Nmap Development mailing list archives
Re: Request for comments: smb-psexec.nse
From: Kristof Boeynaems <kristof.boeynaems () gmail com>
Date: Tue, 5 Jan 2010 12:01:12 +0100
Hi Ron, Thanks a lot for this script, that is really exciting stuff! Do you have any plans to extend support to Windows XP? As you indicated below, this currently does not work yet on XP; it returns the following error (using Nmap 5.10BETA2, target is Windows XP SP3): -- Host script results: | smb-psexec: |_ ERROR: Couldn't create the service on the remote machine: NT_STATUS_UNKNOWN (0x000006e4) (svcctl.openscmanagerw) Final times for host: srtt: 1742 rttvar: 6224 to: 100000 -- On the other hand, winexec (http://eol.ovh.org/winexe/) does work fine on this host. Given that I believe that you are following a similar method as winexec (see http://seclists.org/nmap-dev/2009/q1/374), this is promising :) Any idea? Thanks! Kristof On Sun, Nov 8, 2009 at 10:32 PM, Ron <ron () skullsecurity net> wrote:
All right, I merged in all my changes. Let me know if there are any requests/issues! Ron Ron wrote:So, I haven't heard any negative comments on any of my changes yet. I'm hoping to merge in my changes very soon. Please speak up if you don't want me to! Thanks Ron Ron wrote:Hi all, I'm happy to say, I consider the current version of smb-psexec.nse in my branch to be basically finished (for some definition of the word -- I'm sure I'll continue adding to it as we go on). You can find it in: svn://svn.insecure.org/nmap-exp/ron/nmap-smb I'd like to move everything in that branch into the trunk sometime in the near future. I'm pretty comfortable with the new versions of the libraries, and with smb-psexec.nse itself, but this is the opportunity to give it a test if you aren't sure. It'll run against Windows 2000 and Windows 2003. I haven't tested against XP lately, but as of last time I tried it failed. I haven't spent the time to track down that bug yet. If you want to know how the service works, I basically wrote a book at the top of smb-psexec.nse, including examples and everything. Way more than I could write here! A bigger question I have, and was hoping somebody could comment on (Fyodor or David?) is the file structure.. this is what I did: nmap/scripts/smb-psexec.nse: script is where it belongs nmap/nselib/data/psexec/nmap_service.c (and .vcproj): Windows sourcecode for the remote service nmap/nselib/data/psexec/nmap_service.exe: Compiled remote service (I compiled it on Visual Studio 2005) nmap/nselib/data/psexec/*.lua: configuration files for various modules nmap/nselib/data/psexec/*.exe: uploadable executables (I don't include any, but that's where people will be putting them) Is there any issues with how that's laid out? And is distributing the compiled .exe like that ok? Thanks!-- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Request for comments: smb-psexec.nse Kristof Boeynaems (Jan 05)
- Re: Request for comments: smb-psexec.nse Ron (Jan 05)
- Re: Request for comments: smb-psexec.nse Kristof Boeynaems (Jan 05)
- Re: Request for comments: smb-psexec.nse Ron (Jan 05)