Services,CN=Services,$configNC" -LDAPFilter "(cn=PEACEFULSPIRIT-PST-SERVER-CA)" -Properties certificateTemplates
|
|
Set-ADObject -Identity $caObj.DistinguishedName -Add @{certificateTemplates = [string]"IKEv2Machine"}
|
|
Write-Output "Added to CA enrollment services"
|
|
|
|
# Grant Domain Computers Enroll permission
|
|
$tplObj = Get-ADObject -SearchBase $templateBase -LDAPFilter "(cn=IKEv2Machine)"
|
|
$tplPath = "AD:" + $tplObj.DistinguishedName
|
|
$acl = Get-Acl -Path $tplPath
|
|
$domainSID = (Get-ADDomain).DomainSID
|
|
$compSID = New-Object System.Security.Principal.SecurityIdentifier([System.Security.Principal.WellKnownSidType]::AccountComputersSid, $domainSID)
|
|
$enrollGuid = New-Object Guid "0e10c968-78fb-11d2-90d4-00c04f79dc55"
|
|
$noGuid = [Guid]::Empty
|
|
$ace1 = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($compSID, "ReadProperty,GenericExecute", "Allow", $noGuid, "None", $noGuid)
|
|
$ace2 = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($compSID, "ExtendedRight", "Allow", $enrollGuid, "None", $noGuid)
|
|
$acl.AddAccessRule($ace1); $acl.AddAccessRule($ace2)
|
|
Set-Acl -Path $tplPath -AclObject $acl
|
|
Write-Output "ACL set - Domain Computers can enroll"
|
|
Write-Output "COMPLETE"
|
|
EOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "CMD_ID: $CMD_ID"
|
|
```
|
|
Output: CMD_ID: 5a30059f-2a33-4acb-a373-e81c87ad8301
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/5a30059f-2a33-4acb-a373-e81c87ad8301" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "Creating template with OID 1.3.6.1.4.1.311.21.8.25271392.20725272\r\n",
|
|
|
|
"stderr": "New-ADObject : The parameter is incorrect\r\nAt line:40 char:1\r\n+ New-ADObject -Name \"IKEv2Machine\" -Type \"pKICertificateTemplate\" -Pat ...\r\n+ ~~~~~ ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
$ErrorActionPreference = "Stop"
|
|
$rootDSE = [ADSI]"LDAP://RootDSE"
|
|
$configNC = $rootDSE.configurationNamingContext.Value
|
|
$templatePath = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
|
|
$machineADSI = [ADSI]"LDAP://CN=Machine,$templatePath"
|
|
$templateContainer = [ADSI]"LDAP://$templatePath"
|
|
|
|
# Check Machine template loaded
|
|
Write-Output "Machine template cn: $($machineADSI.cn)"
|
|
|
|
# Generate OID
|
|
$r1 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$r2 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$newOID = "1.3.6.1.4.1.311.21.8.$r1.$r2"
|
|
|
|
# Create new template object
|
|
$newTpl = $templateContainer.Create("pKICertificateTemplate", "CN=IKEv2Machine")
|
|
$newTpl.Put("displayName", "IKEv2 Machine Certificate")
|
|
$newTpl.Put("flags", $machineADSI.Properties["flags"][0])
|
|
$newTpl.Put("revision", "100.0")
|
|
$newTpl.Put("pKIDefaultKeySpec", $machineADSI.Properties["pKIDefaultKeySpec"][0])
|
|
$newTpl.Put("pKIMaxIssuingDepth", $machineADSI.Properties["pKIMaxIssuingDepth"][0])
|
|
$newTpl.Put("pKIExpirationPeriod", $machineADSI.Properties["pKIExpirationPeriod"][0])
|
|
$newTpl.Put("pKIOverlapPeriod", $machineADSI.Properties["pKIOverlapPeriod"][0])
|
|
$newTpl.Put("msPKI-Cert-Template-OID", $newOID)
|
|
$newTpl.Put("msPKI-Certificate-Name-Flag", $machineADSI.Properties["msPKI-Certificate-Name-Flag"][0])
|
|
$newTpl.Put("msPKI-Enrollment-Flag", $machineADSI.Properties["msPKI-Enrollment-Flag"][0])
|
|
$newTpl.Put("msPKI-Private-Key-Flag", $machineADSI.Properties["msPKI-Private-Key-Flag"][0])
|
|
$newTpl.Put("msPKI-Minimal-Key-Size", $machineADSI.Properties["msPKI-Minimal-Key-Size"][0])
|
|
$newTpl.Put("msPKI-RA-Signature", $machineADSI.Properties["msPKI-RA-Signature"][0])
|
|
$newTpl.Put("msPKI-Template-Minor-Revision", 1)
|
|
$newTpl.Put("msPKI-Template-Schema-Version", $machineADSI.Properties["msPKI-Template-Schema-Version"][0])
|
|
|
|
# Multi-value attributes via PutEx (2 = ADS_PROPERTY_UPDATE)
|
|
$keyUsage = @()
|
|
foreach ($v in $machineADSI.Properties["pKIKeyUsage"]) { $keyUsage += $v }
|
|
$newTpl.PutEx(2, "pKIKeyUsage", $keyUsage)
|
|
|
|
$critExts = @()
|
|
foreach ($v in $machineADSI.Properties["pKICriticalExtensions"]) { $critExts += $v }
|
|
$newTpl.PutEx(2, "pKICriticalExtensions", $critExts)
|
|
|
|
# EKU with IKE Intermediate added
|
|
$newTpl.PutEx(2, "pKIExtendedKeyUsage", @("1.3.6.1.5.5.7.3.2","1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.8.2.2"))
|
|
|
|
# CSPs
|
|
$csps = @()
|
|
foreach ($v in $machineADSI.Properties["pKIDefaultCSPs"]) { $csps += $v }
|
|
if ($csps.Count -gt 0) { $newTpl.PutEx(2, "pKIDefaultCSPs", $csps) }
|
|
|
|
$newTpl.SetInfo()
|
|
Write-Output "Template created: IKEv2Machine (OID: $newOID)"
|
|
|
|
# Add to CA enrollment services
|
|
$caADSI = [ADSI]"LDAP://CN=PEACEFULSPIRIT-PST-SERVER-CA,CN=Enrollment Services,CN=Public Key Services,CN=Services,$configNC"
|
|
$caADSI.PutEx(3, "certificateTemplates", @("IKEv2Machine"))
|
|
$caADSI.SetInfo()
|
|
Write-Output "Added to CA enrollment services"
|
|
|
|
# Verify
|
|
$check = [ADSI]"LDAP://CN=IKEv2Machine,$templatePath"
|
|
Write-Output "Verification - EKUs: $($check.Properties['pKIExtendedKeyUsage'] -join ', ')"
|
|
Write-Output "COMPLETE"
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "CMD_ID: $CMD_ID"
|
|
```
|
|
Output: CMD_ID: 860368a4-d9f6-4bc8-a3d3-618b88e2d458
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/860368a4-d9f6-4bc8-a3d3-618b88e2d458" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "Machine template cn: Machine\r\n",
|
|
|
|
"stderr": "Exception calling \"PutEx\" with \"3\" argument(s): \"Unspecified error\r\n\"\r\nAt line:38 char:1\r\n+ $newTpl.PutEx(2, \"pKIKeyUsage\", $keyUsage)\r\n+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
$ErrorActionPreference = "Stop"
|
|
$rootDSE = [ADSI]"LDAP://RootDSE"
|
|
$configNC = $rootDSE.configurationNamingContext.Value
|
|
$templatePath = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
$machineADSI = [ADSI]"LDAP://CN=Machine,$templatePath"
|
|
$templateContainer = [ADSI]"LDAP://$templatePath"
|
|
|
|
# Check if already exists and delete if needed
|
|
$existCheck = [ADSI]"LDAP://CN=IKEv2Machine,$templatePath"
|
|
if ($existCheck.distinguishedName) {
|
|
Write-Output "Deleting existing IKEv2Machine..."
|
|
$templateContainer.Delete("pKICertificateTemplate","CN=IKEv2Machine")
|
|
}
|
|
|
|
$r1 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$r2 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$newOID = "1.3.6.1.4.1.311.21.8.$r1.$r2"
|
|
|
|
# Phase 1: Create with scalar attributes only
|
|
$newTpl = $templateContainer.Create("pKICertificateTemplate","CN=IKEv2Machine")
|
|
$newTpl.Put("displayName", "IKEv2 Machine Certificate")
|
|
$newTpl.Put("flags", $machineADSI.Properties["flags"][0])
|
|
$newTpl.Put("revision", "100.0")
|
|
$newTpl.Put("pKIDefaultKeySpec", $machineADSI.Properties["pKIDefaultKeySpec"][0])
|
|
$newTpl.Put("pKIMaxIssuingDepth", $machineADSI.Properties["pKIMaxIssuingDepth"][0])
|
|
$newTpl.Put("pKIExpirationPeriod", $machineADSI.Properties["pKIExpirationPeriod"][0])
|
|
$newTpl.Put("pKIOverlapPeriod", $machineADSI.Properties["pKIOverlapPeriod"][0])
|
|
$newTpl.Put("msPKI-Cert-Template-OID", $newOID)
|
|
$newTpl.Put("msPKI-Certificate-Name-Flag", $machineADSI.Properties["msPKI-Certificate-Name-Flag"][0])
|
|
$newTpl.Put("msPKI-Enrollment-Flag", $machineADSI.Properties["msPKI-Enrollment-Flag"][0])
|
|
$newTpl.Put("msPKI-Private-Key-Flag", $machineADSI.Properties["msPKI-Private-Key-Flag"][0])
|
|
$newTpl.Put("msPKI-Minimal-Key-Size", $machineADSI.Properties["msPKI-Minimal-Key-Size"][0])
|
|
$newTpl.Put("msPKI-RA-Signature", $machineADSI.Properties["msPKI-RA-Signature"][0])
|
|
$newTpl.Put("msPKI-Template-Minor-Revision", 1)
|
|
$newTpl.Put("msPKI-Template-Schema-Version", $machineADSI.Properties["msPKI-Template-Schema-Version"][0])
|
|
$newTpl.SetInfo()
|
|
Write-Output "Phase 1 complete - object created"
|
|
|
|
# Phase 2: Set multi-valued attributes on the committed object
|
|
$newTpl2 = [ADSI]"LDAP://CN=IKEv2Machine,$templatePath"
|
|
|
|
# pKIKeyUsage - octet string, use Put directly
|
|
$newTpl2.Put("pKIKeyUsage", $machineADSI.Properties["pKIKeyUsage"][0])
|
|
|
|
# pKICriticalExtensions - multi-valued string
|
|
$critExts = [string[]]($machineADSI.Properties["pKICriticalExtensions"] | ForEach-Object { "$_" })
|
|
if ($critExts.Count -gt 0) { $newTpl2.PutEx(2,"pKICriticalExtensions",$critExts) }
|
|
|
|
# EKU - multi-valued string with IKE added
|
|
$newTpl2.PutEx(2,"pKIExtendedKeyUsage",([string[]]@("1.3.6.1.5.5.7.3.2","1.3.6.1.5.5.7.3.1","1.3.6.1.5.5.8.2.2")))
|
|
|
|
# pKIDefaultCSPs - multi-valued string
|
|
$csps = [string[]]($machineADSI.Properties["pKIDefaultCSPs"] | ForEach-Object { "$_" })
|
|
if ($csps.Count -gt 0) { $newTpl2.PutEx(2,"pKIDefaultCSPs",$csps) }
|
|
|
|
$newTpl2.SetInfo()
|
|
Write-Output "Phase 2 complete - EKUs and multi-value attrs set"
|
|
|
|
# Add to CA enrollment services
|
|
$caADSI = [ADSI]"LDAP://CN=PEACEFULSPIRIT-PST-SERVER-CA,CN=Enrollment Services,CN=Public Key Services,CN=Services,$configNC"
|
|
$caADSI.PutEx(3,"certificateTemplates",@("IKEv2Machine"))
|
|
$caADSI.SetInfo()
|
|
Write-Output "Added to CA enrollment services"
|
|
|
|
# Verify
|
|
$verify = [ADSI]"LDAP://CN=IKEv2Machine,$templatePath"
|
|
Write-Output "Verify EKUs: $($verify.Properties['pKIExtendedKeyUsage'] -join ', ')"
|
|
Write-Output "COMPLETE - OID: $newOID"
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "CMD_ID: $CMD_ID"
|
|
```
|
|
Output: CMD_ID: 1d46d0fb-9fed-4e52-8e62-09ae89ade218
|
|
|
|
```
|
|
sleep 20
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/1d46d0fb-9fed-4e52-8e62-09ae89ade218" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "failed",
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "",
|
|
|
|
"stderr": "Exception calling \"SetInfo\" with \"0\" argument(s): \"The attribute syntax \r\nspecified to the directory service is invalid.\r\n\"\r\nAt line:36 char:1\r\n+ $newTpl.SetInfo()\r\n+ ~~~~~~~~~~~~~~~~~\r\n + CategoryInfo ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
$domain = ([ADSI]"LDAP://RootDSE").defaultNamingContext.Value
|
|
$configNC = ([ADSI]"LDAP://RootDSE").configurationNamingContext.Value
|
|
$machineDN = "CN=Machine,CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
$outFile = "C:\Temp\machine_template.ldif"
|
|
if (!(Test-Path C:\Temp)) { New-Item -ItemType Directory C:\Temp | Out-Null }
|
|
& ldifde -f $outFile -s localhost -d $machineDN -p base 2>&1
|
|
Write-Output "Exit: $LASTEXITCODE"
|
|
Get-Content $outFile
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
sleep 15
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -80
|
|
```
|
|
Output: Connecting to "localhost"
|
|
|
|
|
|
Logging in as current user using SSPI
|
|
|
|
|
|
Exporting directory to file C:\Temp\machine_template.ldif
|
|
|
|
|
|
Searching for entries...
|
|
|
|
|
|
Writing out entries1 entries exported
|
|
|
|
|
|
|
|
|
|
The command has completed successfully
|
|
|
|
|
|
.
|
|
|
|
|
|
Exit: 0
|
|
|
|
|
|
dn: CN=Machine,CN=Certificate Templates,CN=Publi ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
$configNC = ([ADSI]"LDAP://RootDSE").configurationNamingContext.Value
|
|
$templatePath = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
|
|
$r1 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$r2 = Get-Random -Minimum 10000000 -Maximum 99999999
|
|
$newOID = "1.3.6.1.4.1.311.21.8.$r1.$r2"
|
|
|
|
$ldif = @"
|
|
dn: CN=IKEv2Machine,$templatePath
|
|
changetype: add
|
|
objectClass: top
|
|
objectClass: pKICertificateTemplate
|
|
cn: IKEv2Machine
|
|
displayName: IKEv2 Machine Certificate
|
|
flags: 66144
|
|
revision: 5
|
|
showInAdvancedViewOnly: TRUE
|
|
name: IKEv2Machine
|
|
pKIDefaultKeySpec: 1
|
|
pKIKeyUsage:: oAA=
|
|
pKIMaxIssuingDepth: 0
|
|
pKICriticalExtensions: 2.5.29.15
|
|
pKIExpirationPeriod:: AEA5hy7h/v8=
|
|
pKIOverlapPeriod:: AICmCv/e//8=
|
|
pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.2
|
|
pKIExtendedKeyUsage: 1.3.6.1.5.5.7.3.1
|
|
pKIExtendedKeyUsage: 1.3.6.1.5.5.8.2.2
|
|
pKIDefaultCSPs: 1,Microsoft RSA SChannel Cryptographic Provider
|
|
msPKI-RA-Signature: 0
|
|
msPKI-Enrollment-Flag: 32
|
|
msPKI-Private-Key-Flag: 0
|
|
msPKI-Certificate-Name-Flag: 1
|
|
msPKI-Minimal-Key-Size: 2048
|
|
msPKI-Template-Schema-Version: 1
|
|
msPKI-Template-Minor-Revision: 1
|
|
msPKI-Cert-Template-OID: $newOID
|
|
"@
|
|
|
|
Set-Content -Path "C:\Temp\ikev2machine.ldif" -Value $ldif -Encoding ASCII
|
|
Write-Output "LDIF written with OID: $newOID"
|
|
Write-Output "--- LDIF content ---"
|
|
Get-Content "C:\Temp\ikev2machine.ldif"
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
sleep 12
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: LDIF written with OID: 1.3.6.1.4.1.311.21.8.66321480.52941450
|
|
|
|
|
|
--- LDIF content ---
|
|
|
|
|
|
dn: CN=IKEv2Machine,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=PEACEFULSPIRIT,DC=local
|
|
|
|
|
|
changetype: add
|
|
|
|
|
|
objectClass: top
|
|
|
|
|
|
objectClass: pKICertificateTemplate
|
|
|
|
|
|
cn: IKEv2Mac ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
$configNC = ([ADSI]"LDAP://RootDSE").configurationNamingContext.Value
|
|
$enrollSvcPath = "CN=Enrollment Services,CN=Public Key Services,CN=Services,$configNC"
|
|
|
|
# Import the template
|
|
$importResult = & ldifde -i -f "C:\Temp\ikev2machine.ldif" -s localhost 2>&1
|
|
Write-Output "Import result: $importResult"
|
|
Write-Output "Import exit code: $LASTEXITCODE"
|
|
|
|
if ($LASTEXITCODE -eq 0) {
|
|
# Add to CA enrollment services
|
|
$caADSI = [ADSI]"LDAP://CN=PEACEFULSPIRIT-PST-SERVER-CA,$enrollSvcPath"
|
|
$caADSI.PutEx(3,"certificateTemplates",@("IKEv2Machine"))
|
|
$caADSI.SetInfo()
|
|
Write-Output "Added to CA enrollment services"
|
|
|
|
# Verify template EKUs
|
|
$templatePath = "CN=Certificate Templates,CN=Public Key Services,CN=Services,$configNC"
|
|
$newTpl = [ADSI]"LDAP://CN=IKEv2Machine,$templatePath"
|
|
Write-Output "Verify - EKUs: $($newTpl.Properties['pKIExtendedKeyUsage'] -join ', ')"
|
|
|
|
# Restart certsvc to pick up new template
|
|
Restart-Service CertSvc -Force
|
|
Start-Sleep -Seconds 5
|
|
Write-Output "CertSvc restarted"
|
|
Write-Output "COMPLETE"
|
|
} else {
|
|
Write-Output "Import failed"
|
|
}
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "CMD_ID: $CMD_ID"
|
|
```
|
|
Output: CMD_ID: 022a5d46-c935-4187-b80d-4c2e0695cc24
|
|
|
|
```
|
|
sleep 25
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
curl -s "http://172.16.3.30:3001/api/commands/022a5d46-c935-4187-b80d-4c2e0695cc24" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: <tool_use_error>Blocked: sleep 25 followed by: TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty') curl -s ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/022a5d46-c935-4187-b80d-4c2e0695cc24" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/022a5d46-c935-4187-b80d-4c2e0695cc24" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Import result: Connecting to \"localhost\" Logging in as current user using SSPI Importing directory from file \"C:\\Temp\\ikev2machine.ldif\" Loading entries1 entry modified successfully. The command has completed successfully ..\r\nImpo ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# CSR file is already on PST-SERVER at C:\Temp\marahomenew_vpn.csr (we wrote it earlier)
|
|
# Submit with IKEv2Machine template attribute
|
|
PS_CMD='if (!(Test-Path C:\Temp\marahomenew_vpn.csr)) { Write-Output "CSR NOT FOUND"; exit 1 }; Write-Output "CSR found, submitting..."; certreq -f -q -submit -attrib "CertificateTemplate:IKEv2Machine" -config "PST-SERVER\PEACEFULSPIRIT-PST-SERVER-CA" "C:\Temp\marahomenew_vpn.csr" "C:\Temp\marahomenew_vpn.cer" 2>&1; Write-Output "Exit: $LASTEXITCODE"; if (Test-Path C:\Temp\marahomenew_vpn.cer) { Write-Output "CER file created"; Get-Content C:\Temp\marahomenew_vpn.cer }'
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
TOKEN_SAVED="$TOKEN"
|
|
echo "CMD_ID: $CMD_ID"
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN_SAVED" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN_SAVED" | jq '{status, exit_code, stdout: .stdout[0:500], stderr: .stderr[0:300]}'
|
|
```
|
|
Output: CMD_ID: a6ccff91-3f30-4f1a-8079-9fbb673640b2
|
|
{
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "CSR found, submitting...\r\nRequestId: 70\r\nRequestId: \"70\"\r\nCertificate retrieved(Issued) Issued\r\nExit: 0\r\nCER file created\r\n-----BEGIN CERTIFICATE-----\r\nMIIE3jCCA8agAwIBAgITUgAAAE ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
PS_CMD='[Convert]::ToBase64String([IO.File]::ReadAllBytes("C:\Temp\marahomenew_vpn.cer"))'
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
# Get the base64 cert content
|
|
CERT_B64=$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | tr -d '\r\n')
|
|
echo "Cert B64 length: ${#CERT_B64}"
|
|
echo "First 60: ${CERT_B64:0:60}"
|
|
# Save to temp file for next step
|
|
echo "$CERT_B64" > /tmp/marahomenew_signed_b64.txt
|
|
```
|
|
Output: Cert B64 length: 2372
|
|
First 60: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlFM2pDQ0E4YWdBd0lC
|
|
|
|
```
|
|
# Re-encode the raw cert bytes (the PEM content) for transport to MaraHomeNew
|
|
CERT_B64_FOR_TRANSPORT=$(base64 -w0 /tmp/marahomenew_signed.cer)
|
|
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# Write the signed cert to MaraHomeNew and run certreq -accept
|
|
PS_CMD="\$b64='${CERT_B64_FOR_TRANSPORT}'; \$bytes=[System.Convert]::FromBase64String(\$b64); [IO.File]::WriteAllBytes('C:/Temp/marahomenew_vpn.cer',\$bytes); Write-Output 'Cert written, size: '+([IO.File]::ReadAllBytes('C:/Temp/marahomenew_vpn.cer').Length)+' bytes'; certreq -accept 'C:/Temp/marahomenew_vpn.cer' 2>&1; Write-Output 'Accept exit: '+\$LASTEXITCODE"
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "CMD_ID: $CMD_ID"
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: CMD_ID: 2e54fea9-cb68-4f87-b52f-3af6c672f447
|
|
{
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Cert written, size: \r\n+\r\n1778\r\n+ bytes\r\nInstalled Certificate:\r\n Serial Number: 520000004671751979f395f4ff000000000046\r\n Subject: CN=MaraHomeNew.PEACEFULSPIRIT.local (DNS Name=Mara ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Verify new cert EKUs
|
|
$newCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "074a651524832dfe1e3cda42fb72fe9baab742e1" }
|
|
if ($newCert) {
|
|
Write-Output "New cert found:"
|
|
Write-Output " Subject: $($newCert.Subject)"
|
|
Write-Output " Thumbprint: $($newCert.Thumbprint)"
|
|
Write-Output " NotAfter: $($newCert.NotAfter)"
|
|
$ekuExt = $newCert.Extensions | Where-Object { $_.Oid.Value -eq "2.5.29.37" }
|
|
if ($ekuExt) {
|
|
$eku = New-Object System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension($ekuExt, $false)
|
|
Write-Output " EKUs:"
|
|
foreach ($oid in $eku.EnhancedKeyUsages) { Write-Output " - $($oid.Value) ($($oid.FriendlyName))" }
|
|
}
|
|
} else { Write-Output "ERROR: New cert not found" }
|
|
|
|
# Remove old cert
|
|
$oldCert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "D067E07B4A670AF5C6DE27250EB533B06F28FD6A" }
|
|
if ($oldCert) {
|
|
Remove-Item $oldCert.PSPath -Force
|
|
Write-Output "Old cert removed"
|
|
} else { Write-Output "Old cert not found (already removed?)" }
|
|
|
|
# Restart RasMan
|
|
Restart-Service RasMan -Force
|
|
Start-Sleep -Seconds 3
|
|
Write-Output "RasMan restarted"
|
|
|
|
# Test VPN
|
|
Write-Output "Testing VPN..."
|
|
$vpnResult = & rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Output "VPN result: $vpnResult"
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
echo "CMD_ID: $CMD_ID"
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: CMD_ID: 1a204e29-78b7-48d5-a5f4-707f9614f20c
|
|
{
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "New cert found:\r\n Subject: CN=MaraHomeNew.PEACEFULSPIRIT.local\r\n Thumbprint: 074A651524832DFE1E3CDA42FB72FE9BAAB742E1\r\n NotAfter: 05/21/2027 13:04:21\r\n EKUs:\r\n - 1.3.6.1.5.5.8.2 ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Check new cert private key
|
|
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.Thumbprint -eq "074A651524832DFE1E3CDA42FB72FE9BAAB742E1" }
|
|
$keyContainer = $cert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
|
|
Write-Output "Key container: $keyContainer"
|
|
$keyPath = "$env:ProgramData\Microsoft\Crypto\RSA\MachineKeys\$keyContainer"
|
|
Write-Output "Key file: $keyPath"
|
|
if (Test-Path $keyPath) {
|
|
$acl = (Get-Acl $keyPath).Access | ForEach-Object { "$($_.IdentityReference): $($_.FileSystemRights)" }
|
|
Write-Output "Key ACL: $($acl -join ' | ')"
|
|
} else { Write-Output "Key file not found at expected path" }
|
|
|
|
# Restart IKEEXT (IKE and AuthIP keying modules)
|
|
Write-Output "Restarting IKEEXT..."
|
|
Restart-Service IKEEXT -Force
|
|
Start-Sleep -Seconds 3
|
|
Write-Output "IKEEXT status: $((Get-Service IKEEXT).Status)"
|
|
|
|
# Test VPN
|
|
Write-Output "Testing VPN..."
|
|
$vpnResult = & rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Output "Result: $vpnResult"
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Key container: f69a723a4257780d83460755776bec3b_840d4f77-d935-4800-af81-7e72f8796ec8\r\nKey file: C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\f69a723a4257780d83460755776bec3b_840d4f77-d935-4800-af81-7e72f8796ec8\r\nKey ACL: NT AU ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Enable CAPI2 log, trigger VPN, capture
|
|
$logName = "Microsoft-Windows-CAPI2/Operational"
|
|
wevtutil sl $logName /e:true /ms:20971520
|
|
wevtutil cl $logName 2>&1 | Out-Null
|
|
Write-Output "CAPI2 log enabled and cleared"
|
|
|
|
# Trigger VPN
|
|
$vpnResult = & rasdial "Peaceful Spirit VPN" 2>&1
|
|
Write-Output "VPN result: $vpnResult"
|
|
Start-Sleep -Seconds 2
|
|
|
|
# Get CAPI2 events
|
|
$events = Get-WinEvent -LogName $logName -MaxEvents 50 -ErrorAction SilentlyContinue
|
|
$filtered = $events | Where-Object { $_.Message -match "Policy|chain|IKE|13868|MaraHome|PEACEFULSPIRIT" }
|
|
if ($filtered) {
|
|
$filtered | ForEach-Object { Write-Output "=== Event $($_.Id) ==="; Write-Output $_.Message[0..500] }
|
|
} else {
|
|
Write-Output "No matching CAPI2 events. Total events: $($events.Count)"
|
|
# Show first 3 events
|
|
$events | Select-Object -First 3 | ForEach-Object { Write-Output "=== Event $($_.Id) ==="; Write-Output ($_.Message[0..300] -join '') }
|
|
}
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -100
|
|
```
|
|
Output: CAPI2 log enabled and cleared
|
|
|
|
|
|
VPN result: Connecting to Peaceful Spirit VPN... Verifying username and password...Policy match error
|
|
|
|
|
|
No matching CAPI2 events. Total events: 39
|
|
|
|
|
|
=== Event 81 ===
|
|
|
|
|
|
For more details for this event, please refer to the "Details" section
|
|
|
|
|
|
=== Event 90 ===
|
|
|
|
|
|
For mor ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
$logName = "Microsoft-Windows-CAPI2/Operational"
|
|
wevtutil cl $logName 2>&1 | Out-Null
|
|
# Trigger VPN
|
|
& rasdial "Peaceful Spirit VPN" 2>&1 | Out-Null
|
|
Start-Sleep -Seconds 2
|
|
# Get XML of events - look for cert chain verification failures
|
|
$events = Get-WinEvent -LogName $logName -MaxEvents 100 -ErrorAction SilentlyContinue
|
|
Write-Output "Total CAPI2 events: $($events.Count)"
|
|
# Look for events with error status or policy-related events
|
|
$events | ForEach-Object {
|
|
$xml = [xml]$_.ToXml()
|
|
$evId = $_.Id
|
|
# Event 81 = Build Chain, 90 = Verify Chain Policy, 11 = CertGetCertificateChain
|
|
if ($evId -in @(81,90,30,11,70,40)) {
|
|
Write-Output "--- Event $evId ---"
|
|
$xml.Event.EventData.Data | ForEach-Object { if ($_.Name) { Write-Output "$($_.Name): $($_.'#text'[0..200])" } }
|
|
}
|
|
} | Select-Object -First 80
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -120
|
|
```
|
|
Output: Total CAPI2 events: 39
|
|
|
|
|
|
--- Event 81 ---
|
|
|
|
|
|
--- Event 90 ---
|
|
|
|
|
|
--- Event 30 ---
|
|
|
|
|
|
--- Event 30 ---
|
|
|
|
|
|
--- Event 30 ---
|
|
|
|
|
|
--- Event 11 ---
|
|
|
|
|
|
--- Event 11 ---
|
|
|
|
|
|
--- Event 11 ---
|
|
|
|
|
|
--- Event 81 ---
|
|
|
|
|
|
--- Event 90 ---
|
|
|
|
|
|
--- Event 30 ---
|
|
|
|
|
|
--- Event 30 ---
|
|
|
|
|
|
--- Event 30 ---
|
|
|
|
|
|
--- Event 11 ---
|
|
|
|
|
|
--- Event ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Full certutil -verify with urlfetch on the new cert
|
|
$thumb = "074A651524832DFE1E3CDA42FB72FE9BAAB742E1"
|
|
Write-Output "=== certutil -verify ==="
|
|
certutil -f -silent -verify -urlfetch (Get-ChildItem Cert:\LocalMachine\My\$thumb | ForEach-Object {
|
|
$tmpFile = "C:\Temp\newcert_verify.cer"
|
|
$certBytes = $_.RawData
|
|
[IO.File]::WriteAllBytes($tmpFile, $certBytes)
|
|
$tmpFile
|
|
}) 2>&1 | Select-Object -First 60
|
|
|
|
Write-Output ""
|
|
Write-Output "=== CAPI2 XML export ==="
|
|
wevtutil cl "Microsoft-Windows-CAPI2/Operational" 2>&1 | Out-Null
|
|
& rasdial "Peaceful Spirit VPN" 2>&1 | Out-Null
|
|
Start-Sleep 2
|
|
wevtutil qe "Microsoft-Windows-CAPI2/Operational" /c:20 /rd:true /f:Text 2>&1 | Select-Object -First 200
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -150
|
|
```
|
|
Output: Command running in background with ID: bbehtpd81. Output is being written to: C:\Users\guru\AppData\Local\Temp\claude\D--claudetools\5c0c8d60-76ff-4827-ae2e-836c341aa8a2\tasks\bbehtpd81.output. You will be notified when it completes. To check interim output, use Read on that file path.
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# While waiting for the previous command, run a quick netsh ike trace to see what cert IKEEXT selects
|
|
read -r -d '' PS_CMD2 << 'PSEOF'
|
|
netsh trace start capture=yes provider="{106B464A-8043-46B1-8CB8-E92A0CD7A560}" provider="{6B510852-3583-4e2d-AFFE-A69F561E1F37}" provider="{106B464A-8043-46B1-8CB8-E92A0CD7A560}" tracefile=C:\Temp\ike3.etl overwrite=yes maxsize=10 2>&1 | Out-Null
|
|
Start-Sleep 2
|
|
& rasdial "Peaceful Spirit VPN" 2>&1 | Out-Null
|
|
Start-Sleep 3
|
|
netsh trace stop 2>&1 | Out-Null
|
|
netsh trace convert input=C:\Temp\ike3.etl output=C:\Temp\ike3.txt 2>&1 | Out-Null
|
|
# Extract relevant IKE cert lines
|
|
Select-String -Path C:\Temp\ike3.txt -Pattern "Cert|cert|CERT|13868|policy|Policy|EKU|thumb|Trust|chain" -CaseSensitive:$false | Select-Object -First 60 | ForEach-Object { $_.Line }
|
|
PSEOF
|
|
|
|
PAYLOAD2=$(printf '%s' "$PS_CMD2" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT2=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD2")
|
|
CMD_ID2=$(echo "$RESULT2" | jq -r '.command_id')
|
|
echo "Trace CMD: $CMD_ID2"
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID2" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID2" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -80
|
|
```
|
|
Output: Trace CMD: a7f921d3-5669-493f-8572-084d74275c9f
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/a7f921d3-5669-493f-8572-084d74275c9f" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/a7f921d3-5669-493f-8572-084d74275c9f" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -100
|
|
```
|
|
Output: (Bash completed with no output)
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
curl -s "http://172.16.3.30:3001/api/commands/a7f921d3-5669-493f-8572-084d74275c9f" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout_length: (.stdout|length), stderr: .stderr[0:200]}'
|
|
```
|
|
Output: {
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout_length": 0,
|
|
|
|
"stderr": ""
|
|
|
|
}
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Use the same VPNIKE trace approach that worked before
|
|
netsh trace start capture=no provider="{2458BF13-3693-4C68-A3FC-B75A8BFAE026}" keywords=0xFFFFFFFF tracefile=C:\Temp\ike4.etl overwrite=yes maxsize=5 2>&1 | Out-Null
|
|
& rasdial "Peaceful Spirit VPN" 2>&1 | Out-Null
|
|
Start-Sleep 3
|
|
netsh trace stop 2>&1 | Out-Null
|
|
netsh trace convert input=C:\Temp\ike4.etl output=C:\Temp\ike4.txt 2>&1 | Out-Null
|
|
Get-Content C:\Temp\ike4.txt | Select-Object -First 200
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -150
|
|
```
|
|
Output: The user doesn't want to proceed with this tool use. The tool use was rejected (eg. if it was a file edit, the new_string was NOT written to the file). STOP what you are doing and wait for the user to tell you how to proceed.
|
|
|
|
Note: The user's next message may contain a correction or preference. Pay ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# PST-SERVER: check RRAS L2TP status
|
|
PST_CMD='$rras = Get-RemoteAccess -ErrorAction SilentlyContinue; Write-Output "VpnType: $($rras.VpnType)"; Write-Output "RouterStatus: $($rras.RouterStatus)"; $ports = Get-VpnServerIPsecConfiguration -ErrorAction SilentlyContinue; Write-Output "IPsec config: $ports"; netsh ras show type 2>&1; Write-Output "---L2TP ports---"; netsh ras show ports 2>&1 | Select-String "L2TP|PPPoE" | Select-Object -First 5'
|
|
|
|
PST_PAYLOAD=$(printf '%s' "$PST_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
PST_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PST_PAYLOAD")
|
|
PST_CMD_ID=$(echo "$PST_RESULT" | jq -r '.command_id')
|
|
|
|
# MaraHomeNew: remove old cert VPN, create L2TP connection
|
|
MARA_CMD='Remove-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -Force -ErrorAction SilentlyContinue; Write-Output "Old connection removed"; Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MSChapv2 -EncryptionLevel Optional -AllUserConnection -SplitTunneling -RememberCredential -Force; Write-Output "New L2TP connection created"; Get-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection | Select-Object Name,ServerAddress,TunnelType,AuthenticationMethod,SplitTunneling,AllUserConnection'
|
|
|
|
MARA_PAYLOAD=$(printf '%s' "$MARA_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
MARA_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$MARA_PAYLOAD")
|
|
MARA_CMD_ID=$(echo "$MARA_RESULT" | jq -r '.command_id')
|
|
|
|
echo "PST CMD: $PST_CMD_ID"
|
|
echo "MARA CMD: $MARA_CMD_ID"
|
|
```
|
|
Output: PST CMD: 22922a65-fda0-4a26-9bc4-41a25bce03c1
|
|
MARA CMD: 243c1614-e025-449a-ae48-1e13b5bfe7f4
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/22922a65-fda0-4a26-9bc4-41a25bce03c1" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ] && \
|
|
[ "$(curl -s "http://172.16.3.30:3001/api/commands/243c1614-e025-449a-ae48-1e13b5bfe7f4" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
|
|
echo "=== PST-SERVER RRAS ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/22922a65-fda0-4a26-9bc4-41a25bce03c1" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
echo ""
|
|
echo "=== MaraHomeNew connection setup ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/243c1614-e025-449a-ae48-1e13b5bfe7f4" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
```
|
|
Output: === PST-SERVER RRAS ===
|
|
VpnType:
|
|
|
|
|
|
RouterStatus:
|
|
|
|
|
|
IPsec config: VpnServerIPsecDefaultConfiguration
|
|
|
|
|
|
|
|
|
|
|
|
Routing and Remote Access Server Properties
|
|
|
|
|
|
--------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
IPv4 Router : LAN and demand-dial routing
|
|
|
|
|
|
|
|
|
|
|
|
IPv6 Router ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Test VPN on MaraHomeNew with credentials
|
|
MARA_CMD='$result = & rasdial "Peaceful Spirit VPN" pst-admin "24Hearts$" 2>&1; Write-Output $result'
|
|
MARA_PAYLOAD=$(printf '%s' "$MARA_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
MARA_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$MARA_PAYLOAD")
|
|
MARA_CMD_ID=$(echo "$MARA_RESULT" | jq -r '.command_id')
|
|
|
|
# Also check PST-SERVER RRAS PSK config
|
|
PST_CMD='netsh ras ip show config 2>&1; Write-Output "---IPsec PSK---"; (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\L2TP" -ErrorAction SilentlyContinue); Write-Output "---RRAS auth methods---"; netsh ras set authmode mode=allusers 2>&1; netsh ras show authmode 2>&1'
|
|
PST_PAYLOAD=$(printf '%s' "$PST_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
PST_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PST_PAYLOAD")
|
|
PST_CMD_ID=$(echo "$PST_RESULT" | jq -r '.command_id')
|
|
|
|
echo "MARA CMD: $MARA_CMD_ID"
|
|
echo "PST CMD: $PST_CMD_ID"
|
|
```
|
|
Output: MARA CMD: 5946e337-981c-4692-9f4b-2b8b6bf452f7
|
|
PST CMD: 3d5ab694-1553-48ed-b2ba-222f0cc097f7
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/5946e337-981c-4692-9f4b-2b8b6bf452f7" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ] && \
|
|
[ "$(curl -s "http://172.16.3.30:3001/api/commands/3d5ab694-1553-48ed-b2ba-222f0cc097f7" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
|
|
echo "=== VPN Test ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/5946e337-981c-4692-9f4b-2b8b6bf452f7" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{status, exit_code, stdout, stderr}'
|
|
echo ""
|
|
echo "=== PST RRAS PSK Config ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/3d5ab694-1553-48ed-b2ba-222f0cc097f7" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -40
|
|
```
|
|
Output: === VPN Test ===
|
|
{
|
|
|
|
"status": "completed",
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Connecting to Peaceful Spirit VPN...\r\nVerifying username and password...\r\n\r\nRemote Access error 691 - The remote connection was denied because the user name and password combination you provided is not recognized, or ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
Import-Module ActiveDirectory -ErrorAction SilentlyContinue
|
|
|
|
# Check pst-admin user
|
|
$user = Get-ADUser -Filter {SamAccountName -eq "pst-admin"} -Properties DialinPermission,msNPAllowDialin,Enabled,PasswordExpired,PasswordNeverExpires -ErrorAction SilentlyContinue
|
|
if ($user) {
|
|
Write-Output "pst-admin found:"
|
|
Write-Output " Enabled: $($user.Enabled)"
|
|
Write-Output " PasswordExpired: $($user.PasswordExpired)"
|
|
Write-Output " PasswordNeverExpires: $($user.PasswordNeverExpires)"
|
|
Write-Output " DialinPermission (msNPAllowDialin): $($user.msNPAllowDialin)"
|
|
} else {
|
|
Write-Output "pst-admin NOT FOUND in AD"
|
|
# List all domain users
|
|
Write-Output "Domain users:"
|
|
Get-ADUser -Filter * -Properties msNPAllowDialin | Select-Object SamAccountName,Enabled,msNPAllowDialin | Format-Table
|
|
}
|
|
|
|
# Check RRAS auth types
|
|
Write-Output "---Auth types---"
|
|
netsh ras show authtype 2>&1
|
|
|
|
# Check NPS policies
|
|
Write-Output "---NPS policies---"
|
|
Get-NpsNetworkPolicy -ErrorAction SilentlyContinue | Select-Object PolicyName,Enabled | Format-Table
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: pst-admin NOT FOUND in AD
|
|
|
|
|
|
Domain users:
|
|
|
|
|
|
|
|
|
|
|
|
SamAccountName Enabled msNPAllowDialin
|
|
|
|
|
|
-------------- ------- ---------------
|
|
|
|
|
|
Administrator False
|
|
|
|
|
|
Guest False
|
|
|
|
|
|
DefaultAccount False
|
|
|
|
|
|
localadmin ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
# Test VPN with sysadmin (vault password r3tr0gradE99!)
|
|
MARA_CMD='$r = & rasdial "Peaceful Spirit VPN" sysadmin "r3tr0gradE99!" 2>&1; Write-Output $r'
|
|
MARA_PAYLOAD=$(printf '%s' "$MARA_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
MARA_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$MARA_PAYLOAD")
|
|
MARA_CMD_ID=$(echo "$MARA_RESULT" | jq -r '.command_id')
|
|
|
|
# On PST-SERVER: reset pst-admin password to vault value
|
|
PST_CMD='Import-Module ActiveDirectory; Set-ADAccountPassword -Identity "pst-admin" -Reset -NewPassword (ConvertTo-SecureString "24Hearts$" -AsPlainText -Force); Write-Output "pst-admin password reset to vault value"'
|
|
PST_PAYLOAD=$(printf '%s' "$PST_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
PST_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PST_PAYLOAD")
|
|
PST_CMD_ID=$(echo "$PST_RESULT" | jq -r '.command_id')
|
|
|
|
echo "MARA CMD: $MARA_CMD_ID"
|
|
echo "PST CMD: $PST_CMD_ID"
|
|
```
|
|
Output: MARA CMD: bf11f040-4251-434b-ab90-99ecb934b977
|
|
PST CMD: f90ad1da-ebb9-4bd8-ad52-d8f93a3b1d89
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/bf11f040-4251-434b-ab90-99ecb934b977" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ] && \
|
|
[ "$(curl -s "http://172.16.3.30:3001/api/commands/f90ad1da-ebb9-4bd8-ad52-d8f93a3b1d89" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
|
|
echo "=== VPN test with sysadmin ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/bf11f040-4251-434b-ab90-99ecb934b977" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{exit_code, stdout, stderr}'
|
|
|
|
echo ""
|
|
echo "=== pst-admin password reset ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/f90ad1da-ebb9-4bd8-ad52-d8f93a3b1d89" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{exit_code, stdout, stderr}'
|
|
```
|
|
Output: === VPN test with sysadmin ===
|
|
{
|
|
|
|
"exit_code": 0,
|
|
|
|
"stdout": "Connecting to Peaceful Spirit VPN...\r\nVerifying username and password...\r\n\r\nRemote Access error 691 - The remote connection was denied because the user name and password combination you provided is not recognized, or the selecte ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Check NPS service
|
|
$nps = Get-Service "IAS" -ErrorAction SilentlyContinue
|
|
Write-Output "NPS service status: $($nps.Status)"
|
|
|
|
# Check if RRAS is using NPS or Windows auth
|
|
netsh ras show authmode 2>&1
|
|
netsh ras show authtype 2>&1
|
|
|
|
# Check RRAS event log for recent auth failures
|
|
Write-Output "--- Recent RRAS auth events ---"
|
|
Get-WinEvent -LogName "System" -MaxEvents 50 -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.ProviderName -match "RasMan|RemoteAccess" -and $_.TimeCreated -gt (Get-Date).AddMinutes(-5) } |
|
|
Select-Object TimeCreated, Id, Message | Format-List
|
|
|
|
# Check Security event log for logon failures
|
|
Write-Output "--- Recent failed logons ---"
|
|
Get-WinEvent -LogName "Security" -MaxEvents 20 -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.Id -eq 4625 -and $_.TimeCreated -gt (Get-Date).AddMinutes(-5) } |
|
|
Select-Object TimeCreated, Message | ForEach-Object { $_.Message[0..300] }
|
|
|
|
# NPS event log
|
|
Write-Output "--- NPS events ---"
|
|
Get-WinEvent -LogName "Security" -MaxEvents 10 -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.Id -in @(6272,6273,6274) -and $_.TimeCreated -gt (Get-Date).AddMinutes(-5) } |
|
|
ForEach-Object { "Event $($_.Id): $($_.Message[0..200])" }
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -80
|
|
```
|
|
Output: NPS service status: Running
|
|
|
|
|
|
authentication mode = standard
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enabled Authentication Types:
|
|
|
|
|
|
|
|
|
|
|
|
Code Meaning
|
|
|
|
|
|
------------------------------------------
|
|
|
|
|
|
MSCHAPv2 Microsoft Challenge-Handshake Authent ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Test sysadmin credentials locally
|
|
$cred = New-Object System.Management.Automation.PSCredential("PEACEFULSPIRIT\sysadmin", (ConvertTo-SecureString "r3tr0gradE99!" -AsPlainText -Force))
|
|
$result = & net use \\PST-SERVER\IPC$ /user:PEACEFULSPIRIT\sysadmin "r3tr0gradE99!" 2>&1
|
|
Write-Output "Net use result: $result"
|
|
& net use \\PST-SERVER\IPC$ /delete 2>&1 | Out-Null
|
|
|
|
# Check RRAS logfile location
|
|
Write-Output "--- RRAS log file ---"
|
|
$logPath = "C:\Windows\System32\logfiles"
|
|
if (Test-Path $logPath) {
|
|
Get-ChildItem $logPath | Select-Object Name, LastWriteTime, Length
|
|
}
|
|
|
|
# Check newer Security events - wider window
|
|
Write-Output "--- Security failed logons (last 30 min) ---"
|
|
Get-WinEvent -LogName "Security" -MaxEvents 100 -ErrorAction SilentlyContinue |
|
|
Where-Object { $_.Id -eq 4625 -and $_.TimeCreated -gt (Get-Date).AddMinutes(-30) } |
|
|
Select-Object -First 5 | ForEach-Object {
|
|
$xml = [xml]$_.ToXml()
|
|
$data = $xml.Event.EventData.Data
|
|
"Time: $($_.TimeCreated) | User: $(($data|?{$_.Name-eq'TargetUserName'}).'#text') | Failure: $(($data|?{$_.Name-eq'SubStatus'}).'#text')"
|
|
}
|
|
|
|
# Check if RRAS is configured for RADIUS vs Windows auth
|
|
Write-Output "--- RRAS RADIUS config ---"
|
|
netsh ras show registeredserver 2>&1
|
|
Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy" -ErrorAction SilentlyContinue
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: Net use result: System error 67 has occurred.
|
|
|
|
|
|
The network name cannot be found.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--- RRAS log file ---
|
|
|
|
|
|
|
|
|
|
|
|
Name LastWriteTime Length
|
|
|
|
|
|
---- ------------- ------
|
|
|
|
|
|
Firewall 7/16/2016 6:23:22 AM
|
|
|
|
|
|
HTTPERR ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
PS_CMD='Get-Content "C:\Windows\System32\logfiles\IN2605.log" | Select-Object -Last 50'
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: "PST-SERVER","RAS",05/10/2026,17:53:30,1,"PEACEFULSPIRIT\apst-admin","PEACEFULSPIRIT\apst-admin","192.168.0.2","129.222.129.171",,,"PST-SERVER",,191,,,"PST-SERVER",,,5,,1,2,5,,0,"311 1 fe80::bc22:8661:b9d8:b119 05/05/2026 14:32:59 1",,,,,,,,,,,,,,,,,,9,1,"129.222.129.171","192.168.0.2",,,,,,,"MSRASV ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_token // .data.token // empty')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# NPS event log
|
|
Write-Output "=== NPS Operational Events (last 20) ==="
|
|
Get-WinEvent -LogName "Microsoft-Windows-RRAS-NPS/Operational" -MaxEvents 20 -ErrorAction SilentlyContinue |
|
|
ForEach-Object { "[$($_.TimeCreated)] Id:$($_.Id) - $($_.Message[0..150])" }
|
|
|
|
# Check NPS policies via netsh
|
|
Write-Output "=== NPS Connection Request Policies ==="
|
|
netsh nps show crp 2>&1
|
|
|
|
Write-Output "=== NPS Network Policies ==="
|
|
netsh nps show np 2>&1
|
|
|
|
# Check if logging is enabled
|
|
Write-Output "=== NPS Accounting Config ==="
|
|
netsh nps show accounting 2>&1
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout' | head -120
|
|
```
|
|
Output: === NPS Operational Events (last 20) ===
|
|
|
|
|
|
=== NPS Connection Request Policies ===
|
|
|
|
|
|
|
|
|
|
|
|
Connection request policy configuration:
|
|
|
|
|
|
---------------------------------------------------------
|
|
|
|
|
|
Name = Use Windows authentication for all users
|
|
|
|
|
|
State = Enabled
|
|
|
|
|
|
Processing ord ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token // .access_transaction // .data.token // empty')
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
Import-Module ActiveDirectory
|
|
|
|
# Look up the SID from the NPS policy condition
|
|
$sid = "S-1-5-21-1105246401-3156558273-4088333098-1113"
|
|
$obj = Get-ADObject -Filter {objectSid -eq $sid} -Properties Name,SamAccountName,ObjectClass -ErrorAction SilentlyContinue
|
|
Write-Output "SID $sid resolves to: $($obj.Name) ($($obj.ObjectClass))"
|
|
|
|
# Also look up SID via .NET
|
|
try {
|
|
$ntAcc = (New-Object System.Security.Principal.SecurityIdentifier($sid)).Translate([System.Security.Principal.NTAccount])
|
|
Write-Output "Translated: $ntAcc"
|
|
} catch { Write-Output "Translation failed: $_" }
|
|
|
|
# List AD groups
|
|
Write-Output "--- AD groups ---"
|
|
Get-ADGroup -Filter * | Select-Object Name,SamAccountName | Format-Table
|
|
|
|
# Get pst-admin group membership
|
|
Write-Output "--- pst-admin groups ---"
|
|
(Get-ADUser "pst-admin" -Properties MemberOf).MemberOf | ForEach-Object { (Get-ADObject $_).Name }
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: SID S-1-5-21-1105246401-3156558273-4088333098-1113 resolves to: WseRemoteAccessUsers (group)
|
|
|
|
|
|
Translated: PEACEFULSPIRIT\WseRemoteAccessUsers
|
|
|
|
|
|
--- AD groups ---
|
|
|
|
|
|
|
|
|
|
|
|
Name SamAccountName
|
|
|
|
|
|
---- ---------- ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
|
|
read -r -d '' PS_CMD << 'PSEOF'
|
|
# Get full NPS network policy for the allow policy
|
|
Write-Output "=== Full NPS network policy {502F...} ==="
|
|
netsh nps show np name="{502F03DC-1EC9-49A9-811A-99BA53619319}" 2>&1
|
|
|
|
# Check last write time of NPS log vs now
|
|
Write-Output "=== NPS log freshness ==="
|
|
$logFile = "C:\Windows\System32\logfiles\IN2605.log"
|
|
Write-Output "Log last written: $((Get-Item $logFile).LastWriteTime)"
|
|
Write-Output "Current time: $(Get-Date)"
|
|
Write-Output "Log size: $((Get-Item $logFile).Length) bytes"
|
|
|
|
# Force a test VPN auth locally on PST-SERVER from MaraHomeNew IP to see what logs
|
|
Write-Output "=== Check NPS log now after testing ==="
|
|
# Re-read last 5 lines to confirm no new entries
|
|
Get-Content $logFile | Select-Object -Last 5
|
|
PSEOF
|
|
|
|
PAYLOAD=$(printf '%s' "$PS_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PAYLOAD")
|
|
CMD_ID=$(echo "$RESULT" | jq -r '.command_id')
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
curl -s "http://172.16.3.30:3001/api/commands/$CMD_ID" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === Full NPS network policy {502F...} ===
|
|
|
|
|
|
The parameter is incorrect.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
show np
|
|
|
|
|
|
|
|
|
|
|
|
Shows network policy configuration.
|
|
|
|
|
|
|
|
|
|
|
|
=== NPS log freshness ===
|
|
|
|
|
|
Log last written: 05/11/2026 11:56:31
|
|
|
|
|
|
Current time: 05/22/2026 13:29:31
|
|
|
|
|
|
Log size: 5501 bytes
|
|
|
|
|
|
=== Check NPS log now after testi ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# PST-SERVER: check L2TP IPsec PSK and custom IPsec policy status
|
|
PST_CMD='Write-Output "=== RRAS IPsec policy ==="; Get-VpnServerIPsecConfiguration 2>&1; Write-Output "=== Custom IPsec PSK check ==="; (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ikev2" -ErrorAction SilentlyContinue).PreSharedKey; Write-Output "---L2TP IPsec custom policy---"; netsh ras ipsec show customconfiguration 2>&1; Write-Output "=== UDP port listeners ==="; netstat -ano | findstr ":500 \|:4500 \|:1701 " | head -10'
|
|
|
|
PST_PAYLOAD=$(printf '%s' "$PST_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
PST_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PST_PAYLOAD")
|
|
PST_CMD_ID=$(echo "$PST_RESULT" | jq -r '.command_id')
|
|
|
|
# MaraHomeNew: try rasdial WITHOUT IPsec to test if 691 changes to 789
|
|
MARA_CMD='Set-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -AuthenticationMethod MSChapv2 -EncryptionLevel Optional -Force; $result = & rasdial "Peaceful Spirit VPN" pst-admin "24Hearts$" 2>&1; Write-Output $result'
|
|
MARA_PAYLOAD=$(printf '%s' "$MARA_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
MARA_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$MARA_PAYLOAD")
|
|
MARA_CMD_ID=$(echo "$MARA_RESULT" | jq -r '.command_id')
|
|
|
|
echo "PST: $PST_CMD_ID MARA: $MARA_CMD_ID"
|
|
```
|
|
Output: PST: 1a4a9faa-e826-42b0-81cd-34d2b597e020 MARA: 6a345bf1-a3f0-4fde-ace0-6a4f1fdc9984
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token')
|
|
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/1a4a9faa-e826-42b0-81cd-34d2b597e020" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ] && \
|
|
[ "$(curl -s "http://172.16.3.30:3001/api/commands/6a345bf1-a3f0-4fde-ace0-6a4f1fdc9984" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
|
|
echo "=== PST-SERVER L2TP PSK/IPsec ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/1a4a9faa-e826-42b0-81cd-34d2b597e020" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
|
|
echo ""
|
|
echo "=== MaraHomeNew VPN test ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/6a345bf1-a3f0-4fde-ace0-6a4f1fdc9984" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === PST-SERVER L2TP PSK/IPsec ===
|
|
=== RRAS IPsec policy ===
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EncryptionType : MaximumEncryption
|
|
|
|
|
|
Ikev2Ports : 10
|
|
|
|
|
|
SstpPorts : 50
|
|
|
|
|
|
GrePorts : 50
|
|
|
|
|
|
IdleDisconnect(s) : 300
|
|
|
|
|
|
L2tpPorts ... [truncated]
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token')
|
|
PST_AGENT="6b6106a7-8515-4b6b-857d-0dc6ede53f35"
|
|
MARA_AGENT="c778b6a3-c646-4454-a065-8c8bdcb1578e"
|
|
|
|
# PST-SERVER: check UCG port forwards via SSH from LAN
|
|
PST_CMD='$sshExe = "C:\Windows\System32\OpenSSH\ssh.exe"; $result = & $sshExe -o StrictHostKeyChecking=no -o ConnectTimeout=5 -o BatchMode=yes root@192.168.0.10 "show port-forward" 2>&1; if ($LASTEXITCODE -ne 0) { & $sshExe -o StrictHostKeyChecking=no -o ConnectTimeout=5 root@192.168.0.10 "show port-forward" 2>&1 } else { $result }'
|
|
PST_PAYLOAD=$(printf '%s' "$PST_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
PST_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$PST_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$PST_PAYLOAD")
|
|
PST_CMD_ID=$(echo "$PST_RESULT" | jq -r '.command_id')
|
|
|
|
# MaraHomeNew: try SSTP instead
|
|
MARA_CMD='Remove-VpnConnection -Name "Peaceful Spirit VPN" -AllUserConnection -Force -ErrorAction SilentlyContinue; Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType Sstp -AuthenticationMethod MSChapv2 -EncryptionLevel Optional -AllUserConnection -SplitTunneling -RememberCredential -Force; Write-Output "SSTP connection created"; $result = & rasdial "Peaceful Spirit VPN" pst-admin "24Hearts$" 2>&1; Write-Output $result'
|
|
MARA_PAYLOAD=$(printf '%s' "$MARA_CMD" | jq -Rs '{"command_type":"powershell","command":.}')
|
|
MARA_RESULT=$(curl -s -X POST "http://172.16.3.30:3001/api/agents/$MARA_AGENT/command" \
|
|
-H "Authorization: Bearer $TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$MARA_PAYLOAD")
|
|
MARA_CMD_ID=$(echo "$MARA_RESULT" | jq -r '.command_id')
|
|
|
|
echo "PST: $PST_CMD_ID MARA: $MARA_CMD_ID"
|
|
```
|
|
Output: PST: 9302a07e-92bb-4ca7-869c-8ab5be2c8af4 MARA: fe258e8e-1869-431a-b0ab-e9c7b062ac13
|
|
|
|
```
|
|
TOKEN=$(curl -s -X POST "http://172.16.3.30:3001/api/auth/login" \
|
|
-H "Content-Type: application/json" \
|
|
-d '{"email":"claude-api@azcomputerguru.com","password":"ClaudeAPI2026!@#"}' | jq -r '.token')
|
|
|
|
until [ "$(curl -s "http://172.16.3.30:3001/api/commands/9302a07e-92bb-4ca7-869c-8ab5be2c8af4" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ] && \
|
|
[ "$(curl -s "http://172.16.3.30:3001/api/commands/fe258e8e-1869-431a-b0ab-e9c7b062ac13" -H "Authorization: Bearer $TOKEN" | jq -r '.status')" != "running" ]; do sleep 2; done
|
|
|
|
echo "=== UCG port forwards ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/9302a07e-92bb-4ca7-869c-8ab5be2c8af4" \
|
|
-H "Authorization: Bearer $TOKEN" | jq '{exit_code, stdout, stderr}'
|
|
|
|
echo ""
|
|
echo "=== SSTP test on MaraHomeNew ==="
|
|
curl -s "http://172.16.3.30:3001/api/commands/fe258e8e-1869-431a-b0ab-e9c7b062ac13" \
|
|
-H "Authorization: Bearer $TOKEN" | jq -r '.stdout'
|
|
```
|
|
Output: === UCG port forwards ===
|
|
{
|
|
|
|
"exit_code": 1,
|
|
|
|
"stdout": "",
|
|
|
|
"stderr": "& : The term 'C:\\Windows\\System32\\OpenSSH\\ssh.exe' is not recognized as the \r\nname of a cmdlet, function, script file, or operable program. Check the \r\nspelling of the name, or if a path was included, verify that t ... [truncated]
|
|
|
|
## Pending / Incomplete Tasks
|
|
|
|
- Adjust NPS policy to allow dial-in for the 'WseRemoteAccessUsers' group.
|
|
- Investigate why recent L2TP attempts are not logging in the NPS system.
|
|
- Confirm if the UCG port forwards and SSTP configuration are correctly set up to avoid IPsec issues.
|
|
|
|
## Reference Information
|
|
|
|
_Machine-extracted verbatim from the whole transcript via regex. Treat as leads, not gospel; deduped._
|
|
|
|
- **URLs:** https://rmm.azcomputerguru.com, http://172.16.3.30:3001/api/clients, https://rmm-api.azcomputerguru.com, http://172.16.3.30:3001, http://172.16.3.30:3001/api/auth/login, https://rmm.azcomputerguru.com., http://172.16.3.30:3001`, http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl, http://www.microsoft.com/pkiops/crl/Microsoft%20TPM%20Root%20Certificate%20Authority%202014.crl, http://crl.globalsign.net/primobject.crl, http://PST-SERVER/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl`, http://98.190.129.150/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl, http://PST-SERVER/CertEnroll/`, http://172.16.3.30:3001/api/commands/40fc063c-ae5c-464b-9283-7e8947b20d65, http://72.194.62.5/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl, http://72.194.62.5/CertEnroll/PEACEFULSPIRIT-PST-SER, https://azcomputerguru.com/CertEnroll/PEACEFULSPIRIT-PST-SERVER-CA.crl, https://a.nel.cloudflare.com/report/v4?s=%2BtZZ5GvqsioDxm7lnhQxafE3d53gwfoMbkhHTTn2sQpXvwP0yEJJ9H49aj1pYt2gEtTih8ZhFJiIjaj1bQDC1ToLtIQca%2Bcc%2Frk5b0xIoExskjZYy4gQ2P%2BDogepqnm6XqXzOw%3D%3D, http://172.16.3.30:3001/api/agents/, http://172.16.3.30:3001/api/comma, http://72.194.62.5/CertEnroll/`., http://172.16.3.30:3001/api/auth/login`,, http://172.16.3.30:3001/api/commands/d44d6d04-efc2-477a-8cd5-12cd89bec1a1, http://172.16.3.30:3001/api/commands/ce0d21c9-713b-4f39-a663-4e80ecc46010, http://172.16.3.30:3001/api/commands/86505a98-0dc9-49e3-93f8-a94b3794e372, http://172.16.3.30:3001/api/commands/99a5f097-775c-4938-a59c-2c11ace7ce72, http://PST-SERVER/CertEnroll/...`, http://172.16.3.30:3001/api/agents, http://172.16.3.30:3001/api/commands/022a5d46-c935-4187-b80d-4c2e0695cc24, http://172.16.3.30:3001/api/aut
|
|
- **IPs:** `172.16.3.30`, `172.16.3.36`, `98.190.129.150`, `192.168.0.2`, `192.168.0.240`, `172.16.3.10`, `72.194.62.5`, `3.20.0.3`, `104.26.9.237`, `2.5.29.15`, `2.5.29.14`, `2.5.29.17`, `2.5.29.35`, `2.5.29.20`, `192.168.0.0`, `192.168.0.10`, `0.0.0.0`, `1.0.0.0`, `129.222.129.171`
|
|
- **Ticket numbers:** #32271
|