Page 1 of 2 12>
Topic Options
#85666 - 2002-05-16 01:18 AM Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Hi there!

With WMI:
-I can, run a process remotely as myself[impersonate].
-I can, run a process remotely as another user.
-I CANNOT run a process remotely as anyone that interacts with any resources outside of the remote box! My head hurts! [Mad]

*Remotely as myself
code:
  
Break On
$RemoteBox = "your remote hostname here" ;No \\
$ServerShr = "\\Server\share"

$RCommand = "cmd /c Dir C:\>c:\output.txt & pause" ;Local Command
;$RCommand = "cmd /c Dir C:\>$ServerShr\output.txt & pause" ;Remote Command Fails

$Connect = GetObject("winmgmts:{impersonationLevel=impersonate}!//$RemoteBox/root/cimv2:Win32_Process")
? @serror
$Process = $Connect.Create($RCommand)
? @serror

If NOT $Process
? "Process executed successfully!"
Else
? "Process failed..."
EndIf

$Connect=""
$Process=""

:END

*Remotely as any user with local admin rights
code:
  
Break On
$RemoteBox = "your remote hostname here" ;No \\
$ServerShr = "\\Server\share"
$ID = "Domain\UserID" ; Use any account with local admin rights
$PW = "Password" ; Obvious security concerns

$RCommand = "cmd /c Dir C:\>c:\output.txt & pause" ;Local Command works
;$RCommand = "cmd /c Dir C:\>$ServerShr\output.txt & pause" ;Remote Command fails

$Connect = CreateObject("WbemScripting.SWbemLocator")
? @serror
$Con2 = $Connect.ConnectServer("$remotebox","root\cimv2","$ID","$PW")
? @serror
$Con3 = $Con2.Get("Win32_Process")
? @serror
$Process = $Con3.Create($RCommand)
? @serror

If NOT $Process
? "Process executed successfully!"
Else
? "Process failed..."
EndIf

$Connect=""
$Process=""
$Con2=""
$Con3=""

:END

Switch the $Commands, in both cases the remote fails... I have been upside down the SDK and the MSDN. I beg of someone, anyone, please, please, please, provide me with the answer! [Frown] I will consider naming my first born after you! (My wife probably wont agree though... [Smile]

I'm desperate!

-Jim

Note: I will UDF these after I figure this last one out.
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85667 - 2002-05-16 01:23 AM Re: Remote Execution - Driving me insane!
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11164
Loc: Boston, MA, USA
Have you thought of using the Task Scheduler for this? The Task Scheduler can execute under a defined username and can be scheduled remotely. Please take a look at the ScheduleTask() UDF. Oh, and take a look at this thread: http://kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=1&t=003208

I know, it's not COM but it would solve your problem [Wink]

[ 16 May 2002, 01:26: Message edited by: sealeopard ]
_________________________
There are two types of vessels, submarines and targets.

Top
#85668 - 2002-05-16 01:27 AM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
There's actually a freeware that does this exact thing - PSEXEC.EXE (www.sysinternals.com). I'm looking for a com version or scriptable version.

SO CLOSE...

Also, someone has reverse eng it, it temporarily installs a service... [Smile]

PSEXEC reverse
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85669 - 2002-05-17 11:58 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Anyone out there acctually interested in this?
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85670 - 2002-05-18 01:49 AM Re: Remote Execution - Driving me insane!
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Crap !

Jim, I was interested in this. I read it last night at home thinking to myself I would try it first thing when I got into work today. Guess there's no way to "fake" this on one lonely home workstation eh ?

-Shawn

[ 18 May 2002, 01:50: Message edited by: Shawn ]

Top
#85671 - 2002-05-20 04:00 PM Re: Remote Execution - Driving me insane!
BrianTX Offline
Korg Regular

Registered: 2002-04-01
Posts: 895
I'm interested in this as well...

Brian

Top
#85672 - 2002-05-20 05:21 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Glad to see you're on board for this guys! I was beginning to think I was all alone on this one... [Smile]

Some keywords that I have been focusing on:
RevertToSelf
coImpersonateClient
coSetProxyBlanket
Delegate -> Possibly the ans. I think this requires Kerberos though...

Unfortunately, I don't think that any of these methods are Kix friendly, except the delegate prop of impersonate. I'm not a programmer by trade either, so it's been 'learn as you go'. From what I have gathered, it seems as though VBS may be a better platform for this. [Frown] Booooo!

Maybe we need start think outside of the bun?

Perhaps create/remove a temp service like the PSEXEC?
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85673 - 2002-05-20 11:06 PM Re: Remote Execution - Driving me insane!
BrianTX Offline
Korg Regular

Registered: 2002-04-01
Posts: 895
Here is a link I found to another utility.. haven't tested it out, yet:

http://www.maxcode.com/nuke/article.php?sid=141

Top
#85674 - 2002-05-20 11:27 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Sweet, but that link is bad... Same app diff location.

http://www.codeguru.com/network/xCmd.html

BTW,

This doesn't work either...

quote:
The service is run under the built-in 'SystemAccount'.
MSDN gives an alternative:
"You could add the REG_DWORD value named "RestrictNullSessAccess" to the following registry key and set it to 0 to allow all null sessions to access all pipes and shares created on that machine. "

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
LanmanServer\Parameters\


Thought that might apply... [Frown]

[ 20 May 2002, 23:35: Message edited by: jtokach ]
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85675 - 2002-05-23 04:51 PM Re: Remote Execution - Driving me insane!
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Jim,

Any revelations on this ? Can't see why this isn't working to be totally honest, everything seems to be in place. When you look at the owner or username attached to the remote process, it shows up as the same credentials as supplied in the script... it doesn't seem to be running under the system context anyways, hmmm.... any more thoughts ?

-Shawn

p.s. i was hoping this would have helped matters, its an object we can pass as part of the create method:

Win32_ProcessStartup

but it doesn't seem to hold any answers to the problem ...

-Shawn

[ 23 May 2002, 16:57: Message edited by: Shawn ]

Top
#85676 - 2002-05-23 05:13 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Shawn,

When I was reviewing your previous post I came accross Win32_PrivilegesStatus. We may be able to use this to at least find out why access is denied...

http://msdn.microsoft.com/library/en-us/wmisdk/r_32os4_27cj.asp

-Jim
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85677 - 2002-05-24 04:52 AM Re: Remote Execution - Driving me insane!
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
Jim,

I looked at this quite a bit today - with no luck. You know, the issues surrounding this whole remote process thingy reminds me of the same issues we get when running a batch file under the AT scheduler, you know - no user context. Having said that (and don't laugh) I tried chnaging the Windows Management Instrumentation service to have it run under a Domain User Account, but it wouldn't stick - something about dependencies with other WMI services. I know this sounds drastic, but was just trying to perform a test, have you tried giving the WMI service itself some credentials ?

-Shawn

Top
#85678 - 2002-05-24 03:44 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Shawn,

LOL! I've been down that road already! I didn't want to bring it up in fear that I would be laughed off the board! [Smile]

Here's our problem... I tried setting the $RCommand to "cmd /c net use z: \\server\share /persistent:no & pause" and sure enough... System Error 1312

This MSKB describes and also hints towards delegation. Unfortunately, without kerberos, this is worthless.

This is beginning to look like an exercise in futility...

quote:


When you use Telnet to map a drive letter to a network share, the procedure may not work and the following error message may be displayed:

A specified logon session does not exist. It may already have been terminated.
NOTE : This problem does not affect Telnet sessions for which the user authentication method is clear text.

CAUSE
This issue occurs when you open a Telnet session to a computer running Windows NT Server using the NTLM authentication method. You cannot then, from within the Telnet session, connect to network resources using your implied user credentials. You must explicitly specify your credentials when making network connections from within the Telnet session.

There is no mechanism in Windows NT to perform delegation of security (pass through) for network logon attempts.

For example, if you log on to the network using NTLM from computer A to computer B, and then type "net use" at a command prompt to connect to computer C from computer B, the connection is not made. The reason is that computer B has an incomplete user token (it does not have your password), so the logon attempt to computer C does not work. This behavior is rooted in NTLM being a challenge/response protocol, and as such, it avoids sending your password across the network.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q214726
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85679 - 2002-06-18 07:51 AM Re: Remote Execution - Driving me insane!
Netsuper Offline
Getting the hang of it

Registered: 2001-05-17
Posts: 64
Loc: Edwards AFB, CA, US
Hello Jim,
I posted this a while back, it's a script that loads when the user logs on(dunno if that's a limitation for you or not), allowing you to make them run ANY script at ANY time. Don't know if it's what you're looking for or not? You could execute a RUNAS script from this and have it authenticate to the domain?

http://81.17.37.55/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=2&t=001695&p=
_________________________
Scott Hickerson Network Design Engineer

Top
#85680 - 2002-06-18 09:24 AM Re: Remote Execution - Driving me insane!
cj Offline
MM club member
*****

Registered: 2000-04-06
Posts: 1102
Loc: Brisbane, Australia
jtokach said:

...From what I have gathered, it seems as though VBS may be a better platform for this. Booooo!...

If you get this working in VBScript, please let me know. I have spent all day on this and am about to s(h)ell out to dos?! [Mad]

cj

Top
#85681 - 2002-06-18 09:27 AM Re: Remote Execution - Driving me insane!
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
ceej,
don't be so mad...
if everyone else (vbs/js) gives you up, your old friends (kix/dos) never!
You can allways go to them!
_________________________
!

download KiXnet

Top
#85682 - 2002-06-18 04:29 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
See posts 20-22 of this thread:

WSHPIPE related

I haven't started looking into it again yet, but I will when I get some free time...

-Jim
_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85683 - 2002-06-25 12:17 AM Re: Remote Execution - Driving me insane!
JSchroeder Offline
Fresh Scripter

Registered: 2002-06-24
Posts: 11
I'm in this thing about 6 Month now ... wohoo ... i scripted everything for my company, but this thing is hard work.

Maybe following Tool will help you out :

http://www.stefan-kuhr.de/supsu/main.php3

It's a rewriten Version of Microsofts SU ... i think you don't need it installed as service ... maybe some of you can test it out and post me Success or not ...8)

Greetings

J.S.

Top
#85684 - 2002-07-18 10:49 PM Re: Remote Execution - Driving me insane!
jtokach Offline
Seasoned Scripter
*****

Registered: 2001-11-15
Posts: 513
Loc: PA, USA
Hurray, put this topic to rest!

I contacted Keith Brown, author of Programming Windows Security.

Excerpts:

JIM
quote:
I am seeking a solution using any scripting language, (KIX, VBS, JS with WMI or WSH or any other means) to connect to a remote box and access the network through that box, without using tools like SU.EXE or PSEXEC.EXE. I have managed to connect via all languages and means, but I keep running into the dreaded ERROR 1312 - A specified logon session does not exist. It may already have been terminated. Is there any way around this using a scripting language?
KEITH
quote:
So you wish to establish something like a remote console on the target machine? Kind of like a telnet session? Or are you simply trying to access the file system on the remote machine?

JIM
quote:
I can already connect to the remote machine using the impersonate method in WMI or the WSHController object in WSH, unfortunately when I am connected, I do not have access to network resources through the remote box. It is like a Telnet session already...
KEITH
quote:
Ahh. You are running into the classic delegation problem. You are trying to make two network hops with your credentials. This won’t work by default, and I’m not sure you even *want* it to work unless you really trust that remote box to which you’d delegate your credentials.

JIM
quote:

You hit it on the nose. Unfortunately, delegation, from what I understand, will only work under Kerberos authentication supplied by AD. ...I don't think VBS or Kix are capable enough to handle any other required means...

KEITH
quote:

If you’re using NTLM, then the only way to delegate your credentials would be to send your password to the remote machine, using an encrypted link. NTLM does support encryption, but you won’t be doing this via scripting languages anytime soon, as you’ve pointed out.

_________________________
-Jim

...the sort of general malaise that only the genius possess and the insane lament.

Top
#85685 - 2002-07-18 11:17 PM Re: Remote Execution - Driving me insane!
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
mm...
I have used two tools.
other one remote administrator (works with license even though I got my boss to buy it),
and other rcmd.
remote administrator users current users credentials and rcmd the ones you put in...

which way you actually want it to be?
_________________________
!

download KiXnet

Top
Page 1 of 2 12>


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 466 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.072 seconds in which 0.026 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org