I am looking for a tool that will allow me to monitor and control programs running inside a Windows VM from the Linux host machine. I realize that this is similar to what a rootkit would do, and I am completely happy to use some hacker software if it provides the necessary functionality (and if I can get it in source-code form).
If I can't find something, I'll have to write it using C. Probably an embedded HTTP server running on an odd port and doing some kind of XMLRPC thing.
Here is the basic functionality I need:
Get list of running processes
Kill a process.
Start a process
Read/write/create/delete files
I would like to:
- Read contents of screen
- Read all controls on screen.
- Send arbitrary click to a Windows control.
Does anything like this exist?
Build Samba with WMI support from http://dev.zenoss.org/svn/trunk/inst/externallibs/wmi-1.2.9.tar.bz2. Not in the official Samba yet.
Get list of running processes
wmic -UAdministrator //host "select * from Win32_Process"
Kill a process
You need to run wmic on the Windows host using winexe because Samba wmic only supports querying
winexe -UAdministrator //host "wmic process where name=\"process.exe\" delete" # Kill process.exe
winexe -UAdministrator //host "wmic process where ProcessId=145 delete" # Kill pid 145
Start a process
winexe -UAdministrator //host process.exe
Read/write/create/delete files
You probably want to use Samba read man mount.cifs and man smbclient
Related
I have installed CouchDB on my Windows machine but while starting the CouchDB service, I am getting a message like:
Windows could not start the Apache CouchDB service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, please contact your system administrator.
As the service is not running, I am unable to access Fauxton too.
I am using Windows 7. CouchDB is 2.0.0. Port 5984 is not in use.
I don't think your question is a duplicate of https://stackoverflow.com/a/44107335/219187 because you are on Windows 7, and the problem described there is for Windows 10 with the creators update.
But maybe the solution fixes your problem as well? Here is the procedure:
Download the prelease build 2.2.4-101 from https://nssm.cc/download
Stop the CouchDB service through the Windows Services dialog (paused is not enough)
Overwrite nssm.exe in <CouchDbInstallDir>\bin with the one from the downloaded ZIP file (make sure you pick the right version 32 bit / 64 bit)
Start the CouchDB service
Issue it's happening since the last updates released by Microsoft. I'm not completely aware of what's causing it, but I think it's something related to CouchDB service not been able to start using Local Administrator rights.
However I've managed to start the service manually, by doing so:
Open Command Prompt - in the Search from the Start Menu or Task Bar type "cmd"
Run it as an Administrator - right click on the Command Prompt application and choose "Run as administrator" option /this is really IMPORTANT as it will allow the service to have administrator access/
Navigate to the folder where CouchDB is install - default path is "D:/CouchDB", but could be anywhere else; you have to find it
Go to the "bin" folder in there
Type "couchdb" as a command to start the service
You will see a message showing after this - "kernel-poll not supported; "K" parameter ignored"
If it adds some error messages after it or closes the whole terminal, you're making some things bad from this guide, so follow it strictly.
You can now open up the Fauxton application in the browser like normal from here - http://localhost:5984/_utils/
Keep in mind that you have to leave the cmd opened in order the service to be working as expected. As far as I saw no information was lost, so it's all good.
This is a temporary solution though, as we are waiting a relase from either Microsoft or Apache to solve the issue, or at least give us more explanation about it.
i just met the same problem.
the cause is space, you have to install CouchDB in a path without any space, even Program Files folder, because there is a space between Program and Files...
So im using ruby on rails in windows (i hear you all spitting your coffee onto the screen), its only a short term thing. (using ubuntu at home) So i tried to fire up webrick this afternoon and i get the error message
TCPServer Error, only one usage of each socket address is normally permitted
So it seems as if port 3000 is still running from last week? My question is how do i kill the process from the Windows command line. normally i have to press ctrl and pause/break in windows as ctrl c is not working which is only killing the batch process it seems..
Any solutions welcomed
Edit
So it seems as if
tasklist
will give me the list of processes, but where do i find the process for running the webrick server?
ruby.exe is not listed as a running process
Try using netstat -a -o -n to determine the pid of the process running on port 3000. Then you should be able to use taskkill /pid #### to kill whatever process is running on that port.
Probably not the most graceful way to do it, but I think it should work.
EDIT
You'll probably have to also use the /F flag to force-kill the process. I just tried it on my local machine, and that worked fine.
Go into rails_project\tmp\pids and delete the .pid file in there.
run:
rails server
I have created a VB.NET program using windows forms. The program runs on a remote PC and displays information on a screen. The computer does not even have a mouse or keyboard connected to it. The program shows the information based on the file that is loaded.
I want to be able to change this file remotely to another file that is already on the remote PC. I can't use a graphical remote desktop client as we have very limited bandwidth.
So, my idea is to change the file using the command prompt (I think I'll need something like SSH). I'm not sure how to do this. Should I use something like this and load DosModule first:
Module DOSModule
Public Sub Main()
Console.Write("First, start with Command Prompt processing ...")
Dim myWinForm As New WinForm
Application.Run(myWinForm)
End Sub
End Module
How would I then read commands that is send to the program? I also only want one instance of the program running.
Thanks
You have 2 options. The first is a custom program that WILL require some network programming, like it or not. I would suggest creating either a Command-Line batch file or else a PowerShell script, then creating a program to transfer the script to the remote computer and execute the script.
The second option and the one better suited for you would be to download an SSH server. An SSH server will essentially open a command window and pipe the input and output over to a telnet client running on your machine. If you are running a version of Windows Server, an SSH server comes with Windows Server. Otherwise, you can download one for free here: http://www.freesshd.com/
Once you install the SSH server, you simply use telnet, from a command prompt, to link up with your remote SSH server
I am looking for some kind of framework that will allow me to do connect to multiple servers using SSH and keep the connection open, reopen it if it dies, and allow me to run commands to it and report back. For example, check disk space on all the machines right away, so I'd do results = object.run("df -h") and it returns an array with the response from all the machines (I am not looking for a monitoring system).
Anyone have any idea?
I would use Python and the Fabric framework. Lets you easily execute commands on a set of servers - like doing deployment
with Fabric you could do
from fabric import run, env
def getSpace(server):
env.host_string
run("df -h")
>>> fab getSpace("234.24.32.1")
One way to do this would be to use Python and the paramiko library. Writing the functionality that runs a given command on a specified set of servers is then a simple matter of programming.
I need to know, is that possible to get a notification through email whenever my laptop is switched on or is connected to internet ?
An alternative is to get notification when set service 'Starts' on system boot.
Need C# code for this service.
If you have a web site somewhere and access to the log files, install wget or curl and then run this command:
wget -q http://your.site.com/MyLaptopIsConnected
Just search the error logs for this string to see when your laptop came online. Put the command in a BAT/CMD file and tell Windows to run it once the computer starts with the scheduler.