Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: psexec failing against XP and seven

From: Brahim Sakka <brahim.sakka () gmail com>
Date: Wed, 25 May 2011 00:26:25 +0100
I've been playing around with the script , modifiying the configuration
files and trying the different examples. I'm impressed how this NSE script
bypasses the classic psexec's capabilities.

However there is a single configuration attempt that did not work as
expected:

*mod = {}*
*mod.upload           = false*
*mod.name             = "Extracting tasklist output"*
*mod.program          = "tasklist.exe"*
*mod.args             = "/svc"*
*table.insert(modules, mod)*


*Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-24 19:30 CET*
*PORT    STATE SERVICE*
*139/tcp open  netbios-ssn*
*445/tcp open  microsoft-ds*
*
*
*Host script results:*
*| smb-psexec: *
*|   Tasklist*
*|_*


Tried this on a couple of machines. And no tasklist information was
returned.
Anyone knows a workaround to this?

2011/5/24 Ron <ron () skullsecurity net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 May 2011 09:52:37 +0100 Brahim Sakka <brahim.sakka () gmail com>
wrote:

There is a -c switch in the psexec that "copies the program (command)
to the target machine before execution". Is there an equivalent for
that in Nmap's psexec ?

Yes, it's in the configuration file. By default, default.lua is used, but
if you look at pwdump.lua you'll see that it uploads.

Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk3bpYgACgkQ2t2zxlt4g/RDkACgz9cwkybTD0UcYKRWPzEQKcst
nz0An3UxklpT1NoaKMnIOc7ZP1dMdRgV
=BFNw
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: