Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request for comments: smb-psexec.nse

From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Tue, 5 Jan 2010 12:01:12 +0100
Hi Ron,

Thanks a lot for this script, that is really exciting stuff!

Do you have any plans to extend support to Windows XP?

As you indicated below, this currently does not work yet on XP; it
returns the following error (using Nmap 5.10BETA2, target is Windows
XP SP3):

--
Host script results:
| smb-psexec:
|_  ERROR: Couldn't create the service on the remote machine:
NT_STATUS_UNKNOWN (0x000006e4) (svcctl.openscmanagerw)
Final times for host: srtt: 1742 rttvar: 6224  to: 100000
--

On the other hand, winexec (http://eol.ovh.org/winexe/) does work fine
on this host.
Given that I believe that you are following a similar method as
winexec (see http://seclists.org/nmap-dev/2009/q1/374), this is
promising :)

Any idea?

Thanks!

Kristof

On Sun, Nov 8, 2009 at 10:32 PM, Ron <ron () skullsecurity net> wrote:

All right, I merged in all my changes. Let me know if there are any
requests/issues!

Ron


Ron wrote:

So, I haven't heard any negative comments on any of my changes yet. I'm
hoping to merge in my changes very soon.

Please speak up if you don't want me to!

Thanks
Ron

Ron wrote:

Hi all,

I'm happy to say, I consider the current version of smb-psexec.nse in my
branch to be basically finished (for some definition of the word -- I'm
sure I'll continue adding to it as we go on). You can find it in:
svn://svn.insecure.org/nmap-exp/ron/nmap-smb

I'd like to move everything in that branch into the trunk sometime in
the near future. I'm pretty comfortable with the new versions of the
libraries, and with smb-psexec.nse itself, but this is the opportunity
to give it a test if you aren't sure.

It'll run against Windows 2000 and Windows 2003. I haven't tested
against XP lately, but as of last time I tried it failed. I haven't
spent the time to track down that bug yet.

If you want to know how the service works, I basically wrote a book at
the top of smb-psexec.nse, including examples and everything. Way more
than I could write here!


A bigger question I have, and was hoping somebody could comment on
(Fyodor or David?) is the file structure.. this is what I did:
nmap/scripts/smb-psexec.nse: script is where it belongs
nmap/nselib/data/psexec/nmap_service.c (and .vcproj): Windows sourcecode
for the remote service
nmap/nselib/data/psexec/nmap_service.exe: Compiled remote service (I
compiled it on Visual Studio 2005)
nmap/nselib/data/psexec/*.lua: configuration files for various modules
nmap/nselib/data/psexec/*.exe: uploadable executables (I don't include
any, but that's where people will be putting them)

Is there any issues with how that's laid out? And is distributing the
compiled .exe like that ok?

Thanks!







--
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: