Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Psexec error

From: Karan Ingle <karan.ingle () gmail com>
Date: Thu, 20 May 2010 13:19:08 +0530
Thanks for the reply Mark.


The link was helpful. But unfortunately didnt solve the issue.


The following helped me connect using psexec v1.96:

"I did patch the resource file (psexecvc.exe) because the service didn't
want to load due to the same problem with the OS/Subsystem settings.
As a test I attempted to start notepad.exe nothing happened unlike XP which
worked, all I could see was psexecvc.exe loaded in the process list.
After double check again today it appears that notepad.exe does indeed load
but for some reason was invisible to the desktop, perhaps this is to be
expected of NT4??
So I tried "psexec.exe c:\winnt\system32\cmd.exe /c notepad.exe" instead
which seems to have done the trick. :)

As for patching psexec.exe v1.96 find a decent hex editor go to the
following locations $120, $128, $2F230, $2F238 and change $05 to $04. " -
Richard S.

Ref: http://84.45.57.224/psexec-error-on-nt4_topic20629.html


I am not that good at editing ruby files so could not patch the msf psexec.

QUICK FIX: edit the psexec v1.96 and connect to the target. keep the session
active(so PSEXESVC is running on the target). Then run the msf and use the
psexec exploit and Njoy!!!!

;)

Karan Ingle.



On Thu, May 20, 2010 at 7:55 AM, Mark Baggett <lo127001 () gmail com> wrote:


Does this help?

http://pauldotcom.com/2009/12/why-your-metasploit-psexec-mod.html

Mark Baggett


On May 19, 2010, at 8:05 AM, Karan Ingle wrote:

Tried using the psexec exploit to connect to a remote windows 2003 server.

I kept getting connection refused.


so i tried connecting using psexec and got the following error:


o:\tools>psexec.exe \\10.64.5.X -u DOMAIN\administrator cmd.exe

PsExec v1.95 - Execute processes remotely
Copyright (C) 2001-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

Password:
Could not start PsExec service on 10.64.5.204:
%1 is not a valid Win32 application.



This lead to a trouble-shooting search where i stumbled upon-

http://84.45.57.224/psexec-error-on-nt4_topic20629.html

PLEASE NOTE: i have administrator(local and domain) access tot he server
and all anti-virus/security software are disabled on the target.

Aim is to get a meterpreter shell.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: