In Kali, I'm trying to build a python library for automating some pen testing tasks by opening shells so that users can interact with things like created tunnels, ssh sessions, etc.
I started trying something like:
from subprocess import Popen,PIPE
p1 = Popen(['x-terminal-emulator'], stdin=PIPE)
p1.communicate('echo "hello world"')
and also trying sending stdin input, this creates the terminal but doesn't send the hello world command.
How can I do basic tasks with this newly created terminal window in Kali?
Send input to the terminal
Read output
Position the terminal window
I'm not asking for the code, just a pointer on where to get started would be great.
Related
I am trying to write application which uses WSH scripting under Python for automation purpose. I used win32com.client module to get shell and run the putty application to access routers. Iam able to access the devices and send the key strokes and commands to putty GUI window. But the problem is,I want to track the ongoing command status which was sent using COM object.How can I read/get the buffer data of application initiated by COM object.Is there any easy way?Can I can get the data in python variable which is returned by device in putty ! Please help..`
import time
import win32api
import win32com.client
shell = win32com.client.gencache.EnsureDispatch("WScript.Shell")
shell.Run("putty")
time.sleep(1)
shell.SendKeys("192.168.1.x")
shell.SendKeys(r"show version | no-more") #command to run on putty
console
time.sleep(2)
shell.SendKeys("~")
Thanks,
Sat
I have a requirement to telnet from one Windows PC to another. I would like to log in and issue commands (and see replies) using Python.
This is very easy to achieve this in my local cmd window:
Call up cmd and type 'telnet REMOTECOMPUTERNAME'.
Reply in window is:
'Welcome to the ChyronHego telnet server on REMOTECOMPUTERNAME'
I can issue commands (e.g. 'V\6\1\\') by typing directly into prompt.
Remote system responds by carrying out task or issuing error message in prompt.
(I have tried using telnetlib and system.process and os without any result so far)
Does anyone know how I can achieve this programmatically using Python?
Many thanks in advance.
Ian
You can use the subprocess module to perform a telnet cmd on windows. Additional parameters can be added to the list as a separate element. EX:["telnet", "HOST", 'V']
import subprocess
p = subprocess.Popen(["telnet", "HOST"], stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE)
I'm using motion to run a rudimentary livestream. It works perfectly when i start it in server side with:
sudo motion -c livestream.conf
This starts a video server in 8081 port and i can access perfectly from wherever i want inside my network.
The issue comes when i want to write a little script which will ssh using paramiko to server, start motion with the same command and open default browser directly in video stream url. Here the sample code:
import paramiko
import subprocess
import time
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('192.168.1.111', username = 'pi', password = 'raspberry')
ssh.exec_command('sudo motion -c livestream.conf')
time.sleep(4)
subprocess.call('xdg-open "http://192.168.1.111:8081"', shell= True)
ssh.close()
a pidof motion in server shows that the service is running,but i can't access it!!! Because motion is running, i think is not the common problem with sudo/paramiko, but i don't have any idea why this does not work.
WORKAROUND
Motion has a daemon mode. Enabling it from
/etc/default/motion
it starts on boot and i can call it perfectly with:
subprocess.call('xdg-open "http://192.168.1.111:8081"', shell= True)
But is not exactly what i'm looking for, because i'd like to launch(and close, but this will be another thread sure!!) the daemon, not just access the stream.
This workaround executes
/etc/motion/motion.conf
as daemon.I copied my motion script in there and everything good.
But when i try to start the script as daemon (not on boot, with the code above), it tells me that it can't create PID file. Everything done as root. I'm getting close to the answer by myself, just a little more.
I've written a python script that can log into multiple devices sequentially by reading a csv file listing the different IP addresses. From there it outputs a file for each device with the content from a few commands that are passed to the devices via the script. So I've come pretty far. A problem I'm running into is that sometimes the script hangs. And that is because some devices have different software revisions and do not support certain commands that are being passed to them. The difference I'm focusing on is the prompt after log in. For example, logging into device type A has a command prompt of xyz#. Device type B has a command type abc:. It's the same manufacturer, just a different model and/or software rev. Depending on the command prompt I know the commands I can run on that device without the script hanging up. So what I need to be able to do is after a successful login, depending on the command prompt I get run a set of specific commands.
I can post some of my code if that would help but what I'm really looking to find out is if this is even possible. And if so, so pointers. A few suggestions on what I might try. After working with Python for a few months I know there has to be a way to do this. I usually don't post because I can work through others' posts and develop a working solution. But I've been working on this a bit and haven't been able to piece it together so looking I'm for an assist.
-Shane
EDIT
At this point I'm still unable to write code the would determine the command prompt. Well at least while the telnet session is up. I can telnet in, run some commands and close the session. I can then write the results to a file. And from there read the file to determine the prompt. But ideally I'd like to be able to open a telnet session, run a command to determine the prompt while the session is still open, read it while the session is up and then based on the prompt run specific commands.
The issue seems to be with not being able to read any command output while the telnet session is still up. The session has to close and then write all output to a file. Then read the file to determine the command prompt, determine which commands to run based on the prompt, then open a new telnet session and run those commands.
Should I accept the fact that I have to close the telnet session, write the data to a file, read it to determine prompt and then loop back through the login part of the script again? Or am I missing something? Not sure if I'm bring clear in my description.
I would implement the commands using a common interface and then use a dictionary to retrieve them when I know what system I am connected to:
# command set for system xyz#
def copy1(src, dest):
pass
def list1():
pass
# command set for system abc:
def copy2(src, dest):
pass
def list2():
pass
cmdDict = {
# prompt command set
'xyz#': [copy1, list1],
'abc:' [copy2, list2],
}
...
# guess the right commands from the prompt we have read
copyCommand = cmdDict[detected_prompt][0]
listCommand = cmdDict[detected_prompt][1]
...
# proceed normally
listCommand()
copyCommand(f1, g1)
copyCommand(f2, g2)
I am trying to control a console application (JTAG app from Segger) from Python using the subprocess module. The application behaves correctly for stdout, but stdin doesn't seem to be read. If enable the shell, I can type into the input and control the application, but I need to do this programmatically. The same code works fine for issuing commands to something like cmd.exe.
I'm guessing that the keyboard is being read directly instead of stdin. Any ideas how I can send the application input?
from subprocess import Popen, PIPE, STDOUT
jtag = Popen('"C:/Program Files/SEGGER/JLinkARM_V402e/JLink.exe"', shell=True,
universal_newlines=True,
stdin=PIPE,
stdout=PIPE,
stderr=STDOUT)
jtag.stdin.write('usb\n')
jtag.stdin.flush()
print "Stdout:"
while True:
s = jtag.stdout.readline()
if not s:
break
print s,
jtag.terminate()
As shoosh says, I'd try to verify that the application really is looking for keyboard input. If it is, you can try Win32 message passing, or sending it keyboard input via automation.
For the message passing route, you could use the EnumWindows function via ctypes to find the window you're after, then using PostMessage to send it WM_KEYDOWN messages.
You can also send keyboard input via pywinauto, or the ActiveX control of AutoIt via win32com.
Using AutoIt:
from win32com.client import Dispatch
auto = Dispatch("AutoItX3.Control")
auto.WinActivate("The window's title", "")
auto.WinWaitActive("The window's title", "", 10)
auto.Send("The input")
I'm guessing that the keyboard is being read directly instead of stdin
This is a pretty strong assumption and before stitching a solution you should try to verify it somehow. There are different levels of doing this. Actually two I can think of right now:
Waiting for keyboard events from the main windows loop. if this is the case then you can simulate a keyboard simply by sending the window the right kind of message. these can be wither WM_KEYDOWN or WM_CHAR or perhaps some other related variants.
Actually polling the hardware, for instance using GetAsyncKeyState(). This is somewhat unlikely and if this is really what's going on, I doubt you can do anything to simulate it programatically.
Another take on this is trying to use the on-screen keyboard and see if it works with the application. if it does, figure out how to simulate what it does.
Some tools which might be helpful -
Spy++ (comes with Visual Studio) - allows you to see what messages go into a window
strace allows you to see what syscalls a process is making.