[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040506231451.BSNH64967.fep03-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: Psexec on *NIX
What he wants is a Unix version of the psexec Windows program, which uses
RPC and SMB to execute on another Windows machine (WITHOUT INSTALLING
ANYTHING ON THAT WINDOWS MACHINE). All of the suggestions such as ssh or rsh
require one to install an executable on the target Windows machine. Psexec
does not.
It should be possible to create such a beast using the Samba object library
and there are some features of SysInternals ps* suite of programs already
available in Samba.
Psexec is a very useful, but dangerous program. Anyone who has it and
knows an account that has privileges on your Windows system can create a
command line shell (or execute any program) on your system without
installing anything on your system as long as there is a CIFS/SMB (port 445)
or NetBIOS ( ports UDP 135 and 137,139/TCP) port connection allowed between
the systems.
What is does is use the default RPC$ share on Windows to download a small
executable called PSEXECSVC.EXE into your %SystemDir% directory and start
that as a service. It then uses that as a shell to run the given program as
if it were run from a CMD prompt, collecting SYSIN from remote and sending
SYSOUT and SYSERR to remote. Once the execution finishes the service
terminates itself and disappears. A very effective RAT used by
administrators all the time.
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
Valdis.Kletnieks@...edu
Sent: May 6, 2004 3:50 PM
To: Chris Carlson
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Psexec on *NIX
On Thu, 06 May 2004 14:54:55 EDT, Chris Carlson <chris@...pucounts.com>
said:
> service, then removes it. I also know that the r services are an
> option, as is ssh, but these are not what I want.
Can you quantify *why* those aren't what you want? From what you originally
said, rsh or ssh should be a good solution. If they aren't, we need to know
why they aren't in order to propose other solutions....
> If it doesn't exist, then it doesn't exist. In that case, I'll go make
> one. I'm just trying to save myself some time here.
Re-inventing the wheel almost never saves time....
Powered by blists - more mailing lists