• Uncategorized

About python : Using-WMI-Client-Wrapper-to-execute-an-exe-and-get-output-logs

Question Detail

Objective:
I am using Ubuntu 16.04 and am using WMI-CLient-Wrapper module to connect to a remote Windows Machine and send an executable to it(eg. Process Explorer) and further execute it and collect the logs it creates and fetch them back to my Linux Machine for further processing. Using WMI CLient Wrapper is the only option available as WMI Module doesn’t work with Linux.

Problem:
I am able to send the file to the remote Windows machine, by establishing a connection using WMI-Client-Wrapper and SMB File Transfer Mechanism. After that when I try to create a Process for the same and try to execute that process it gives me an error stating that some of the attributes that WMI actually has, are not supported by WMI client Wrapper.

What I tried

Python Code:

import os
import wmi_client_wrapper as wmic
from socket import *
import time

wmic = wmic.WmiClientWrapper(
    host ="192.168.115.128",
username = "LegalWrongDoer",
password = "sasuke14"
)

SW_SHOWNORMAL = 1
str = "smbclient //192.168.115.128/C$ -U LegalWrongDoer%sasuke14 -c \'put \"procexp64.exe\"\'"
os.system(str)
print("Folder sent")
process_startup = wmic.Win32_ProcessStartup.new()
process_startup.ShowWindow = SW_SHOWNORMAL
process_id, result = wmic.Win32_Process.Create(CommandLine="C:/procexp64.exe", ProcessStartupInformation=process_startup)
process_startup.ShowWindow = SW_SHOWNORMAL
if result == 0:
        print("Process started successfully")
else:
        print("Sorry, but can't execute Process!")

When I run this python file, it gives me the output to the initial query I make. But the Process_StartUp fails.

Further Traceback Calls:

Traceback (most recent call last):
  File "WMIClient.py", line 22, in <module>
    process_startup = wmic.Win32_ProcessStartup.new()
AttributeError: 'WmiClientWrapper' object has no attribute 'Win32_ProcessStartup'

I’d be extremely grateful if anyone of you can be able to help me through this. Thanks in advance 🙂

Question Answer

Well I finally managed to get a work-around for this whole scenario, and it might look a little messy but it sure does work for me.

Firstly I use smbclient to transfer the executable to the end-point where I want to execute it. Inside my code I use os.system() calls to make this happen.

import os
str1 = "smbclient //'<HostMachineIP>'/admin$ -U '<domain>\\<username>%<password>' -c \'lcd /usr/local/acpl/bin/endPoint/; put \"EndPointForeignsics.exe\"\'"
os.system(str1)

This helps me put the executable in desired shared folder that the user has access(Admin in my case) to and then use WMI-query through a tool called Winexe to get access to the console/command prompt of the end-point. I use another os.system() call to execute this again.

str2 = r'/usr/local/bin/winexe -U "<domain>\\<username>%<password>" //<HostMachineIP> "cmd /c c:\windows\EndPointForeignsics.exe '
os.system(str2)

P.S:– Winexe is a tool that you’ll have to download off the internet and compile it. It may take some time and effort to do that, but is quite achievable. You’ll get a lot of help on the same from StackOverflow and Documentation of the tool.

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.