Saturday, February 11, 2017

Powershell - Uninstall Packages Remotely

Recently I have been contemplating how I could more efficiently uninstall or view packages that a user has installed on their computer and then uninstall those packages remotely without having to take the time of the user to do so through a remote interactive session.  


I have written the below Powershell script which will prompt you for the computers name or IP Address that you are working with.  Then it will display the installed programs (Notice in the script you can filter by a package name like Java).  Then you can call the package or packages you would like to uninstall by its name.  If your user account is recognized as a local administrator on the computer you should not have an issue.  It does allow you to use other credentials if necessary.



#Powershell program to remove packages that are specified by the user

function remove-Package($package, $compName, $credName) {
    If ($credName -eq $env:USERNAME) {
        $s = Get-WmiObject -Class Win32_Product -ComputerName $compName | Where-Object { $_.Name -match $package }
    }
    Else {
        $s = Get-WmiObject -Class Win32_Product -ComputerName $compName -Credential $credName | Where-Object { $_.Name -match $package }
    }
    If ($s) {
        Write $s | Format-Table Name, Version, IdentifyingNumber
        $uninstallPrompt = Read-Host -Prompt "Uninstall the above package(s) (y/n)"
        If ($uninstallPrompt -eq "Y" -or $uninstallPrompt -eq "y") {
            $s.Uninstall()
        }
        Else {
            Write "Aborted uninstall..."
        }
    }
    Else {
        Write "Error uninstalling $package"
    }
}

# Remote Computer Selection or . for localhost
Write ""
Write "This program is designed to display a list of applications on a computer,"
Write "allow you to choose which one to uninstall, and then uninstall it without"
Write "having to interact with the user."
Write ""
$cName = Read-Host -Prompt "Target Computer Name or IP Address (. for localhost)"
$uPrompt = Read-Host -Prompt "Use your account to connect to remote computer (y/n)"
If ($uPrompt -eq "Y" -or $uName -eq "y") { 
    $uName -eq $env:USERNAME 
}
Else {
    $uName = Read-Host -Prompt "Enter Username to Use" 
}

# List all packages on the computer
If ($uName -eq $env:USERNAME) {
    #$all = Get-WmiObject -Class Win32_Product -Filter "Name LIKE '%Java%'"
    $all = Get-WmiObject -Class Win32_Product -ComputerName $cName
}
Else {
    #$all = Get-WmiObject -Class Win32_Product -Filter "Name LIKE '%Java%'"
    $all = Get-WmiObject -Class Win32_Product -ComputerName $cName -Credential $uName
}
If ($all) {
    Write $all | Sort Name, Version | Format-Table Name, Version
    Write ""
    $userInput = Read-Host -Prompt "Uninstall a Package Listed Above (y/n)"

    DO
    {

        If ($userInput -eq "Y" -or $userInput -eq "y") {
            $packageInput = Read-Host -Prompt "Copy or Type the Name of the Package as shown above to Uninstall"
            remove-Package -package $packageInput -compName $cName -credName $uName
        }

        If ($userInput -eq "Y" -or $userInput -eq "y") {
            $userInput = Read-Host -Prompt "Uninstall another Package (y/n)"
        }

    } While ($userInput -eq "Y" -or $userInput -eq "y")
}


f


Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...