I'm trying to create an Outlook Message File (.msg) file using Python, specifically from Flask.
Here's what I have:
import win32com.client
def html2msg():
com_object = win32com.client.Dispatch('Outlook.Application')
com_file = com_object.CreateItem(0)
com_file.Subject = 'Subject'
com_file.HTMLBody = '<html><head></head><body><p>Test Email</p></body></html>'
com_file.SaveAs('new.msg')
com_file.Close(0)
This works fine when run as a user in Windows, or instigated from within flask when the flask app is run manually as a user...
The issue comes when it is run behind IIS with wfastcgi: I get this non-specific error:
File "<COMObject Outlook.Application>", line 2, in CreateItem
pywintypes.com_error: (-2147467260, 'Operation aborted', None, None)
I previously had similar(ish) issues with Word, which were caused because the com object was being run under the system profile, and were solved by creating a folder as per: https://theether.net/kb/100120?id=100120
Has anyone managed to accomplish something similar?
The issue comes when it is run behind IIS with wfastcgi: I get this non-specific error:
The Considerations for server-side Automation of Office article states the following for the error you've got:
Microsoft does not currently recommend, and does not support, Automation of Microsoft Office applications from any unattended, non-interactive client application or component (including ASP, ASP.NET, DCOM, and NT Services), because Office may exhibit unstable behavior and/or deadlock when Office is run in this environment.
If you are building a solution that runs in a server-side context, you should try to use components that have been made safe for unattended execution. Or, you should try to find alternatives that allow at least part of the code to run client-side. If you use an Office application from a server-side solution, the application will lack many of the necessary capabilities to run successfully. Additionally, you will be taking risks with the stability of your overall solution.
As a workaround, you need to use a low-level API on which Outlook is based on - Extended MAPI or just any wrapper around that API such as Redemption.
If you deal with Exchange server profiles only, consider using EWS, see Start using web services in Exchange for more information.
Related
I am working on a project where I have been using Python to make API calls to our organization's various technologies to get data, which I then push to Power BI to track metrics over time relating to IT Security.
My boss wants to see info added from Exchange Online Protection such as malware detected in emails, spam blocks etc., essentially replicating some of the email and collaboration reports you'd see in M365 defender > reports > email and collaboration (security.microsoft.com/emailandcollabreport).
I have tried the Defender API and MS Graph API, read through a ton of documentation, and can't seem to find anywhere to pull this info from. Has anyone done something similar, or know where this data can be pulled from?
Thanks in advance.
You can try using the Microsoft Graph Security API using which you can get the alerts, information protection, secure score using that. Also you can refer the alerts section in the documentation which talks about the list of supported providers at this point using the Microsoft Graph security api.
In case anyone else runs into this, this is the solution I ended up using (hacky as it may be);
The only way to extract the pertinent info seems to be through PowerShell, you need the modules ExchangeOnlineManagement and PSWSMan so those will need to be installed.
You need to add an app to your Azure instance with global reader role minimum (or something custom) and generate and upload self-signed certificates to the app.
I then ran the following lines as a ps1 script:
Connect-ExchangeOnline -CertificateFilePath "<PATH>" -AppID "<APPID>" -Organization "<ORG>.onmicrosoft.com" -CertificatePassword (ConvertTo-SecureString -String '<PASSWORD>' -AsPlainText -Force)
$dte = (Get-Date).AddDays(-30)
Get-MailflowStatusReport -StartDate $dte -EndDate (Get-Date)
Disconnect-ExchangeOnline
I used python to call the powershell script, then extract the info I needed from the output and push it to PowerBI.
I'm sure there is a more secure and efficient way to do this but I was able to accomplish the task this way.
I was working on a web based platform product, my python Code is hosted on IIS Server. I need to Export my df as an excel in to the path or you can say url path.
my_url_path = http//10.6.36:8075/products/items/Aug
I tried:
df.to_excel(my_url_path+'/'+'df.xlsx, index=False)
If you want to write/export something to other windows machines, we need to do some stuff like impersonate.
Here are some code snippets to demonstrate this feature.
https://learn.microsoft.com/en-us/dotnet/api/system.security.principal.windowsidentity.impersonate?view=netframework-4.8
Simply speaking, we need to enable impersonating the users on the remote user so that can write a file with that Window identity. If the IIS server and the remote file server are the same machines, it is enough to use the relative address to fill the Path parameter.
In python, Python’s Win32 access to help to simplify providing privileged access.
http://timgolden.me.uk/pywin32-docs/Windows_NT_Security_.2d.2d_Impersonation.html
https://codingsimple.wordpress.com/2014/10/13/python-for-windows-logon-and-run-as-different-user/
Feel free to let me know if there is anything I can help with.
I'm currently writing a script where I need to gain access to another computer on my LAN while using administrative credentials that differ from the account I am logged in as. I attempted to use the requests module.
Here is my code so far:
import requests
with requests.Session() as c:
location = ('file://computer/c$/')
USERNAME = 'notrealusername'
PASSWORD = 'notrealpassword'
c.get(location)
logindata = dict(username=USERNAME, password=PASSWORD, next='/')
c.post(location, data=logindata, headers{"Referer":"file://computer/c$/"})
Can someone tell me how I can edit my code to make it work properly according to the criteria specified above?
Impacket
This 3rd party library is pretty useful for Windows related networking tasks. In this situation i would use their wmiexec.py script:
wmiexec.py
A semi-interactive shell, used through Windows Management Instrumentation. It does not require to install any service/agent at the target server. Runs as Administrator. Highly stealthy.
If your not wanting any 3rd party dependencies, you could write your own solution. A wmi shell is mentioned in the BlackHat Python book.
I'm starting to play around with the new Pepper API for an important project (phasing out Java) and I'm having an issue with this example.
https://developer.chrome.com/native-client/devguide/devcycle/vs-addin
I've installed the plugin to VS, added the paths, started the python webserver yet when I debug it gives me a 404...
I'm starting the python webserver as per https://developer.chrome.com/native-client/sdk/examples
The issue being the HTML file it's looking for is in F:\nacl_sdk\vs_addin\examples\hello_world_gles\hello_world_gles and the localhost root is F:\nacl_sdk\pepper_42\getting_started
Has anyone else had this issue?
I also have plenty of intellisense errors:
Since I posted this I tried copying the example directory to the root directory being used by localhost. The page loads, however I'm not capable of running the plugin...
I think you're not supposed to be starting the Python web server, as per the vs addin documentation:
When you run one of the Native Client platforms Visual Studio builds
the corresponding type of Native Client module (either a .nexe or
.pexe), starts a web server to serve it up, and launches a copy of
Chrome that fetches the module from the server and runs it.
However, to be honest, I'm still unable to run this sample, even though I'm following this instruction. I'm seeing an "ERR_CONNECTION_REFUSED" result page. I'm using VS 2012 Express, and Chrome 43.
Update. I've finally managed to run the sample. First, I've installed VS 2012 Ultimate instead of Express (because Express doesn't support Add-Ins). Second, the latest VS addin seems to be unable to run the Python web-server, it passes the port paramater in a wrong format. You can see that if you read the output in the "Native Client Web Server Output" pane in VS. So what I did, is I modified the %NACL_SDK_ROOT%\tools\httpd.py, so that it doesn't attempt to parse the command line arguments :)
Here is the new main from my httpd.py:
def main(args):
server = LocalHTTPServer(os.path.abspath('.'), 5103)
# Serve until the client tells us to stop. When it does, it will give us an
# errorcode.
print 'Serving %s on %s...' % (options.serve_dir, server.GetURL(''))
return server.ServeForever()
HTH.
I'm maintaining an open-source document asset management application called NotreDAM, which is written in Django running on Apache an instance of TwistedWeb.
Whenever any user downloads a file, the application hangs for all users for the entire duration of the download. I've tracked down the download command to this point in the code, but I'm not enough versed with Python/Django to know why this may be happening.
response = HttpResponse(open(fullpath, 'rb').read(), mimetype=mimetype)
response["Last-Modified"] = http_date(statobj.st_mtime)
response["Content-Length"] = statobj.st_size
if encoding:
response["Content-Encoding"] = encoding
return response
Do you know how I could fix the application hanging while a file downloads?
The web server reads the whole file in the memory instead of streaming it. It is not well written code, but not a bug per se.
This blocks the Apache client (pre-forked) for the duration of whole file read. If IO is slow and the file is large it may take some time.
Usually you have several pre-forked Apache clients configured to satisfy this kind of requests, but on a badly configured web server you may exhibit this kind of problems and this is not a Django issue. Your web server is probably running only one pre-forked process, potentially in a debug mode.
notreDAM serves the asset files using the django.views.static.serve() command, which according to the Django docs "Using this method is inefficient and insecure. Do not use this in a production setting. Use this only for development." So there we go. I have to use another command.