This is my scenario: I developed a Python desktop application which I use to probe the status of services/DBs on the very same machine it is running on.
My need is to monitor, using my application, two "brother" Window Server 2003 hosts (Python version is 2.5 for both). One of the hosts lies in my own LAN, the other one lies in another LAN which is reachable via VPN.
The application is composed by:
A Graphical User Interface (gui.py), which provides widgets to collect user inputs and launches the...
...business-logic script (console.py), which in turn invokes slave Python scripts that check the system's services and DB usage/accounts status/ecc. The textual output of those checks is then returned back to the GUI.
I used to execute the application directly on each the two machines, but it would be great to turn it into a client/server application, so that:
users will just be supposed to run the gui.py locally
the gui.py will be supposed to communicate parameters to some server remakes of console.py which will be running on both of the Windows hosts
the servers will then execute system checks and report back the results to the client GUIs which will display them.
I thought about two possible solutions:
Create a Windows service on each of the Windows hosts, basically executing console.py's code and waiting for incoming requests from the clients
Open SSH connections from any LAN host to the eliged Windows host and directly run console.py on it.
I am working on a corporate environment, which has some network and host constraints: many network protocols (like SSH) are filtered by our corporate firewall. Furthermore, I don't have Administration privileges onto the Windows hosts, so I can't install system services on them...this is frustrating!
I just wanted to ask if there is any other way to make gui.py and console.py communicate over the network and which I did not take into account. Does anyone have any suggestion? Please note that - if possible - I'm not going to ask ICT department to give me Administration privileges on the Windows hosts!
Thanks in advance!
Answer to myself: I found one possible solution..
I'm lucky because the console.py script is actually invoking many slave python scripts, each of them performing one single system check via standard third-party command-line tools which can be fired to check features on remote hosts.
Then, what I did was to modify the gui.py and console.py so that users can parametrically specify on which Windows host the checks must be carried out.
In this way, I can obtain a ditributed application...but I've been lucky, what if one or more of the third-party CL tools did not support remote host features checking?
Related
I'm trying to understand all the methods available to execute remote commands on Windows through the impacket scripts:
https://www.coresecurity.com/corelabs-research/open-source-tools/impacket
https://github.com/CoreSecurity/impacket
I understand the high level explanation of psexec.py and smbexec.py, how they create a service on the remote end and run commands through cmd.exe -c but I can't understand how can you create a service on a remote windows host through SMB. Wasn't smb supposed to be mainly for file transfers and printer sharing? Reading the source code I see in the notes that they use DCERPC to create this services, is this part of the smb protocol? All the resources on DCERPC i've found were kind of confusing, and not focused on its service creating capabilities. Looking at the sourcecode of atexec.py, it says that it interacts with the task scheduler service of the windows host, also through DCERPC. Can it be used to interact with all services running on the remote box?
Thanks!
DCERPC (https://en.wikipedia.org/wiki/DCE/RPC) : the initial protocol, which was used as a template for MSRPC (https://en.wikipedia.org/wiki/Microsoft_RPC).
MSRPC is a way to execute functions on the remote end and to transfer data (parameters to these functions). It is not a way to directly execute remote OS commands on the remote side.
SMB (https://en.wikipedia.org/wiki/Server_Message_Block ) is the file sharing protocol mainly used to access files on Windows file servers. In addition, it provides Named Pipes (https://msdn.microsoft.com/en-us/library/cc239733.aspx), a way to transfer data between a local process and a remote process.
One common way for MSRPC is to use it via Named Pipes over SMB, which has the advantage that the security layer provided by SMB is directly approached for MSRPC.
In fact, MSRPC is one of the most important, yet very less known protocols in the Windows world.
Neither MSRPC, nor SMB has something to do with remote execution of shell commands.
One common way to execute remote commands is:
Copy files (via SMB) to the remote side (Windows service EXE)
Create registry entries on the remote side (so that the copied Windows Service is installed and startable)
Start the Windows service.
The started Windows service can use any network protocol (e.g. MSRPC) to receive commands and to execute them.
After the work is done, the Windows service can be uninstalled (remove registry entries and delete the files).
In fact, this is what PSEXEC does.
All the resources on DCERPC i've found were kind of confusing, and not
focused on its service creating capabilities.
Yes, It’s just a remote procedure call protocol. But it can be used to start a procedure on the remote side, which can just do anything, e.g. creating a service.
Looking at the sourcecode of atexec.py, it says that it interacts with
the task scheduler service of the windows host, also through DCERPC.
Can it be used to interact with all services running on the remote
box?
There are some MSRPC commands which handle Task Scheduler, and others which handle generic service start and stop commands.
A few final words at the end:
SMB / CIFS and the protocols around are really complex and hard to understand. It seems ok trying to understand how to deal with e.g. remote service control, but this can be a very long journey.
Perhaps this page (which uses Java for trying to control Windows service) may also help understanding.
https://dev.c-ware.de/confluence/pages/viewpage.action?pageId=15007754
How can I setup a virtualized Ubuntu on real Windows so I can have two apps communicating simple messages between them? VM can be offline, no internet access. Real system probably offline too.
Host<->VM communication on Windows host can be implemented in several ways, independently of hypervisor you are using:
Host Only network - just assign static IP for host and machine, and use sockets api to transfer your data via virtual network. Very good for large amount of data, but require a little bit time for configuration.
Virtual COM ports - if you don't want to use sockets api and want to write data to files(on linux VM)/named pipes(on windows host). This can be simpler because require almost zero configuration, but it will not work very well with large amount of data.
Choose what will fit your needs.
I need to run a vbs script in Windows machine from a Linux machine. I used Pywinrm to achieve the connection between Windows and Linux. The vbs script has a set of installation in it. Is there anyway I can run this vbs script without having to use "CredSSP" authentication?
Yes, you can use kerberos in a double hop scenario initiated using pywinrm. A minor patch needs to be made to pywinrm in order to get forwardable kerberos tickets, which is outlined here:
https://github.com/diyan/pywinrm/issues/58
You will need to perform SPN registration as needed for the services you are connecting to on the second hop. You'll also need to configure the computer account of the first hop to be trusted for delegation to the desired services using kerberos.
Good luck!
I have a network of end-user machines (Windows, Linux, MacOS) and I want to check whether the credential I have allow me to access the machines as administrator (I am checking the "here are the admin credentials to the machines" vs. reality).
I wrote a Python script (it runs on Linux) which
runs nmap -O on the network to gather the hosts
tries to ssh with paramiko to check the Linux credentials.
I would like to do a similar check for the Windows machines. What would be a practical way, in Python, to do so?
I have a few sets of credentials (AD or local to a machine) so I would need a somehow universal method. I was thinking about something like a call to _winreg.ConnectRegistry but it does not import on my Linux (it does on a Windows box).
I am no sys-admin, but just trying to mount the C-drive ( \hostname\C$ ) via samba/smb should work. This assumes that remote sharing and filesystem access is enabled on that box and the firewall rule setup to allow for remote connections.
I have written a Python TCP/IP server for internal use, using win32serviceutil/py2exe to create a Windows service.
I installed it on a computer running Windows XP Pro SP3. However, I can't connect to it when it's running as a service. I can confirm that it's binding to the address/port, because I get a conflict when I try to bind to that address/port with another application. Further, I have checked the Windows Firewall settings and have added appropriate exceptions. If I run the server as a simple console application, everything works as expected. However, when I run it as a service, it doesn't work.
I vaguely remember running into this problem before, but for the life of me can't remember any of the details.
Suggestions, anyone?
Possibly the program may be terminated just after initialization. Please check whether it is continuously listening to the requests.
netstat -an |find /i "listening"
And analyze the command line parsed to the programs. You may use procexp to do that.
First of all, whenever you implement a Windows service, be sure to add proper logging.
My worker threads were terminating because of the exception, "The socket operation could not complete without blocking."
The solution was to simply call sock.setblocking(1) after accepting the connection.
Check to see that the service is running under the Nertwork Service account and not the Local System account. The later doesn't have network access and is the default user to run services under. You can check this by going to the services app under administrative tool in the start menu and looking for your service. If you right-click the service you can go to properties and change the user that it is run under.