pypsexec icon indicating copy to clipboard operation
pypsexec copied to clipboard

Published 20 hours ago verified publisher icon jborean93

Issue while running pypsexec

Open raghavmishra opened this issue 3 years ago • 4 comments

While running pypsexec getting error, it could be error of smbprotocol too as getting BadMechanism error. Please have a look at traceback,

**Traceback (most recent call last): File "/home/kali/.local/lib/python3.9/site-packages/smbprotocol/session.py", line 278, in connect out_token = context.step(in_token) File "/usr/lib/python3/dist-packages/spnego/negotiate.py", line 119, in step mech_token_in, mech_list_mic, is_spnego = self._step_spnego_input(in_token=in_token) File "/usr/lib/python3/dist-packages/spnego/negotiate.py", line 159, in _step_spnego_input mech_list = self._rebuild_context_list(mech_types=in_token.mech_types) File "/usr/lib/python3/dist-packages/spnego/negotiate.py", line 374, in _rebuild_context_list raise BadMechanismError(context_msg="Unable to negotiate common mechanism", base_error=last_err) spnego.exceptions.BadMechanismError: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/opt/pypsexec/pyps.py", line 17, in c.connect() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/client.py", line 105, in connect self.session.connect() File "/home/kali/.local/lib/python3.9/site-packages/smbprotocol/session.py", line 280, in connect raise SMBAuthenticationError("Failed to authenticate with server: %s" % str(err.message)) smbprotocol.exceptions.SMBAuthenticationError: Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism Traceback (most recent call last): File "/opt/pypsexec/pyps.py", line 21, in c.create_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/client.py", line 118, in create_service self._service.delete() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 363, in delete self._open_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 381, in _open_service self._handle = self._scmr.open_service_w(self._scmr_handle, AttributeError: 'NoneType' object has no attribute 'open_service_w'

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/opt/pypsexec/pyps.py", line 45, in c.remove_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/client.py", line 155, in remove_service self._service.delete() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 363, in delete self._open_service() File "/home/kali/.local/lib/python3.9/site-packages/pypsexec/scmr.py", line 381, in _open_service self._handle = self._scmr.open_service_w(self._scmr_handle, AttributeError: 'NoneType' object has no attribute 'open_service_w'**

raghavmishra avatar Nov 16 '21 12:11 raghavmishra

Based on the output you are trying to connect to the server without a username and password specified. This means it will try to use whatever the cached credential is and in your case there is no cache credential so it fails.

jborean93 avatar Nov 16 '21 18:11 jborean93

Hi @jborean93, It's not the case, I am supplying username and pass in the code.

raghavmishra avatar Nov 19 '21 09:11 raghavmishra

Can you share your code? The only reason why this particular error would appear is if no username and password was passed to pypsexec.

The credentials are part of the Client object and are passed into the SMB session object here https://github.com/jborean93/pypsexec/blob/95c312b54b149451e6528becb63014f948a38956/pypsexec/client.py#L83. From there it goes down into pyspnego but it would never try and read from the cache if explicit creds were given.

jborean93 avatar Nov 19 '21 11:11 jborean93

Sorry for delayed response. This is the code which I am using from your template code. Please note that the pass mentioned here are dummy and just for the sake of letting you know that I am passing user/pass in the code while running it.

`from pypsexec.client import Client

creates an encrypted connection to the host with the username and password

c = Client("[email protected]", username="abc", password="abc")

c.connect() try: c.create_service()

# After creating the service, you can run multiple exe's without
# reconnecting

# run a simple cmd.exe program with arguments
stdout, stderr, rc = c.run_executable("cmd.exe",
                                      arguments="/c echo Hello World")

finally: c.remove_service()`

raghavmishra avatar Nov 22 '21 06:11 raghavmishra