0

I'm currently writing a script where I need to gain access to another computer on my LAN while using administrative credentials that differ from the account I am logged in as. I attempted to use the requests module.

Here is my code so far:

import requests

with requests.Session() as c:
    location = ('file://computer/c$/')
    USERNAME = 'notrealusername'
    PASSWORD = 'notrealpassword'

    c.get(location)
    logindata = dict(username=USERNAME, password=PASSWORD, next='/')
    c.post(location, data=logindata, headers{"Referer":"file://computer/c$/"})

Can someone tell me how I can edit my code to make it work properly according to the criteria specified above?

HiDeoo
  • 10,353
  • 8
  • 47
  • 47
user6575795
  • 1
  • 2
  • Hi @user6575795, this is a Q&A site. What is your question? Note: please answer this by editing your original question, not by replying to this comment. – lwassink Jul 11 '16 at 17:58
  • `requests` is a library for making HTTP requests... I'm pretty sure that Windows remote file access is not done over HTTP by default. I think you should look at [this question](http://stackoverflow.com/questions/10820376/how-do-i-access-a-remote-filesystem-using-python-on-windows) or [this one](http://stackoverflow.com/questions/9202326/read-remote-file-with-access-permissions) for some ideas on how to actually do this. – F. Stephen Q Jul 11 '16 at 19:04
  • I Think samba might work. Thank you for your help! – user6575795 Jul 11 '16 at 19:52

1 Answers1

0

Impacket

This 3rd party library is pretty useful for Windows related networking tasks. In this situation i would use their wmiexec.py script:

wmiexec.py

A semi-interactive shell, used through Windows Management Instrumentation. It does not require to install any service/agent at the target server. Runs as Administrator. Highly stealthy.

If your not wanting any 3rd party dependencies, you could write your own solution. A wmi shell is mentioned in the BlackHat Python book.

RandomHash
  • 669
  • 6
  • 20