So i've searched through all the questions on this site (maybe not all, but most), and none of them have quite the right answer for what i'm looking for!
Part of my code, in Python, is setup as:
specialstring = special
if input == "T"
trash = commandline("sudo dd if=zero blahblah%blah" % specialstring)
Every time I run the command, it asks for a password. I do not want it to request a password! I don't need a lecture on how unsafe it is to run a root without a password (or however your phrase it)... I would just like to know what to do to have my code not need a password to run the command, and then exit root after the command so I can continue on normally with the rest of my code. THANKS!
-NOOB
You can make a "user" not have to enter in the password when using sudo for a specific program by editing the /etc/sudoers file.
Open up the file and edit it to include this line (where is the name of the user):
<user> ALL = NOPASSWD: /bin/dd
As mentioned in the comments of your previous question, you need to add to your sudoers file like this for the sake of simplicity just turn off the passwords and you will be able to run this without a password
admin ALL = NOPASSWD: ALL
the file will be found in /etc/sudoers
Then your python script will run fine and not require a password
Here is a tutorial on how to use visudo which is what you will need to use to edit sudo password settings
Why would you need to run 'dd' as root anyway? The 'dd' program is available to all users, so running the same command without 'sudo' in front would be sufficient. The only reason I can think of is if the file where you write the output of 'dd' to is only writable by root or another user.
So, try this:
specialstring = special
if input == "T"
trash = commandline("dd if=zero blahblah%blah" % specialstring)
Related
My specific question is around what exactly zipfile.ZipFile(myfile.zip).extractall(thepassword) actually does. I'm working through some pentest tutorials and have written the following snippet.
There are two files that the script acts upon. The first is a zip file that was created using zip -P very_long_random_string_password -r myfile.zip myfiles.txt. This is on Kali Linux from the CLI with Python3 (3.9). The second file is a list of common passwords from github ([passlist.txt][1]).
#Python3
from zipfile import ZipFile
with open('passlist.txt', 'r') as f:
for line in f:
password = line.strip('\n')
password = password.encode('utf-8')
try:
foundpass = ZipFile('myfile.zip').extractall(pwd=password)
if foundpass == None:
print("\nPassword: ", password.decode())
break
except RuntimeError:
pass
The expected result would be for the script to try every password in the passlist.txt and if the extractall method didn't throw a RuntimeError to print out the successful password. If the password is wrong, the program continues.
This in fact does work and I've tried multiple passwords that are caught as expected based on passwords in the passlist.txt. BUT... I wanted to have the script run unsuccessfully and got an unexpected result.
Using a -P pashdshGivgisudhfagn9879te6rtq6rr in the zip process, which doesn't exist in the passlist.txt resulted in successfully unlocking the zip file using the password rabbit11. As it turns out I can unzip the file with rabbit11 or pashdshGivgisudhfagn9879te6rtq6rr.
I've run this several times now with different very_long_random_string_passwords and been able to find corresponding simple_passwords that will unlock the zip file.
Why? I don't see any pattern to encoded text and this seems to be odd behavior.
Other examples (I actually haven't found one that doesn't work):
Complex: 444hdshGivgisudhfagn9879te6rtq6rr
Simple: rugby12
Complex: rszv8FoGGM6JRWGX
Simple: lickme
I am studying automate the boring stuff with python book and therein after finishing the password locker project it is suggested to create a batch file using the following codes:
#py.exe C:\Python34\pw.py %*
#pause
and I did exactly the same mine one looks like this (copied entire script if there are any other potential errors):
import sys
import pyperclip
""" PASSWORD LOCKER """
passwords = {
'facebook' : 'password of facebook',
'gmail' : 'password of gmail',
'quora' : 'password of quora'
}
if len(sys.argv) == 2:
account_name = sys.argv[1]
if account_name in passwords:
print('Password of [' + str(account_name).upper() + '] has been copied to clipboard.')
acc_password = passwords[account_name]
pyperclip.copy(acc_password)
print('Paste it anywhere')
else:
print('There is no name registered with that account name.')
#py.exe 'C:\py\Automate the Boring Stuff with Python\Data Structures, Dictionary\pw.py' %*
#pause
then saved the file as pw.bat, according to instruction of the book:
With this batch file created, running the password-safe program on
Windows is just a matter of pressing win-R and typing pw .
I then followed these steps again and it didn't work fine. Can you please help me with this. Thank you.
Here are troubleshooting steps I'd suggest:
Ensure py.exe exists in environment path of your computer. The book may have installation instructions that may have been skipped inadvertently. If you know py.exe exists on your computer, but when you execute py.exe on opening a command prompt, you may see:
'py.exe' is not recognized as an internal or external command, operable program or batch file.
If you see the above message, this implies, you need to do either of the following:
a. Change your batch file to say:
`#<drive:\path\to>\py.exe`
where the part <drive:\path\to> is the path to your python executable (py.exe), OR,
b. Add the path to py.exe to the environment variables. Comprehensive instructions are here for Python 3.
The way you have framed the question seems to suggest that you saved the entire code in one file pw.bat. If you did, you need to ensure the following:
a. Last two lines of the your code snippet are in a file pw.bat, AND,
b. Rest of the code is in the file C:\py\Automate the Boring Stuff with Python\Data Structures, Dictionary\pw.py.
The instruction below is correct only if the file pw.bat is in the environment path and thus visible to the operating system:
With this batch file created, running the password-safe program on Windows is just a matter of pressing win-R and typing pw
If you do not know whether this is true or not, you will need to find out where you saved pw.bat. Open a command prompt and navigate to that location, and then execute pw. Issues pertinent to this are discussed here.
I'm building my python package using Azure DevOps pipeline and the generated artifact is then uploaded to a feed. Everything is working fine, however, I don't like the fact that I have a .pypirc file containing the credentials for the upload sitting in my repository.
Basically I'm uploading the artifact using:
- script: 'twine upload -r imglib --config-file .pypirc dist/imglib-*.tar.gz'
Is there another way to store the credentials, preferably not in a file that anyone could edit? I read something about storing the credentials in the key vault, but I don't see how change the pipeline (the yml file) to do this.
Thanks in advance.
EDIT:
Shaykis answere seems to be the right way, however, I'm not able to replace the placeholder in the .pypirc file using a bash command. All I get is three asterics when I print the content of .pypirc after replacement. For the replacement I use:
- script: 'sed -i "s/__password__/$PYPI_CRED_MAPPED/g" .pypirc'
displayName: 'Setting PyPI credentials'
env:
PYPI_CRED_MAPPED: $(pypi_cred)
The content of .pypirs is (displayed during the build task using a bash cat .pypirc. Is there an easier way to debug the build prozess?):
[distutils]
Index-servers =
pypi
imglib
[imglib]
Repository = https://pkgs.dev.azure.com/XXX/_packaging/imglib/pypi/upload
username = imglib
password = ***
Does anyone know what is happening there?
EDIT 2:
I also tried to use $env:PYPI_CRED_MAPPED but in that case only the $env is replaced by nothing and all I'm left with is :PYPI_CRED_MAPPED. Also, I look at the docs and they use the variable directly (e.g. $PYPI_CRED_MAPPED, see bottom of page).
EDIT 3:
The three asterics are just a placeholder. It worked with $PYPI_CRED_MAPPED as mentioned in EDIT 2. The build process was failing because of another reason. I also tried it with the powershell command provided in the answer and it worked as well. So thank you for your help.
You can store the variable as a secret variable, in the .pypirc file put a placeholder and in the pipeline add a script that replace the placeholder with the variable.
1) In the .yaml editor click on the 3 dots near the Save/Run button on the top right and then click "Variables".
2) Add a new variable (pythonCred fore example) with the password and click on the lock icon to make it secret.
3) Go to your .pypirc file and replace the password with __password__.
4) In your pipeline add a PowerShell task to put the password:
- powershell: |
(Get-Content path/to/pypirc) -replace "__password__" , "$env:CredPython" | Set-Content -Path path/to/pypirc
env: CredPython: $(pythonCred) # you must to map the variable because is a secret variable
You can also use Azure Key Vault with this way, download the password from there in with Azure Key Vault task and replace update the .pypirc file.
I downloaded some scripts in both python and bash that prompt the user for command line input. Since I run these scripts often, I would like to automatically supply the input to the programs. I prefer not to modify the scripts. Is there a way to do it without modifying the original code?
[UPDATE] thanks to EnabrenTane's advice, it seems to work pretty well, until I got to a line that read password = getpass.getpass('password: '). It complains the following:
File "/usr/lib/python2.4/getpass.py", line 29, in unix_getpass
old = termios.tcgetattr(fd) # a copy to save
termios.error: (25, 'Inappropriate ioctl for device')
Any way to get around that?
Like this on bash: $ ./python_script < input.txt
edit:
Alternatively you could write your scripts to take ARGV as a file name to read from. You could reopen STDIN to the file and not have to change any other lines.
Since the responses in via stdin:
cat answers | yourscript.py
Due to the password requirement, I ended up using pexpect, a python module that automates user input.
Is there a simple module that let's you paste input in python ?
Asking someone to type letter by letter is kinda harsh .
By default a .py file is opened with python.exe if is installed and this does not allow "rightclick+paste" in the console .So how can i make this happen with python ? i think this would be more of a exact question .
You can make this by open cmd.exe and type here "C:\Python32\python".
Path is depend on the version of python. Mine is 3.2.
If you're looking for a way to simply paste something into the windows command prompt, John Giotta is correct that a user can click on the little icon in the top left.
I imagine, however, that you're looking for a way that a user can input a large amount of text, without typing it in line by line. A simple way to do this, would be to let the user input a file name, which python would then read. Perhaps something like this is what you're looking for:
while True:
filename = raw_input("Path to file to be read: ")
try:
with open(filename, 'rb') as f:
contents = f.read()
break
except IOError:
print "That was not a valid file \n"
This loop will keep asking the user for a file until then enter a valid path. When they enter a valid path, it will be read in as a string to the contents variable. This way, a user could enter a large amount of text into a file, and then you simply prompt them for the path to the file.
You can read up on file input more In the docs.