search

jborean93 / pypsrp

PowerShell Remoting Protocol for Python
MIT License
324 stars 49 forks source link

WSManAuthenticationError: Client error '401 ' for url #159

Closed darksys0x closed 1 year ago

darksys0x commented 1 year ago

I keep getting authentication error 401 no matter what options I try (already tried ntlm). I can use invoke-Command with the same credentials, and it seems to work fine. However, psrp keeps throwing the same error. I'm using the port 5895 and sending the data via HTTP. Tools like evil-winrm seems to work fine. I'd appreciate if somebody can point me in the right direction.

Here's the error log:

C:\Users\Administrator\Documents>python3 h_psrp.py
Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\psrp\_io\wsman.py", line 1079, in post
    response.raise_for_status()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\httpx\_models.py", line 736, in raise_for_status
    raise HTTPStatusError(message, request=request, response=self)
httpx.HTTPStatusError: Client error '401 ' for url 'http://dc.darksys.com:5985/wsman'
For more information check: https://httpstatuses.com/401

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "C:\Users\Administrator\Documents\h_psrp.py", line 15, in <module>
    sync_rp(conn)
  File "C:\Users\Administrator\Documents\h_psrp.py", line 4, in sync_rp
    with psrp.SyncRunspacePool(conn) as rp:
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\psrp\_sync.py", line 510, in __enter__
    self.open()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\psrp\_sync.py", line 666, in open
    connection.create()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\psrp\_connection\wsman.py", line 543, in create
    resp = self._connection.post(self._shell.data_to_send())
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\psrp\_io\wsman.py", line 1081, in post
    raise WSManHTTPError(str(e), response.status_code) from e
psrp._exceptions.WSManAuthenticationError: Client error '401 ' for url 'http://dc.darksys.com:5985/wsman'
For more information check: https://httpstatuses.com/401

And here's my code:

import psrp

def sync_rp(conn: psrp.ConnectionInfo) -> None:
    with psrp.SyncRunspacePool(conn) as rp:
        ps = psrp.SyncPowerShell(rp)
        ps.add_script('echo "hi"')
        output = ps.invoke()

        print(output)

server = "dc.darksys.com"
conn = psrp.WSManInfo(server=server, auth="basic", port = 5985, verify=False,  encryption="never",
    username=r"darksys\administrator",
     password="testpassABC" )
sync_rp(conn)

Here's the output from winrm set winrm/config/service command:

PS C:\Windows\system32> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
Service
    RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
    MaxConcurrentOperations = 4294967295
    MaxConcurrentOperationsPerUser = 1500
    EnumerationTimeoutms = 240000
    MaxConnections = 300
    MaxPacketRetrievalTimeSeconds = 120
    AllowUnencrypted = true [Source="GPO"]
    Auth
        Basic = true [Source="GPO"]
        Kerberos = true
        Negotiate = true
        Certificate = false
        CredSSP = true
        CbtHardeningLevel = Relaxed
    DefaultPorts
        HTTP = 5985
        HTTPS = 5986
    IPv4Filter = * [Source="GPO"]
    IPv6Filter = * [Source="GPO"]
    EnableCompatibilityHttpListener = false
    EnableCompatibilityHttpsListener = false
    CertificateThumbprint
    AllowRemoteAccess = true [Source="GPO"]
darksys0x commented 1 year ago

I solved the problem some time ago by removing the domain from username: username=r"darksys\administrator" to username="administrator"