lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: full-disclosure at royds.net (Bill Royds) Subject: Psexec on *NIX What he wants is a Unix version of the psexec Windows program, which uses RPC and SMB to execute on another Windows machine (WITHOUT INSTALLING ANYTHING ON THAT WINDOWS MACHINE). All of the suggestions such as ssh or rsh require one to install an executable on the target Windows machine. Psexec does not. It should be possible to create such a beast using the Samba object library and there are some features of SysInternals ps* suite of programs already available in Samba. Psexec is a very useful, but dangerous program. Anyone who has it and knows an account that has privileges on your Windows system can create a command line shell (or execute any program) on your system without installing anything on your system as long as there is a CIFS/SMB (port 445) or NetBIOS ( ports UDP 135 and 137,139/TCP) port connection allowed between the systems. What is does is use the default RPC$ share on Windows to download a small executable called PSEXECSVC.EXE into your %SystemDir% directory and start that as a service. It then uses that as a shell to run the given program as if it were run from a CMD prompt, collecting SYSIN from remote and sending SYSOUT and SYSERR to remote. Once the execution finishes the service terminates itself and disappears. A very effective RAT used by administrators all the time. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Valdis.Kletnieks@...edu Sent: May 6, 2004 3:50 PM To: Chris Carlson Cc: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Psexec on *NIX On Thu, 06 May 2004 14:54:55 EDT, Chris Carlson <chris@...pucounts.com> said: > service, then removes it. I also know that the r services are an > option, as is ssh, but these are not what I want. Can you quantify *why* those aren't what you want? From what you originally said, rsh or ssh should be a good solution. If they aren't, we need to know why they aren't in order to propose other solutions.... > If it doesn't exist, then it doesn't exist. In that case, I'll go make > one. I'm just trying to save myself some time here. Re-inventing the wheel almost never saves time....
Powered by blists - more mailing lists