Executing batch files on remote client - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Executing batch files on remote client

Page 2 of 3

Topic Options

#162286 - 2006-05-26 03:35 PM Re: Executing batch files on remote client
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	how it will not work? if you type it in start menu -> run, it doesn't work? _________________________ ! download KiXnet
Top

#162287 - 2006-05-26 03:46 PM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	Yes of course it will work, if you run it on manually on remote machine…. I’m using RemoteExec to execute it remotely on a remote client. Rad comment is: “If you are passing a name and password, it can have access to network resources; otherwise the resources must be local.” So Im trying to find how to execute it using remoteexec() on remote client
Top

#162288 - 2006-05-26 03:55 PM Re: Executing batch files on remote client
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	k, you gave a username and password for it that has access to network? and the error the udf returns is? _________________________ ! download KiXnet
Top

#162289 - 2006-05-26 04:30 PM

Re: Executing batch files on remote client

JazzM

Getting the hang of it

Registered: 2004-04-23
Posts: 91

No error!
Returned 0

Code:



$computer = "172.60.10.10" 
$User = "domain\clientadm"
$Passwd = "silentadm"


$rc = fnRemoteExec('MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet', $computer, $User, $Passwd) 

? $rc


Function fnRemoteExec($sCommand,Optional $sComputer,Optional   $sUser,Optional $sPwd)
    Dim $objLocator,$objSvc,$objSet
    $objLocator = CreateObject("WbemScripting.SwbemLocator")
    $objSvc = IIf($sComputer='',$objLocator.ConnectServer(),$objLocator.ConnectServer($sComputer,,$sUser,$sPwd))
    If @ERROR Exit @ERROR EndIf
    $objSet = $objSvc.Get("Win32_Process")
    If @ERROR Exit @ERROR EndIf
    $fnRemoteExec = $objSet.Create($sCommand)
    Exit @ERROR
EndFunction

Top

#162290 - 2006-05-26 05:03 PM Re: Executing batch files on remote client
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	I played hell trying to get it to access network resources remotely... and I couldn't get much love at all. Therefore I push the files to remote machine and execute it 'local' on the remote PC _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#162291 - 2006-05-26 05:27 PM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	Ok, then not much love for me either … So the result success conditions using RemoteExec() udf depends on: - Commands which can be used in Silent, and None-Interactive mode. - Commands that NOT requires or calls for network resources. Until Windows truns to Unix!
Top

#162292 - 2006-05-26 09:54 PM Re: Executing batch files on remote client
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Sure you can do it now. Push a tokenized script and batch file with Shawn's RUNNAS with an encrypted command to go out to the network and grab or run what you want, then when done delete those files. All is hidden and silent so unless someone is actively snooping on the system the risk of locting or using the credentials is very low.
Top

#162293 - 2006-05-26 10:11 PM Re: Executing batch files on remote client
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Quote: Push a tokenized script and batch file with Shawn's RUNNAS... Now there is a huge security hole if I ever saw one! _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#162294 - 2006-05-27 12:14 AM Re: Executing batch files on remote client
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	eh, someone spanking the runnas ?
Top

#162295 - 2006-05-27 12:22 AM Re: Executing batch files on remote client
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I don't know why DOC is pimping your RUNNAS for insecure use. It's fine for EXEs where you can apply the CRC check, but it does no good to check CRC on KiX32.exe and then let the hacker subvert the process by sub'ing out the script. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#162296 - 2006-05-27 01:37 AM Re: Executing batch files on remote client
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Well you tell me who you have working there at your work Les who is sniffing and scanning his/her box 24/7 for remote access like that. Potentially if someone knew you were going to do it maybe, in real life probably a million to one chance that someone would see or know it was happening. If you're that paranoid you could even use a network account that was specific for that task and disable that account after using it to cut down the time window even, and remotely ACL the folder so that the user has DENY on it, but that's is still being really PARANOID. But to each his or her own I suppose. As with anything in life there are often risks and one has to judge for themselves what those risks are and if they're willing to take them.
Top

#162297 - 2006-05-27 02:38 AM Re: Executing batch files on remote client
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Quote: Well you tell me who you have working there at your work Les who is sniffing and scanning his/her box 24/7 for remote access like that. Me, myself and I... all three of us monitor all traffic on the WAN pipe. I am not a domain admin and if a domain admin were exposing vulnerabilities like you propose, that would soon change because I would leverage the opportunity and elevate myself just to prove a point and to get someone fired. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#162298 - 2006-05-27 02:46 AM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	Gotta admit with Doc... in this particular case, Im more then willing to take the chance ... So lets do it. How can Shawn's RUNNAS help me. I want to execute this remotly on a remote client (using RemoteExec() udf). MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet Where do I get Shawn's RUNNAS? What is tokenized script?
Top

#162299 - 2006-05-27 02:55 AM Re: Executing batch files on remote client
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I don't see why you would need to RUNNAS KiX and a tokenized script anyway. Just RUNNAS the installer with the CRC check. Much safer. Seek and you shall find RUNNAS. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#162300 - 2006-05-27 03:02 AM Re: Executing batch files on remote client
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Eh, if you subscribe to DOC's security model, then you may as well just use PSExec and make it real easy. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#162301 - 2006-05-27 03:04 AM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	I find the RUNNAS... reading the conversations... Seems that dear Les is into security even there... Well I don’t need the RUNNAS the whole kix… I just need RUNNAS for this part of the script… But first I would like to understand what I’m doing, before doing… could be a good idea… hehehe
Top

#162302 - 2006-05-27 03:10 AM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	Ey don’t get me wrong ... Its good to have security brains around which could time to time remind us about the real world around... But just for this particular case, I found the risk very low in the environment it will be used... If dear Shawn has done a cool RUNNAS, then I certainly will test that instead of PSExec...
Top

#162303 - 2006-05-27 03:43 AM Re: Executing batch files on remote client
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11625 Loc: CA	Quote: Me, myself and I... all three of us monitor all traffic on the WAN pipe. Okay, sure you do Les. It's like a needle in a haystack. If you have 1,000 machines plus servers and you think you can monitor the Gigabytes of traffic to that level then I think you've just elevated yourself to a GOD like status. Sorry, but unless you wrote a for purpose monitor and knew when this was going to happen it's just impossible to know when a remote call is valid or not and what it's doing. The point here is that Jazz and ONLY Jazz knows he is doing it and when he is doing it. It's not like another Admin or user has a sniffer or protocol analyzer running specifically looking for a packet that contains RUNNAS. Just not realistic for anyone to perform such a task out of the blue without prior knowledge.
Top

#162304 - 2006-05-29 11:28 AM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	ehhh... Why is Shawn suddenly surrounded by monsters, losing his hat!!! And Doc… look suspicious… smells Linux at the corner … Is this because Les is monitoring the Wan …
Top

#162305 - 2006-05-29 02:27 PM Re: Executing batch files on remote client
JazzM JazzM Getting the hang of it Registered: 2004-04-23 Posts: 91	… ok dudes … back to the subject, if you don’t mind… Now I’m completely lost…. Don’t really know how to use remoteexec() and RUNNAS together …. Doc suggested to “Pushing a tokenized script and batch file with Shawn's RUNNAS…” I tired and done some tests.. no success so far… getting dizzy on this… Could some give me a hand to solve this? The subject is still to remotely execute this: “MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet” - on a remote client using both remoteexec() udf and Shawn’s RUNNAS. The “msi.bat” contains this: “MsiExec.exe /i \\Appserv\StandardApps\Acdsee\Acdess.msi /quiet” $computer = "172.60.10.10" $RemotePath = “\\172.60.10.10\c$\winnt\temp\” Copy "msi.bat" $RemotePath /C $rc = RemoteExec('cmd /c c:\Winnt\Temp\msi.bat', $computer)
Top

Page 2 of 3

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org