Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: psexec failing against XP and seven
From: Ron <ron () skullsecurity net>
Date: Tue, 24 May 2011 21:10:22 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try:

mod.program = 'cmd /c "taskllist.exe /svc"'

That may or may not work. The issue is that some Windows apps are implemented in a totally insane way. 

Ron

On Wed, 25 May 2011 00:26:25 +0100 Brahim Sakka <brahim.sakka () gmail com> wrote:
I've been playing around with the script , modifiying the
configuration files and trying the different examples. I'm impressed
how this NSE script bypasses the classic psexec's capabilities.

However there is a single configuration attempt that did not work as
expected:

*mod = {}*
*mod.upload           = false*
*mod.name             = "Extracting tasklist output"*
*mod.program          = "tasklist.exe"*
*mod.args             = "/svc"*
*table.insert(modules, mod)*


*Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-24 19:30 CET*
*PORT    STATE SERVICE*
*139/tcp open  netbios-ssn*
*445/tcp open  microsoft-ds*
*
*
*Host script results:*
*| smb-psexec: *
*|   Tasklist*
*|_*


Tried this on a couple of machines. And no tasklist information was
returned.
Anyone knows a workaround to this?

2011/5/24 Ron <ron () skullsecurity net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 24 May 2011 09:52:37 +0100 Brahim Sakka
<brahim.sakka () gmail com> wrote:
There is a -c switch in the psexec that "copies the program
(command) to the target machine before execution". Is there an
equivalent for that in Nmap's psexec ?
Yes, it's in the configuration file. By default, default.lua is
used, but if you look at pwdump.lua you'll see that it uploads.

Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk3bpYgACgkQ2t2zxlt4g/RDkACgz9cwkybTD0UcYKRWPzEQKcst
nz0An3UxklpT1NoaKMnIOc7ZP1dMdRgV
=BFNw
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk3cZRYACgkQ2t2zxlt4g/RWTgCgogArmNWfShYS1Qplv/RkwoXI
a4UAn0YLrMlxrqHau1jgNp0FuqG+Otyx
=CsZH
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault