Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

is there a way to pass the password to cytool via cmd?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

is there a way to pass the password to cytool via cmd?

L1 Bithead

let say I want to run protect disable on 100 computers....  I tried the following but didn't work:

 

C:\PSTools>psexec -i -d -s \\pc100 cmd /c echo 5Nstall22#| "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect disable

5Nstalll22# is the pass....

 

thank you!

5 REPLIES 5

L1 Bithead

btw:

 

echo 5Nstall22#| "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect disable

 

this works locally...

Try this:

 

wmic /node:"COMPUTERNAME" process call create "cmd /c echo 5Nstall22# | 'c:\program files\Palo Alto Networks\Traps\cytool.exe' protect disable"

 

If that doesn't work, you can try the following bat:

 

@echo off

echo echo 5Nstall22# ^| "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect disable > c:\tmp\cytool.bat

wmic /node:"COMPUTERNAME" process call create "cmd /c c:\tmp\cytool.bat"

 

You also have other possibilities by running, one time, remote scheduled tasks. You have options.

thank you!  the results I got was:

Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 5032;
ReturnValue = 0;
};

--------------------------------------------------

yet the query shows its still Enabled...

--------------------------------------------------

c:\PSTools>psexec -i -d -s \\9020m-77 cmd /c "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect query
Connecting to 9020m-77...Protection Mode State
Process Enabled Enabled
Registry Enabled Enabled
File Enabled Enabled
Service Enabled Enabled
Starting cmd on 9020m-77...ice on 9020m-77...
cmd started on 9020m-77 with process ID 5044.

 

-----------------------------------------------

 

Thank you though, you are right, I have other options... I decided to just use the web console to update the agents...  it was more of a challenge and if it did work, I would use it in the future in other cases where its needed.

L0 Member

You have to make sure there is no space between the end of the password and the | otherwise the space is included as part of the password.

L0 Member

You can also use a PowerShell script for that, e.g. for a list of servers, like:

param(
[Parameter(Mandatory = $true)]
[string[]]$servers
)
Set-Location -Path $PSScriptRoot

# Assuming $Secret:cortexpass is how you're securely storing and accessing the password
# Ensure you have a secure method to access this password in the context of the remote session
$password = $Secret:cortexpass
$cytoolPath = 'C:\Program Files\Palo Alto Networks\Traps\cytool.exe'

$scriptBlock = {
param($password, $cytoolPath)
$processStartInfo = New-Object System.Diagnostics.ProcessStartInfo
$processStartInfo.FileName = $cytoolPath
$processStartInfo.Arguments = "protect disable"
$processStartInfo.RedirectStandardInput = $true
$processStartInfo.UseShellExecute = $false
$process = [System.Diagnostics.Process]::Start($processStartInfo)
$process.StandardInput.WriteLine($password)
$process.StandardInput.Close()
$process.WaitForExit()
}

foreach ($server in $servers) {
try {
Invoke-Command -ComputerName $server -ScriptBlock $scriptBlock -ArgumentList $password, $cytoolPath
Write-Output "Successfully disabled tamper protection on $server."
} catch {
Write-Output "Failed to disable tamper protection on $server. Error: $_"
}
}

 

  • 10466 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!