eddxavier
commented
2 years ago Hi, you need to get api keys from your subscription for it to work, also the CID it's empty, you seem to be putting the CID as a client secret which also will cause it not to work.
On Thu, Jun 23, 2022, 18:57 smajicek @.***> wrote:
$service = Get-Service -Name csagent -ErrorAction SilentlyContinue $filepath = "C:\Windows\Temp\CsInstall" ## Custom folder where packages should be downloaded to $filename = "WindowsSensor.exe" $fullfilepath = $filepath + $filename $CID="" ## CID available on https://falcon.crowdstrike.com/hosts/sensor-downloads, URL might differ according to cloud region, this was considering US-1 $client_id = "" ## Obtain API keys here https://falcon.crowdstrike.com/support/api-clients-and-keys, URL might differ according to cloud region, this was considering US-1 $client_secret = "AA13B12A9B024DC5BFC762D6748-2C" $GetSensorsURL = " https://falcon.laggar.gcw.crowdstrike.com/srv/download-package?csrf=5snZb3Tvhv8tuU0OLQ6KPzkabuc=6f3a6b22f8c2838b1e4fad754dbb6d205d4d9e2954bcf3ee72ac3646a63b20668e3239312572dc9fddd9c39b03031fcda7cbe41b&file=metahash%2B%7Bcs-csgov-common-binaries%7D%2Fcrowdstrike%2Fv135%2FWindowsSensor.GovLaggar.exe"
URL might differ according to cloud region, this was considering US-1
if ($service -eq $null) { Imports hash validation to comply with PS 2.0
function Get-Hash{ param ( [string] $Path )
$HashAlgorithm = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider;
$Hash = [System.BitConverter]::ToString($hashAlgorithm.ComputeHash([System.IO.File]::ReadAllBytes($Path)));
$Properties = @{'Algorithm' = 'SHA256';
'Path' = $Path; 'Hash' = $Hash.Replace('-', ''); };$Ret = New-Object –TypeName PSObject –Prop $Properties
return $Ret;
} Imports JSON convertion to comply with PS 2.0
function ConvertFrom-JsonString { [CmdletBinding()] param( [Parameter(Mandatory=$true, ValueFromPipeline=$true)] [string] $Json )
Add-Type -AssemblyName System.Web.Extensions $jsSerializer = New-Object Web.Script.Serialization.JavaScriptSerializer return $jsSerializer.DeserializeObject($json) } Downloads Falcon Sensor one version below the latest available
function DownloadFalconSensor { $requestUri = "https://api.crowdstrike.com/oauth2/token" $requestBody = "client_id=$client_id&client_secret=$client_secret" $InvokeWebRequest = New-Object System.Net.WebClient
$InvokeWebRequest.Headers.add('Content-Type','application/x-www-form-urlencoded') $access_tokenjson = $InvokeWebRequest.UploadString($requestUri, $requestBody) | ConvertFrom-JsonString $accesstoken = $access_tokenjson.values | Select-Object -First 1 $webClient = New-Object System.Net.WebClient $webClient.Headers.add('accept','application/json') $webClient.Headers.add('authorization','bearer ' + $accesstoken) $SensorVersionJSON = $webClient.DownloadString($GetSensorsURL) | ConvertFrom-JsonString $LatestVersion = $SensorVersionJSON.resources | Select -Skip 1 | Select -First 1 $LatestVersionSHA256 = $LatestVersion.sha256 Set-Content -Path "$filepath\sha256" -Value $LatestVersionSHA256 $SensorURL = " https://api.crowdstrike.com/sensors/entities/download-installer/v1?id=$LatestVersionSHA256"
URL might differ according to cloud region, this was considering US-1
$webClient.DownloadFile($SensorURL,$fullfilepath) }
Validates file hash to proceed with install, deletes if corrupted.
function CheckInstallHash { $ExpectedSHA256 = Get-Content "$filepath\sha256" $DownloadedSHA256 = Get-Hash -Path $fullfilepath if ($DownloadedSHA256.Hash -eq $ExpectedSHA256) { Start-Process -FilePath $fullfilepath -ArgumentList "/install /quiet /norestart CID=$CID" } else { Remove-Item $fullfilepath -Force } } if (Test-Path $fullfilepath) { CheckInstallHash } if (-not (Test-Path $filepath)) { New-Item -Path $filepath -ItemType Directory } if (-not (Test-Path $fullfilepath)) { DownloadFalconSensor CheckInstallHash } }
-==-=-=--=-=======================--=-==-=--=
Output
Exception calling "ReadAllBytes" with "1" argument(s): "Could not find file 'C:\Windows\Temp\CsInstall\WindowsSensor.exe'." At line:18 char:6
-
$Hash = [System.BitConverter]::ToString($hashAlgorithm.ComputeHa ...-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : FileNotFoundException
You cannot call a method on a null-valued expression. At line:19 char:6
-
$Properties = @{'Algorithm' = 'SHA256';-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
Start-Process : This command cannot be run due to the error: The system cannot find the file specified. At line:62 char:2
- Start-Process -FilePath $fullfilepath -ArgumentList "/install /quiet ...
CategoryInfo : InvalidOperation: (:) [Start-Process], InvalidOperationException
FullyQualifiedErrorId : InvalidOperationException,Microsoft.PowerShell.Commands.StartProcessCommand
— Reply to this email directly, view it on GitHub https://github.com/eddxavier/CrowdStrike-Falcon-Sensor-Install/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQHB2LM7RBILFTMWD5J7TFTVQTMTVANCNFSM5ZVZS35A . You are receiving this because you are subscribed to this thread.Message ID: @.***>
$service = Get-Service -Name csagent -ErrorAction SilentlyContinue $filepath = "C:\Windows\Temp\CsInstall\" ## Custom folder where packages should be downloaded to $filename = "WindowsSensor.exe" $fullfilepath = $filepath + $filename $CID="" ## CID available on https://falcon.crowdstrike.com/hosts/sensor-downloads, URL might differ according to cloud region, this was considering US-1 $client_id = "" ## Obtain API keys here https://falcon.crowdstrike.com/support/api-clients-and-keys, URL might differ according to cloud region, this was considering US-1 $client_secret = "AA13B12A9B024DC5BFC762D6748-2C" $GetSensorsURL = "https://falcon.laggar.gcw.crowdstrike.com/srv/download-package?csrf=5snZb3Tvhv8tuU0OLQ6KPzkabuc=6f3a6b22f8c2838b1e4fad754dbb6d205d4d9e2954bcf3ee72ac3646a63b20668e3239312572dc9fddd9c39b03031fcda7cbe41b&file=metahash%2B%7Bcs-csgov-common-binaries%7D%2Fcrowdstrike%2Fv135%2FWindowsSensor.GovLaggar.exe" ##URL might differ according to cloud region, this was considering US-1 if ($service -eq $null) {
Imports hash validation to comply with PS 2.0
function Get-Hash{ param ( [string] $Path )
}
Imports JSON convertion to comply with PS 2.0
function ConvertFrom-JsonString { [CmdletBinding()] param( [Parameter(Mandatory=$true, ValueFromPipeline=$true)] [string] $Json )
Add-Type -AssemblyName System.Web.Extensions $jsSerializer = New-Object Web.Script.Serialization.JavaScriptSerializer return $jsSerializer.DeserializeObject($json) }
Downloads Falcon Sensor one version below the latest available
function DownloadFalconSensor { $requestUri = "https://api.crowdstrike.com/oauth2/token" $requestBody = "client_id=$client_id&client_secret=$client_secret" $InvokeWebRequest = New-Object System.Net.WebClient $InvokeWebRequest.Headers.add('Content-Type','application/x-www-form-urlencoded') $access_tokenjson = $InvokeWebRequest.UploadString($requestUri, $requestBody) | ConvertFrom-JsonString $accesstoken = $access_tokenjson.values | Select-Object -First 1 $webClient = New-Object System.Net.WebClient $webClient.Headers.add('accept','application/json') $webClient.Headers.add('authorization','bearer ' + $accesstoken) $SensorVersionJSON = $webClient.DownloadString($GetSensorsURL) | ConvertFrom-JsonString $LatestVersion = $SensorVersionJSON.resources | Select -Skip 1 | Select -First 1 $LatestVersionSHA256 = $LatestVersion.sha256 Set-Content -Path "$filepath\sha256" -Value $LatestVersionSHA256 $SensorURL = "https://api.crowdstrike.com/sensors/entities/download-installer/v1?id=$LatestVersionSHA256" ##URL might differ according to cloud region, this was considering US-1 $webClient.DownloadFile($SensorURL,$fullfilepath) }
Validates file hash to proceed with install, deletes if corrupted.
function CheckInstallHash { $ExpectedSHA256 = Get-Content "$filepath\sha256" $DownloadedSHA256 = Get-Hash -Path $fullfilepath if ($DownloadedSHA256.Hash -eq $ExpectedSHA256) { Start-Process -FilePath $fullfilepath -ArgumentList "/install /quiet /norestart CID=$CID" } else { Remove-Item $fullfilepath -Force } } if (Test-Path $fullfilepath) { CheckInstallHash } if (-not (Test-Path $filepath)) { New-Item -Path $filepath -ItemType Directory } if (-not (Test-Path $fullfilepath)) { DownloadFalconSensor CheckInstallHash } }
-==-=-=--=-=======================--=-==-=--=
Output
Exception calling "ReadAllBytes" with "1" argument(s): "Could not find file 'C:\Windows\Temp\CsInstall\WindowsSensor.exe'." At line:18 char:6
You cannot call a method on a null-valued expression. At line:19 char:6
Start-Process : This command cannot be run due to the error: The system cannot find the file specified. At line:62 char:2