Re: psexec error: DCERPC FAULT => nca_s_fault_ndr

[Rob Fuller <mubix () room362 com>]

No, I'm sorry but psexec, even the MOF version requires Administrative
privileges on the remote host. The primary method creates a service, the MOF
method writes a file to the System32\Wbem directory. Both of which require
administrative access. There might be a way to do so at a user level but
it's not currently implemented in Metasploit's psexec module.

--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org


On Wed, Sep 21, 2011 at 6:13 PM, yakup korkmaz <yakupkorkmaz () gmail com>wrote:

> Hi Rob,
>
> thanks for the comment. But actually, I get this error not only from
> one host but from almost every host that has a shared folder and when
> I checked them with nmap and also remote desktop connection, they were
> all Windows hosts. And also when I ran the smb_enumshares module
> against those hosts, I could see that they had already the
> administrative shares like ADMIN$, C$, etc..
>
> I wasn't using ADMIN$ with psexec, because I was trying to run it with
> a regular domain user account without having any domain or local admin
> privileges and the user had write access on one of the shares on that
> remote host.
>
> Can't we use psexec with a regular user account or what may cause to
> get such an error?
>
> thanks,
> Yakup
>
>
> On Wed, Sep 21, 2011 at 5:18 PM, Rob Fuller <mubix () room362 com> wrote:
> > I've seen this happen when I was stupidly trying to run psexec against a
> > Samba (UNIX Windows-like sharing) host. Might be why ADMIN$ isn't there
> as
> > well.
> >
> > --
> > Rob Fuller | Mubix
> > Certified Checkbox Unchecker
> > Room362.com | Hak5.org
> >
> >
> > On Wed, Sep 21, 2011 at 4:21 AM, yakup korkmaz <yakupkorkmaz () gmail com>
> > wrote:
> > > Hi everyone,
> > >
> > > I want to run psexec module with normal domain user account privileges
> > > in a remote host which has a shared folder that I have write
> > > permissions on. But each time I try to run this module with domain
> > > user credentials and using that share instead of ADMIN$, I get the
> > > following error: "Error: DCERPC FAULT => nca_s_fault_ndr".
> > >
> > > I can see that metaspoit succesfully copies the meterpreter payload in
> > > that shared folder but it couldn't get it run. I think it is because
> > > of the remote procedure calls and my domain user does not have the
> > > sufficient permissions to run the payload in the remote host using
> > > dcerpc service.
> > >
> > > Is there a way to get it work or am I doing something wrong when using
> > > the psexec module?
> > >
> > > thanks in advance,
> > >
> > > Yakup Korkmaz
> > > _______________________________________________
> > > https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework