Nmap Development mailing list archives
Re: Problems using psexec
From: Ron <ron () skullsecurity net>
Date: Fri, 08 Jan 2010 10:15:45 -0600
Hey,It's interesting that it's working with winexec but not with Nmap. The problem you're having is that you're getting "access denied" when trying to start a service, but everything else is working (like the upload, etc). Normally, I only see that when UAC is enabled on Vista or 7 and it's killing the session.
Would it be possible to get two packet captures: one with winexec working and the other with Nmap failing? You can send them to me off the list if you'd prefer.
Thanks! Ron On 01/08/2010 09:54 AM, Reinartz Ralf AII.Pforzheim wrote:
Hello all, I played a little bit with the smb-psexec. System: Linux Kernel 2.6.31 Suse 11.2 Nmap 5.10BETA2 On some Machines it works as expected, on others with similar configuration (w2k3 sp2) it fails. The credentials are ok, files seems to be uploaded but the service manager does not work. With same credential "winexec" work. Windows firewall is turned off Is it nessassary to enable any specific Service on Windows site? It's a Bug or works as designed ans the are restriction in Systemconfiguration on windows site? Thx ralf NSE: Script scanning xxx.xxx.xxx.xxx NSE: Starting runlevel 1 scan Initiating NSE at 16:41 NSE: NSE Script Threads (1) running: NSE: Starting smb-psexec against xxx.xxx.xxx.xxx. NSE: smb-psexec: Attempting to find file: examples.lua NSE: smb-psexec: Attempting to load config file: ./examples.lua NSE: smb-psexec: Using share chosen by the user: C$ (c:) NSE: SMB: Added account '' to account list NSE: SMB: Added account 'guest' to account list NSE: SMB: Added account 'administrator' to account list NSE: smb-psexec: Generated static service name: 1372bdf4 NSE: smb-psexec: Generated static service name: 1372bdf4 NSE: smb-psexec: Generated static service filename: b283c84c.out.tmp NSE: smb-psexec: Generated static output filename: e57b281d.out NSE: smb-psexec: Verifying uploadable executables exist NSE: smb-psexec: Looking for uploadable module: fgdump.exe or fgdump.exe.exe NSE: smb-psexec: Attempting to find file: fgdump.exe NSE: Couldn't find uploadable module fgdump.exe, disabling NSE: You can try getting it from: http://www.foofus.net/fizzgig/fgdump/ NSE: smb-psexec: Timeout waiting for a response is 15 seconds NSE: smb-psexec: Replacing variables in the modules' fields NSE: smb-psexec: Entering cleanup() -- errors here can generally be ignored NSE: Stopping service: 1372bdf4 NSE: smb-psexec: [cleanup] Couldn't stop service: NT_STATUS_SERVICE_DOES_NOT_EXIST (svcctl.openservicew) NSE: Deleting service: 1372bdf4 NSE: smb-psexec: [cleanup] Couldn't delete service: NT_STATUS_SERVICE_DOES_NOT_EXIST (svcctl.openservicew) NSE: SMB: Couldn't delete C$\e57b1d5d.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND NSE: SMB: Couldn't delete C$\e57b281d.out: NT_STATUS_OBJECT_NAME_NOT_FOUND NSE: SMB: Couldn't delete C$\b283c84c.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND NSE: smb-psexec: Leaving cleanup() NSE: smb-psexec: Uploading: nselib/data/psexec/nmap_service.exe => \\C$\e57b1d5d.txt NSE: smb-psexec: Service file successfully uploaded! NSE: smb-psexec: Attempting to upload the modules NSE: smb-psexec: Modules successfully uploaded! NSE: Creating service: 1372bdf4 (c:\e57b1d5d.txt) NSE: Starting service: 1372bdf4 NSE: Opening the remote service manager NSE: smb-psexec: Couldn't start the service: NT_STATUS_WERR_ACCESS_DENIED (svcctl.startservicew) NSE: smb-psexec: Entering cleanup() -- errors here can generally be ignored NSE: Stopping service: 1372bdf4 NSE: smb-psexec: [cleanup] Couldn't stop service: NT_STATUS_SERVICE_NOT_ACTIVE (svcctl.controlservice) NSE: Deleting service: 1372bdf4 NSE: SMB: Couldn't delete C$\e57b281d.out: NT_STATUS_OBJECT_NAME_NOT_FOUND NSE: SMB: Couldn't delete C$\b283c84c.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND NSE: smb-psexec: Leaving cleanup() NSE: Finished smb-psexec against 10.236.5.11. Completed NSE at 16:41, 0.37s elapsed NSE: Script Scanning completed. applied international informatics GmbH Sitz der Gesellschaft: Berlin; Registergericht: Berlin-Charlottenburg HRB 77891B Geschaeftsfuehrung: Josef Duermoser, Michael Bihn Wichtiger Hinweis: Diese E-Mail und etwaige Anlagen koennen Betriebs- oder Geschaeftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtuemlich erhalten haben, ist Ihnen der Status dieser E-Mail bekannt. Bitte benachrichtigen Sie uns in diesem Fall sofort durch Antwort-Mail und loeschen Sie diese E-Mail nebst etwaigen Anlagen von Ihrem System. Ebenso duerfen Sie diese E-Mail oder ihre Anlagen nicht kopieren oder an Dritte weitergeben. Vielen Dank! Important Note: This e-mail and any attachment are confidential and may contain trade secrets or otherwise protected from disclosure. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this e-mail and any attachment from your system. If you are not the intended recipient please understand that you must not copy this e-mail or any attachment or disclose the contents to any other person. Thank you! _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Problems using psexec Reinartz Ralf AII . Pforzheim (Jan 08)
- Re: Problems using psexec Ron (Jan 08)