On windows server I need via python code to run an executable/process (such as a notepad \ ps1 script) with other domain user privilages. The credntials are hardcoded in the python script. The script should run remotelly on the server so the password promt is problematic. Is there any way I can open a proccess with known cerentials (user + password) without code interuption?
Related
I'm trying to build a script in python that runs a powershell command (using subprocess python module) , this powershell command use psexec for run a .exe file on all devices within a .txt file previous generated by python but it is not working
Any help/advice?
import subprocess
import sys
import datetime
import os
dt = datetime.datetime.now()
datetime = dt.strftime("%d-%m-%Y-%H-%M")
#creating new file
output = open('C:\Users\U42857\Desktop\Coding\python\mcafee-veriato\output_automatizacion.txt','wt')
#Writing a computer name within the file created
output.write("u43024")
output.close()
#Reading file path
path = output.name
#Running psexec in each pc with the names within the file previously created
run = subprocess.Popen (["psexec64.exe","#"+path+" -c -f .\Veriato_test_automatizacion.EXE"],stdout=sys.stdout)
run.communicate()
Im getting te psexec syntax output error:
PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
PsExec executes a program on a remote system, where remotely executed console
applications execute interactively.
Usage: psexec [\\computer[,computer2[,...] | #file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
-a Separate processors on which the application can run with
commas where 1 is the lowest numbered CPU. For example,
to run the application on CPU 2 and CPU 4, enter:
"-a 2,4"
-c Copy the specified program to the remote system for
execution. If you omit this option the application
must be in the system path on the remote system.
-d Don't wait for process to terminate (non-interactive).
-e Does not load the specified account's profile.
-f Copy the specified program even if the file already
exists on the remote system.
-i Run the program so that it interacts with the desktop of the
specified session on the remote system. If no session is
specified the process runs in the console session.
-h If the target system is Vista or higher, has the process
run with the account's elevated token, if available.
-l Run process as limited user (strips the Administrators group
and allows only privileges assigned to the Users group).
On Windows Vista the process runs with Low Integrity.
-n Specifies timeout in seconds connecting to remote computers.
-p Specifies optional password for user name. If you omit this
you will be prompted to enter a hidden password.
-r Specifies the name of the remote service to create or interact.
with.
-s Run the remote process in the System account.
-u Specifies optional user name for login to remote
computer.
-v Copy the specified file only if it has a higher version number
or is newer on than the one on the remote system.
-w Set the working directory of the process (relative to
remote computer).
-x Display the UI on the Winlogon secure desktop (local system
only).
-arm Specifies the remote computer is of ARM architecture.
-priority Specifies -low, -belownormal, -abovenormal, -high or
-realtime to run the process at a different priority. Use
-background to run at low memory and I/O priority on Vista.
computer Direct PsExec to run the application on the remote
computer or computers specified. If you omit the computer
name PsExec runs the application on the local system,
and if you specify a wildcard (\\*), PsExec runs the
command on all computers in the current domain.
#file PsExec will execute the command on each of the computers listed
in the file.
cmd Name of application to execute.
arguments Arguments to pass (note that file paths must be
absolute paths on the target system).
-accepteula This flag suppresses the display of the license dialog.
-nobanner Do not display the startup banner and copyright message.
You can enclose applications that have spaces in their name with
quotation marks e.g. psexec \\marklap "c:\long name app.exe".
Input is only passed to the remote system when you press the enter
key, and typing Ctrl-C terminates the remote process.
If you omit a user name the process will run in the context of your
account on the remote system, but will not have access to network
resources (because it is impersonating). Specify a valid user name
in the Domain\User syntax if the remote process requires access
to network resources or to run in a different account. Note that
the password and command is encrypted in transit to the remote system.
Error codes returned by PsExec are specific to the applications you
execute, not PsExec.
Any help, advice about how to achieve that?
Split the string " -c -f .\Veriato_test_automatizacion.EXE" with commas.
["psexec64.exe","#"+path,"-c", "-f",".\Veriato_test_automatizacion.EXE"]
I would like to execute a python script stored on a remote server on a local machine. This is so I can keep the code for the script on the server without the user having a copy. Is this possible using python?
I am basically trying to secure the code, possibly behind a username and/or password so that way I can easily update the codebase. (Much like using ssh - but the python script is executed on the local machine instead of the server.)
Edit:
Using curl and process substitution this may be achievable:
execute bash script from URL
so that to execute the python script the command is:
python <(curl "http://example.com/test.py" -s -N)
curl also supports password protection which is ideal.
When I execute the script the root path for the script is /dev/fd. When I navigate to this directory and list directory only contains numbers.
Using the above command as an example, is the script downloaded? (and where to). I notice that if I execute the script in a directory such as Desktop it is not downloaded to that location (the working directory).
You can compile the Python code into compiled Python .pyc files and distribute these files, though the local machine should have the same Python environment as the server.
However it is also not impossible for this code to be decompiled.
https://python-compiler.com/post/how-to-distribute-python-program
I have a remote Ubuntu server VPS, which I connect and do commands via fabric.
I using Windows PC to connect to this remote VPS, with this commands:
#task
def git_pull():
"""
"""
run("cd ~/{}/; git pull".format(env.repo_name))
When I run this command, it promts me to write my Git's login and password.
When I try to input them it writes them like this:
(virtualenv) D:\path\to\project\fabfile>fab common.git_pull
[1.2.3.4] Executing task 'common.git_pull'
[1.2.3.4] run: cd ~/project/; git pull
[1.2.3.4] out: Username for 'https://git.example.com': u^#s^#e^#r^#
As you can see when I try to write user it writes it as u^#s^#e^#r^#
It appends this weird caret-at ^#symbols
Why windows fabric appends these weird ^# symbols?
Is it because of paramiko which is being used by fabric?
I thought this happening because of different encodings and I used chcp command and it still appends these extra symbols.
I am calling a Python script supplied as part of a package from a Bash script I wrote, which calls the script in addition to doing various other things. Specifically, earlier on in the Bash script, I use a Zenity password dialog to get the user's MySQL root password and store it in a Bash variable to do some database setup. Later on, the Python script is called, and it too wants the user's MySQL root password.
I tried simply reusing the variable containing the password by using a pipe and a here string, but neither works; the script simply hangs there until I return to the terminal and enter the password again. I dug a bit into the Python script and found it uses getpass to ask for the password. Is there any way I can give it the password from the previously-created Bash variable so that I only have to ask the user for it once through a GUI?
If the information is allready present in a bash variable (say the name is pwd), IMHO the simplest solution is to export it to the environment.
export pwd
Then you can get it in the Python script :
pwd = os.environ('pwd')
I have stabled password less login between two ubuntu system then I run following command
$scp file user#hostname2:/tmp/
it works fine and I got file transferred without asking for password.
however when I try to execute the same through following python statement-
subprocess.check_output(['scp', file, r'user#hostname2:/tmp/'])
I am not able to copy files to remote computer, so I am bit curious about which user's privileges python program uses to execute command via subprocess ?
How can I debug such programs ?