1

I have been at my internship for a couple days and recently was asked to do some Powershell scripting and was excited to learn some new things!

However, it has been a time consuming task because searching for things is so hard to find what you want.

Anyways, I was tasked with removing all sensitive data from a word file. It has not been too bad except until now. For example from a text file:

User pass created now moving on..
Password 7 ##########
All done

Which I had to remove all the numbers after searching the file for "Password 7" and similar tasks which did not take me too long.

Now, I have things such as that are a fixed length after:

Self-Service certificate ####### ######## #######
######## ######## ######## ########## #########
########## ##### ######## ########## ##########

With strings on multiple lines. I can remove the top line, but cannot figure out the next lines because they are just random numbers and I have nothing to search for. I have tried things like nr \n \r and many combinations. I am stumped.

$configFiles=get-childitem . *.txt -rec

foreach ($file in $configFiles)
{
 $readIn = @(Get-Content $file.PSPath) 
 $readIn -replace "Password 7.*" , "Password 7 <REMOVED>" -replace "Secret 5.*" , "Secret 5 <REMOVED>" -replace "snmp-server community\s\S*" , "snmp-server community <REMOVED>" |
 Set-Content $file.PSPath
 }

That is my current code and it is working well so far. I have been messing around with the multi-line removal in a separate script. Thanks for the help.

Improve this question

2 Answers 2

Reset to default
1

Sounds like you are trying to delete a certificate from a Cisco configuration. 

$config = @"
!
crypto ca certificate chain TP-self-signed-12345678
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37363538
528BD5A8 E7E26C51 10BAB609 5B60228F C8DE0299 7BE85C2D 9769FF05 C295706F
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37363538
528BD5A8 E7E26C51 10BAB609 5B60228F C8DE0299 7BE85C2D 9769FF05 C295706F
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37363538
528BD5A8 E7E26C51 10BAB609 5B60228F C8DE0299 7BE85C2D 9769FF05 C295706F
quit
Username joe password bloggs
!
"@

$regex = [regex] '(?sm)certificate self-signed 01\s+([0-9A-F\s]+?)\s+quit'
$result = $config | Select-String -Pattern $regex
$cert = $result.Matches.Groups[1].Value
$censored = $config -replace $cert, '<REMOVED>'
Write-Output $censored

Output: 

!
crypto ca certificate chain TP-self-signed-12345678
certificate self-signed 01
<REMOVED>
quit
Username joe password bloggs
!
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Exactly what I was trying to do, thank you so much for that answer! I will implement that now and modify it a little bit to fit my version.
0

The trick is to parse the entire text as a single string block and construct a regular expression that can detect the carriage returns embedded in the text.

By default Get-Content will return an array of strings separated at the carriage return. TO load in the test as a single text blob, use the -Raw parameter:

$readIn = Get-Content $file.PSPath  -Raw

Then construct a regular expression that can detect the portion you want to remove, carriage returns and all. In this example here, I am assuming that the sensitive bit is 13 blocks of characters at least 5 character long separated by whitespace or carriage return:

$readIn -replace 'Self-Service certificate (\S{5,}[\s\n]+){13}', "Self-Service certificate <removed>`n" | Set-Content $file.PSPath
Improve this answer

1 Comment

Thanks for the reply, it actually hit me a bit ago before I read your reply of what I had to do. A little more information on my problem is that it is a block of 17x8 and an additional row that has 8 characters then 4 and that is it. It starts out with two spaces then 8 characters, then a space, then followed by another 8 and obviously repeated until it reaches 8. All 17 rows follow that except the last row. $readIn -replace "^\s\s\w{8}\s\w{3,8}\s\w{8}\s\w{8}\s\w{8}\s\w{8}\s\w{8}\s\w{8}" My current work so far and I am trying to get it to work for all the rows. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.