Tryhackme запись журналов событий windows

I am looking for that line from .vbproj:

<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">

here is my script:

$xml = [xml](Get-Content $xmlFile)
$propertyGroup = $xml.SelectSingleNode("//PropertyGroup[@Condition= ""''`$(Configuration)|`$(Platform)'' == ''Debug|AnyCPU''""]")
if ($propertyGroup) { Write-Host 'Element found.'
} else { Write-Host 'Element not found.'
}

Igor_K's user avatar

$xml.SelectSingleNode("//PropertyGroup[normalize-space(translate(@Condition,`"'$`",`"`"))='(Configuration)|(Platform) == Debug|AnyCPU']")

We escape ” and $ characters and use translate function to do it only once.

Another option with contains and no escaping :

$xml.SelectSingleNode("//PropertyGroup[contains(@Condition,'(Configuration)') and contains(@Condition,'(Platform)') and contains(@Condition,'Debug') and contains(@Condition,'AnyCPU')]")

E.Wiest's user avatar

2 gold badges8 silver badges12 bronze badges

Winson Yau

Stackademic

Introduction

Website automation health check typically refers to proactively monitoring and testing a website or web application to identify issues before they impact customers. Today I will show you how to monitor the website uptime and auto login the website for checking.

Why Powershell

Why would I use Powershell for auto health checking? Powershell is the native application in Windows, so you don’t need to install other software or environment and just can use it, this will be very convenient for some companies’ servers, maybe for some security reasons that do not allow to installation of any 3 party software in the server, and it also needs to handle the auto health check service on schedule, in this time, the powershell is the best choice!

Are you want to be a good trading in cTrader? >> TRY IT! <<

Preparation

1) Create an empty folder for your project, e.g. AutoHealthCheck
2) Create a libs folder, we will put the preparation libraries in it
3) Download the Selenium

We bill based on Selenium for the auto testing, so the first thing we need to download the Selenium web driver. We just need the WebDriver.dll, so go to Nuget and download the Selenium.WebDriver package (the latest version is 4.12.4 this time)

Rename the selenium.webdriver.4.12.4.nupkg to selenium.webdriver.4.12.4.zip and unzip it, copy the below file to your project libs folder

4) Download the latest chrome driver below, it must be based on your chrome version

put the chromedriver.exe file into your project libs folder

Start Coding

Even just a simple program and only a single file will be ok, but I think we still need to design the flow and some helper functions:

1. Workflow

1) We will create a PowerShell script file and put it into Windows’s schedule for auto-run
2) There should be a setting file for controlling which website we need to check
3) For security reasons, if we need to check the login page it needs to encrypt the password in the settings file
4) The script will auto-call Chrome to access the URL and check whether the element exists based on the setting value
5) It needs to write a log for checking the result

Okay, we need to accomplish the above function, we can create some helper functions first.

2. Write Log Function

The log is very important and can help us to find the issue, and we can easily write log in PowerShell with below

and define the log file name and path

$LogFileName = (Get-Date).toString("yyyyMMdd-HHmmss")
$Logfile = "$RootFloder\logs\$LogFileName.log"

3. Read INI File Function

We will use the ini file for a setting file, the structure will be as below

I will explain these later, for now, if we want to read this file, we can create the below function

and usage as below

4. Send Email Function

This is an auto-schedule task so we should send an email for notification after done, we can create the below send email function, and it will attach the log file

5. Use the Selenium in Powershell

There is a Selenium PowerShell Module for help to use Selenium in PowerShell. But I think the module it’s too complex(there are many functions unnecessary to use in this case) and maybe some companies would not allow to installation of any 3-party PowerShell module, so I will write the logic by myself 🙂

1) Import the Selenium

There are 3 options to import the Selenium library

2) Create the Chrome option

We can create the chrome option to set how the chromedriver works, for example, set the maximize window or use the chrome extensions

$ChromeOption = New-Object OpenQA.Selenium.Chrome.ChromeOptions 
$ChromeOption.AddExcludedArgument("enable-automation") 
$ChromeOption.AddArguments("--start-maximized") 
#$ChromeOption.AddArguments('--headless') #don't open the browser
# Ignore the SSL non secure issue
$ChromeOption.AcceptInsecureCertificates = $true
# Create a new ChromeDriver Object instance.
$ChromeDriver = New-Object OpenQA.Selenium.Chrome.ChromeDriver($ChromeOption)

If the checking website does not support SSL, it needs to ignore it, so we need to use the Chrome option for that

:/> Как отформатировать SD-карту с помощью CMD Windows 11

6. Get the Settings from Ini

We need to get the settings from ini file as below

$CheckItems = Get-IniFile "$RootFloder\config.ini"

foreach the result

7. Get the Element

We can get the website element with XPath with Selenium in PowerShell, so there are some settings in out ini, we define what element should be found

The about testing site is my previous article’s demo project.

And we can find the XPath in chrome like below

1) Right click the element and inspect it
2) Right click the HTML code with the element and Copy => Copy XPath, then just copy into your ini file

We can use the below code to get the element by XPath in PowerShell

and you also can execute the Javascript in this element

8. Encrypt and Decrypt the Password

When we want to auto login to a website for testing, we need to put the password in the setting file, but that’s a security issue if we just set the password directly, so we need to encrypt it.

We can put the password into an encrypted file (e.g. login_info.dat) and decrypt it when we need to use it.

Create another PowerShell script file, put the below codes

8. Auto Login to the Website

I will show you how to automate login to a website. We still use the demo project :

9. Find the Element by Tag Name

We also can find the element by tag name, for example below structure

and then get the element by tag name, because there will be multiple elements with a tag, so if you want to get the first one, just get the index 0 as below

of course, you can find the tag name directly, but there are many tags on a page, so if you find the tag based on the parent will be easy to find it

In the end, we can create a batch file to execute the Powershell script so that it can be easy to use

Conclusion

PowerShell is a powerful script for handling many server-side problems, it very suitable for use in some servers that’s require a lot of security restrictions. You can find the full source code in github.

https://www.buymeacoffee.com/winsonet

Stackademic

Thank you for reading until the end. Before you go:

Please consider clapping and following the writer! 👏
Follow us on Twitter(X), LinkedIn, and YouTube.
Visit Stackademic.com to find out more about how we are democratizing free programming education around the world.

Toumo

Image from tryhackme.com

After learning about the tool suite, Sysinternals, we are now going to be learning about logs, specifically Windows Event Logs. I’m familiar with it but I haven’t really delved too far in into it. It’s good they mentioned how it can be useful with SIEMs as a few of the Splunk labs in TryHackMe had me looking into logs. I think this is just a good module overall to understand a bit more about what the logs mean and how to extract relevant information from it.

The command

Trust the certificate

Success!

Task 2 Event Viewer

1: What is the Event ID for the first recorded event?

We will be heading over to a specific log for this and the next few questions. Open event viewer in the machine by right clicking the start menu (Windows icon) at the bottom left and click event viewer. There are multiple ways to do this but I did it this way.

Event viewer should open up. On the left side, we will navigate to our folder that we need. Expand “Applications and Services Logs” then “Microsoft” then “Windows” then “Powershell” and finally click on “Operational.” This is where we will be working in.

:/> Cmd. exe - что это? Cmd. exe - ошибка приложения

After expanding Windows folder, scroll down and look for Powershell

Scroll down to find this!

Once you are here, click on “Date and Time” to rearrange it and scroll either to the bottom or top to look for the earliest date. This specific entry’s Event ID will be the answer.

2: Filter on Event ID 4104. What was the 2nd command executed in the PowerShell session?

I did this by filtering the current log. It is located on the right side of event viewer. Click on “Filter Current Log” and a new window should pop up.

Enter “4104” where <All Event IDs> is at. In the picture below, you will see where I entered “4104.”

Click ok and the PowerShell’s Operational log will only display entries with 4104 for the Event ID. Look for the second earliest entry and look at the General tab to see what the entry says. In this case, logged what command was used.

3: What is the Task Category for Event ID 4104?

Read the “Task Category” column to find the answer.

Answer: Execute a Remote Command

4: Analyze the Windows PowerShell log. What is the Task Category for Event ID 800?

Looks like we are going to be changing locations for this question. Head all the way to the bottom to find “Windows PowerShell.” If you don’t see it, the path should be Event Viewer (Local) > Applications and Services Logs > Microsoft > Windows PowerShell

Now we look for an entry with 800 for their event ID and then look at the task category.

Answer: Pipeline Execution Details

Task 3 wevtutil.exe

1: How many log names are in the machine?

We are using PowerShell now. Open PowerShell by clicking on the blue icon on the bottom left.

2: What event files would be read when using the query-events command?