search

jborean93 / pypsexec

Remote Windows execution like PsExec on Python
MIT License
119 stars 38 forks source link

Issue while running pypsexec #49

Open raghavmishra opened 2 years ago

raghavmishra commented 2 years ago

While running pypsexec getting error, it could be error of smbprotocol too as getting BadMechanism error. Please have a look at traceback,

Traceback (most recent call last): File "/home/kali/.local/lib/python3.9/site-packages/smbprotocol/session.py", line 278, in connect out_token = context.step(in_token) File "/usr/lib/python3/dist-packages/spnego/negotiate.py", line 119, in step mech_token_in, mech_list_mic, is_spnego = self._step_spnego_input(in_token=in_token) File "/usr/lib/python3/dist-packages/spnego/negotiate.py", line 159, in _step_spnego_input mech_list = self._rebuild_context_list(mech_types=in_token.mech_types) File "/usr/lib/python3/dist-packages/spnego/negotiate.py", line 374, in _rebuild_context_list raise BadMechanismError(context_msg="Unable to negotiate common mechanism", base_error=last_err) spnego.exceptions.BadMechanismError: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism**

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/opt/pypsexec/pyps.py", line 17, in c.connect() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/client.py", line 105, in connect self.session.connect() File "/home/kali/.local/lib/python3.9/site-packages/smbprotocol/session.py", line 280, in connect raise SMBAuthenticationError("Failed to authenticate with server: %s" % str(err.message)) smbprotocol.exceptions.SMBAuthenticationError: Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism Traceback (most recent call last): File "/opt/pypsexec/pyps.py", line 21, in c.create_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/client.py", line 118, in create_service self._service.delete() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 363, in delete self._open_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 381, in _open_service self._handle = self._scmr.open_service_w(self._scmr_handle, AttributeError: 'NoneType' object has no attribute 'open_service_w'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/opt/pypsexec/pyps.py", line 45, in c.remove_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/client.py", line 155, in remove_service self._service.delete() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 363, in delete self._open_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 381, in _open_service self._handle = self._scmr.open_service_w(self._scmr_handle, AttributeError: 'NoneType' object has no attribute 'open_service_w'**

jborean93 commented 2 years ago

Based on the output you are trying to connect to the server without a username and password specified. This means it will try to use whatever the cached credential is and in your case there is no cache credential so it fails.

raghavmishra commented 2 years ago

Hi @jborean93, It's not the case, I am supplying username and pass in the code.

jborean93 commented 2 years ago

Can you share your code? The only reason why this particular error would appear is if no username and password was passed to pypsexec.

The credentials are part of the Client object and are passed into the SMB session object here https://github.com/jborean93/pypsexec/blob/95c312b54b149451e6528becb63014f948a38956/pypsexec/client.py#L83. From there it goes down into pyspnego but it would never try and read from the cache if explicit creds were given.

raghavmishra commented 2 years ago

Sorry for delayed response. This is the code which I am using from your template code. Please note that the pass mentioned here are dummy and just for the sake of letting you know that I am passing user/pass in the code while running it.

`from pypsexec.client import Client

creates an encrypted connection to the host with the username and password

c = Client("test@PEN.LOCAL", username="abc", password="abc")

c.connect() try: c.create_service()

# After creating the service, you can run multiple exe's without
# reconnecting

# run a simple cmd.exe program with arguments
stdout, stderr, rc = c.run_executable("cmd.exe",
                                      arguments="/c echo Hello World")

finally: c.remove_service()`