1

I'm trying to connect to remote machine using psexec and execute the cmd.exe. Once I've this session open I want to run multiple commands such as mkdir, del, etc. I'm facing the problem that i can only run one command with subprocess as communicate close the pipe. Is there is any way to accomplish?

from subprocess import Popen, PIPE, STDOUT

class WsRPC():
    def __init__(self):
        self.rpc_exec_path = r'C:\SysinternalsSuite\psexec.exe'
        self.user = 'administrator'
        self.ip = '172.xxx.xxx.xxx'
        self.password = 'XxXxXxXx'
        self.session = ''

    def wsConnect(self):
        pass
    def runCommand(self):
        try:             

            self.session = Popen([self.rpc_exec_path, '\\\\' + self.ip,  '-u',
                                 self.user,  '-p', self.password, 'cmd.exe'],
                                 stdin = PIPE,stdout = PIPE,stderr = PIPE,
                                 shell = True)
            command = 'cmd.exe /c dir'
            self.session.stdin.write('dir/r/n')
            strout, strerr = self.session.communicate()
            print strout
            print strerr
        except Exception,e:
            print str(e)

obj = WsRPC()
obj.runCommand()

I'm getting the following o/p when i run this code -

C:\SysinternalsSuite\psexec.exe \\172.xxx.xxx.xxx -u administrator 
-p XxXxXxXx cmd.exe
Microsoft Windows [Version 5.2.3790]


PsExec v2.0 - Execute processes remotely
Copyright (C) 2001-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

Connecting to 172.xxx.xxx.xxx...


Starting PSEXESVC service on 172.xxx.xxx.xxx...


Connecting with PsExec service on 172.xxx.xxx.xxx...


Starting cmd.exe on 172.xxx.xxx.xxx...



cmd.exe exited on 172.xxx.xxx.xxx with error code 0.

So it seems that my "dir" is not working.

PS: How to debug this kind of scenario too?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Hemant
  • 1,313
  • 17
  • 30
  • What does `command = 'dir\r\n'` do? Maybe you need a newline. – User Nov 20 '13 at 10:17
  • i tried that one too it didn't work – Hemant Nov 20 '13 at 10:29
  • does the command work when you are in the cmd yourself? Could it be that the network latency is relevant? – User Nov 20 '13 at 10:33
  • @user if you are asking whether the program work when i run the command using cmd.exe, then the answer is yes. it works perfectly fine. for n/w latency i'm not sure how to debug it or find out that it is relevant – Hemant Nov 20 '13 at 10:42
  • It would require something like `time.sleep(5)` before `self.session.stdin.write(command)`. – User Nov 20 '13 at 10:43
  • I've tried that and i'm getting [Errno 22] Invalid argument – Hemant Nov 20 '13 at 10:48

1 Answers1

0

Locally I did:

>>> import subprocess
>>> s = subprocess.Popen(['cmd.exe'], stderr = subprocess.PIPE, stdin = subprocess.PIPE, stdout = subprocess.PIPE, )
>>> s.stdin.write('dir\r\n') # letting out '\r\n' does not run the command
>>> s.communicate()

My QUestion to you is: when you do the same with the psexec - does it still work?

Using a string connection_string instead of a list could be a problem. Try:

  1. add Popen(..., shell=True)

  2. use a list.

    [self.rpc_exec_path, '\\\\' + self.ip,  '-u', self.user,  '-p', self.password, 'cmd.exe']
    
User
  • 14,131
  • 2
  • 40
  • 59