Metasploit mailing list archives
Re: psexec error: DCERPC FAULT => nca_s_fault_ndr
From: Rob Fuller <mubix () room362 com>
Date: Wed, 21 Sep 2011 21:59:54 -0400
No, I'm sorry but psexec, even the MOF version requires Administrative privileges on the remote host. The primary method creates a service, the MOF method writes a file to the System32\Wbem directory. Both of which require administrative access. There might be a way to do so at a user level but it's not currently implemented in Metasploit's psexec module. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Wed, Sep 21, 2011 at 6:13 PM, yakup korkmaz <yakupkorkmaz () gmail com>wrote:
Hi Rob, thanks for the comment. But actually, I get this error not only from one host but from almost every host that has a shared folder and when I checked them with nmap and also remote desktop connection, they were all Windows hosts. And also when I ran the smb_enumshares module against those hosts, I could see that they had already the administrative shares like ADMIN$, C$, etc.. I wasn't using ADMIN$ with psexec, because I was trying to run it with a regular domain user account without having any domain or local admin privileges and the user had write access on one of the shares on that remote host. Can't we use psexec with a regular user account or what may cause to get such an error? thanks, Yakup On Wed, Sep 21, 2011 at 5:18 PM, Rob Fuller <mubix () room362 com> wrote:I've seen this happen when I was stupidly trying to run psexec against a Samba (UNIX Windows-like sharing) host. Might be why ADMIN$ isn't thereaswell. -- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Wed, Sep 21, 2011 at 4:21 AM, yakup korkmaz <yakupkorkmaz () gmail com> wrote:Hi everyone, I want to run psexec module with normal domain user account privileges in a remote host which has a shared folder that I have write permissions on. But each time I try to run this module with domain user credentials and using that share instead of ADMIN$, I get the following error: "Error: DCERPC FAULT => nca_s_fault_ndr". I can see that metaspoit succesfully copies the meterpreter payload in that shared folder but it couldn't get it run. I think it is because of the remote procedure calls and my domain user does not have the sufficient permissions to run the payload in the remote host using dcerpc service. Is there a way to get it work or am I doing something wrong when using the psexec module? thanks in advance, Yakup Korkmaz _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- psexec error: DCERPC FAULT => nca_s_fault_ndr yakup korkmaz (Sep 21)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr Rob Fuller (Sep 21)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr yakup korkmaz (Sep 21)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr Joshua Smith (Sep 21)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr Rob Fuller (Sep 21)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr yakup korkmaz (Sep 25)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr yakup korkmaz (Sep 21)
- Re: psexec error: DCERPC FAULT => nca_s_fault_ndr Rob Fuller (Sep 21)