|
Tutorial
Getting StartedDownload the jsh.7z or jsh.zip package and unpack, and you will see the following directory structure. jsh
│ JSH.js
│ JSH.hta
│ index.htm
│ panel.htm
│ Blank_HTML.htm
│ Blank_HTML4.htm
├─bin
│ System.js
│ WebAutomation.js
├─cxx
│ main.cpp
│ main.exe
│ makefile
│ resource.js
│ resources.rc
└─lib
AES.js
Base64.js
Intermezzo.js
LZW.js
Prelude.js
Tartarus.js
URI.js
UTF16.js
UTF8.jsNow you need to decide in which environment you would like to run jsh, the options are browser, console, HTA, as explained below. >>> 1
1
>>> _ + _
2
>>> _ + _
4
>>> Tartarus.print("Hello, JSH!")
Hello, JSH!
>>> dir(Tartarus)
['chainload', 'load', 'print']
>>> load('lib/URI.js')
>>> dir(URI)
['GetCurrentURI', 'NormalizeURI', 'ParseURI']
>>> load('lib/LZW.js')
>>> LZW.Compress('aaaaaaaaaaaaaaaaaaaaaaaaaaa').length
8
>>> add(1, 2, 3, 4, 5)
15
>>> add.apply(null, range(101))
5050
>>> comp(add)(range(101))
5050
>>> inc = curry(add, 1)
<lambda/0>
>>> inc(5)
6
>>> range(10)
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9]
>>> map(inc, _)
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
>>> exit()Once you are familiar with jsh, you can start by reading advanced topics such as script injection, alternatively you may dive into the API Reference. Run in browserThe simple way is to open index.htm locally in your favorite browser and play with it. However, in order to use script injection and many network related features, you may want to host the entire jsh folder on a web server. Run in Windows HTAIf your operating system is Windows based, you may start directly by double clicking the JSH.hta file icon, this would bring you an HTA based shell. Run in Windows consoleIf your operating system is Windows based, you can run JSH.js in console using cscript.exe /nologo <JSH.js file path>, for example: cscript.exe /nologo D:\WWW\JSH.js In order to run JSH.js without having to type cscript.exe /nologo each time, you can change the default scripting host by the following command: wscript.exe //H:CScript This would allow you to run JSH.js directly either by double clicking the JSH.js file icon, or by typing JSH.js directly as illustrated below. Advanced TopicScript injectionScript injection can be achieved in two ways. Chain load (browser and Windows HTA)Take Firebug Lite as an example, from the official site we can get the bookmark for firebug lite injection. However, this bookmark does not work for FRAME and IFRAME, neither does it support HTA and things like Windows Live Messenger. >>> /* copy & paste the firebug lite bookmark into the double quote as follows */
>>> firebug_lite_bookmark = "javascript:(function(...){...})(...);";
>>> /* decode and evaluate */
>>> eval(decodeURIComponent(firebug_lite_bookmark.slice(11)));
>>> /* now wait a few seconds for firebug lite to load */
>>> /* enjoy :) */Firebug is relatively large and have more features than jsh, jsh can be used as a boot loader for none browser applications such like Live Messenger and Windows Help. With Prelude.infect, it's even possible to support chain loading Firebug Lite into nested FRAME and IFRAME. Taking arguments (Windows HTA and console)Create a file named hello.js as follows var print = Tartarus.print;
print("Hello, world!");
print(Prelude.format('Arguments: %r', __builtins__.Environment.Arguments));
print(Prelude.format('LibraryPath: %s', __builtins__.Environment.LibraryPath));
print(Prelude.format('StartupDirectory: %s', __builtins__.Environment.StartupDirectory));Then run JSH.js hello.js a b c under command prompt to see the result. Returning error code (Windows console)Create a file named exit.js as follows, and run JSH.js exit.js. Prelude.infect();
infect(globals(), Tartarus);
print('check if exit code in %errorlevel% is 3');
exit(3);
print('unreachable code');Windows console stdin/stdout redirectionIf you are facing problems while trying to use JSH for stdin/stdout redirection, consult this link http://support.microsoft.com/kb/321788. Tartarus.load(
__builtins__.Runtime('lib/Intermezzo.js'),
function(){
var method = 'GET', URL, xmlHttpReq = Intermezzo.XMLHttpRequest();
switch(__builtins__.Environment.Arguments.length){
case 2:
URL = __builtins__.Environment.Arguments[1];
break;
case 3:
method = __builtins__.Environment.Arguments[1];
URL = __builtins__.Environment.Arguments[2];
break;
default:
Tartarus.print(Prelude.format('Usage: %s [GET | POST] <URL>' , __builtins__.Environment.Arguments[0]));
exit();
}
xmlHttpReq.open(method, URL, false);
xmlHttpReq.send(method === 'POST' ? __builtins__.Environment.StdIn.ReadAll() : undefined);
Tartarus.print(xmlHttpReq.responseText);
});Then it is possible to use command like: Internet Explorer AutomationYou can create a script named JshWeb.js for automating Internet Explorer, and run JSH.hta JshWeb.js or JSH.js JshWeb.js. if(this.__builtins__ && (__builtins__.Engine === 'CScript' || __builtins__.Engine === 'HTA')){
Tartarus.load(
__builtins__.Runtime('bin/WebAutomation.js'),
__builtins__.Runtime('lib/Intermezzo.js'),
function(){
var browser = WebAutomation.InternetExplorer('about:');
browser.navigate('about:blank');
WebAutomation.Wait(browser);
Prelude.map(function(module){
browser.Document.parentWindow.execScript(module.OpenAsTextStream().ReadAll());
}, [
System.GetFile(__builtins__.Runtime('lib/Tartarus.js')),
System.GetFile(__builtins__.Runtime('lib/Prelude.js')),
System.GetFile(__builtins__.Runtime('lib/Intermezzo.js')),
System.GetFile(__builtins__.Runtime('lib/URI.js')),
System.GetFile(__builtins__.Runtime('JSH.js'))
]);
});
}
|



Tartarus.print("Hello, JSH!")