lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040506231451.BSNH64967.fep03-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: Psexec on *NIX 

What he wants is a Unix version of the psexec Windows program, which uses
RPC and SMB to execute  on another Windows machine (WITHOUT INSTALLING
ANYTHING ON THAT WINDOWS MACHINE). All of the suggestions such as ssh or rsh
require one to install an executable on the target Windows machine. Psexec
does not.
It should be possible to create such a beast using the Samba object library
and there are some features of SysInternals ps* suite of programs already
available in Samba.
  Psexec is a very useful, but dangerous program. Anyone who has it and
knows an account that has privileges on your Windows system can create a
command line shell (or execute any program) on your system without
installing anything on your system as long as there is a CIFS/SMB (port 445)
or NetBIOS ( ports UDP 135 and 137,139/TCP) port connection allowed between
the systems. 
  What is does is use the default RPC$ share on Windows to download a small
executable called PSEXECSVC.EXE into your %SystemDir% directory and start
that as a service. It then uses that as a shell to run the given program as
if it were run from a CMD prompt, collecting SYSIN from remote and sending
SYSOUT and SYSERR to remote. Once the execution finishes the service
terminates itself and disappears. A very effective RAT used by
administrators all the time. 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
Valdis.Kletnieks@...edu
Sent: May 6, 2004 3:50 PM
To: Chris Carlson
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Psexec on *NIX 

On Thu, 06 May 2004 14:54:55 EDT, Chris Carlson <chris@...pucounts.com>
said:

> service, then removes it.  I also know that the r services are an
> option, as is ssh, but these are not what I want.

Can you quantify *why* those aren't what you want?  From what you originally
said, rsh or ssh should be a good solution.  If they aren't, we need to know
why they aren't in order to propose other solutions....

> If it doesn't exist, then it doesn't exist.  In that case, I'll go make
> one.   I'm just trying to save myself some time here.

Re-inventing the wheel almost never saves time....


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ