Full Disclosure mailing list archives
RE: Psexec on *NIX
From: "Bill Royds" <full-disclosure () royds net>
Date: Thu, 6 May 2004 19:14:48 -0400
What he wants is a Unix version of the psexec Windows program, which uses RPC and SMB to execute on another Windows machine (WITHOUT INSTALLING ANYTHING ON THAT WINDOWS MACHINE). All of the suggestions such as ssh or rsh require one to install an executable on the target Windows machine. Psexec does not. It should be possible to create such a beast using the Samba object library and there are some features of SysInternals ps* suite of programs already available in Samba. Psexec is a very useful, but dangerous program. Anyone who has it and knows an account that has privileges on your Windows system can create a command line shell (or execute any program) on your system without installing anything on your system as long as there is a CIFS/SMB (port 445) or NetBIOS ( ports UDP 135 and 137,139/TCP) port connection allowed between the systems. What is does is use the default RPC$ share on Windows to download a small executable called PSEXECSVC.EXE into your %SystemDir% directory and start that as a service. It then uses that as a shell to run the given program as if it were run from a CMD prompt, collecting SYSIN from remote and sending SYSOUT and SYSERR to remote. Once the execution finishes the service terminates itself and disappears. A very effective RAT used by administrators all the time. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Valdis.Kletnieks () vt edu Sent: May 6, 2004 3:50 PM To: Chris Carlson Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Psexec on *NIX On Thu, 06 May 2004 14:54:55 EDT, Chris Carlson <chris () compucounts com> said:
service, then removes it. I also know that the r services are an option, as is ssh, but these are not what I want.
Can you quantify *why* those aren't what you want? From what you originally said, rsh or ssh should be a good solution. If they aren't, we need to know why they aren't in order to propose other solutions....
If it doesn't exist, then it doesn't exist. In that case, I'll go make one. I'm just trying to save myself some time here.
Re-inventing the wheel almost never saves time.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Psexec on *NIX Chris Carlson (May 06)
- Re: Psexec on *NIX Ondrej Krajicek (May 06)
- Re: Psexec on *NIX Harlan Carvey (May 06)
- Re: Psexec on *NIX Michael Gargiullo (May 06)
- Re: Psexec on *NIX Nico Golde (May 07)
- Re: Psexec on *NIX Valdis . Kletnieks (May 07)
- Re: Psexec on *NIX Michael Gargiullo (May 06)
- Re: Psexec on *NIX François Harvey (May 07)
- <Possible follow-ups>
- RE: Psexec on *NIX Chris Carlson (May 06)
- Re: Psexec on *NIX Valdis . Kletnieks (May 06)
- RE: Psexec on *NIX Bill Royds (May 06)
- Re: Psexec on *NIX whiplash (May 06)
- Re: [despammed] Re: Psexec on *NIX whiplash (May 06)
- Re: Psexec on *NIX Ondrej Krajicek (May 06)
- Re: Psexec on *NIX Valdis . Kletnieks (May 06)
- Re: Psexec on *NIX hybriz (May 06)
- Re: Psexec on *NIX Ondrej Krajicek (May 07)
- Re: Psexec on *NIX Nico Golde (May 07)
- RE: Psexec on *NIX Chris Carlson (May 06)
- RE: Psexec on *NIX Scott Taylor (May 06)
- Re: Psexec on *NIX Jon S. (May 06)
- Re: Psexec on *NIX Ondrej Krajicek (May 07)