#85666 - 2002-05-16 01:18 AM
Remote Execution - Driving me insane!
|
jtokach
Seasoned Scripter
Registered: 2001-11-15
Posts: 513
Loc: PA, USA
|
Hi there!
With WMI: -I can, run a process remotely as myself[impersonate]. -I can, run a process remotely as another user. -I CANNOT run a process remotely as anyone that interacts with any resources outside of the remote box! My head hurts!
*Remotely as myself code:
Break On $RemoteBox = "your remote hostname here" ;No \\ $ServerShr = "\\Server\share"
$RCommand = "cmd /c Dir C:\>c:\output.txt & pause" ;Local Command ;$RCommand = "cmd /c Dir C:\>$ServerShr\output.txt & pause" ;Remote Command Fails
$Connect = GetObject("winmgmts:{impersonationLevel=impersonate}!//$RemoteBox/root/cimv2:Win32_Process") ? @serror $Process = $Connect.Create($RCommand) ? @serror
If NOT $Process ? "Process executed successfully!" Else ? "Process failed..." EndIf
$Connect="" $Process=""
:END
*Remotely as any user with local admin rights code:
Break On $RemoteBox = "your remote hostname here" ;No \\ $ServerShr = "\\Server\share" $ID = "Domain\UserID" ; Use any account with local admin rights $PW = "Password" ; Obvious security concerns
$RCommand = "cmd /c Dir C:\>c:\output.txt & pause" ;Local Command works ;$RCommand = "cmd /c Dir C:\>$ServerShr\output.txt & pause" ;Remote Command fails
$Connect = CreateObject("WbemScripting.SWbemLocator") ? @serror $Con2 = $Connect.ConnectServer("$remotebox","root\cimv2","$ID","$PW") ? @serror $Con3 = $Con2.Get("Win32_Process") ? @serror $Process = $Con3.Create($RCommand) ? @serror
If NOT $Process ? "Process executed successfully!" Else ? "Process failed..." EndIf
$Connect="" $Process="" $Con2="" $Con3=""
:END
Switch the $Commands, in both cases the remote fails... I have been upside down the SDK and the MSDN. I beg of someone, anyone, please, please, please, provide me with the answer! I will consider naming my first born after you! (My wife probably wont agree though...
I'm desperate!
-Jim
Note: I will UDF these after I figure this last one out.
_________________________
-Jim
...the sort of general malaise that only the genius possess and the insane lament.
|
Top
|
|
|
|
#85671 - 2002-05-20 04:00 PM
Re: Remote Execution - Driving me insane!
|
BrianTX
Korg Regular
Registered: 2002-04-01
Posts: 895
|
I'm interested in this as well...
Brian
|
Top
|
|
|
|
#85675 - 2002-05-23 04:51 PM
Re: Remote Execution - Driving me insane!
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Jim,
Any revelations on this ? Can't see why this isn't working to be totally honest, everything seems to be in place. When you look at the owner or username attached to the remote process, it shows up as the same credentials as supplied in the script... it doesn't seem to be running under the system context anyways, hmmm.... any more thoughts ?
-Shawn
p.s. i was hoping this would have helped matters, its an object we can pass as part of the create method:
Win32_ProcessStartup
but it doesn't seem to hold any answers to the problem ...
-Shawn [ 23 May 2002, 16:57: Message edited by: Shawn ]
|
Top
|
|
|
|
#85678 - 2002-05-24 03:44 PM
Re: Remote Execution - Driving me insane!
|
jtokach
Seasoned Scripter
Registered: 2001-11-15
Posts: 513
Loc: PA, USA
|
Shawn,
LOL! I've been down that road already! I didn't want to bring it up in fear that I would be laughed off the board!
Here's our problem... I tried setting the $RCommand to "cmd /c net use z: \\server\share /persistent:no & pause" and sure enough... System Error 1312
This MSKB describes and also hints towards delegation. Unfortunately, without kerberos, this is worthless.
This is beginning to look like an exercise in futility...
quote:
When you use Telnet to map a drive letter to a network share, the procedure may not work and the following error message may be displayed:
A specified logon session does not exist. It may already have been terminated. NOTE : This problem does not affect Telnet sessions for which the user authentication method is clear text.
CAUSE This issue occurs when you open a Telnet session to a computer running Windows NT Server using the NTLM authentication method. You cannot then, from within the Telnet session, connect to network resources using your implied user credentials. You must explicitly specify your credentials when making network connections from within the Telnet session.
There is no mechanism in Windows NT to perform delegation of security (pass through) for network logon attempts.
For example, if you log on to the network using NTLM from computer A to computer B, and then type "net use" at a command prompt to connect to computer C from computer B, the connection is not made. The reason is that computer B has an incomplete user token (it does not have your password), so the logon attempt to computer C does not work. This behavior is rooted in NTLM being a challenge/response protocol, and as such, it avoids sending your password across the network.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q214726
_________________________
-Jim
...the sort of general malaise that only the genius possess and the insane lament.
|
Top
|
|
|
|
#85680 - 2002-06-18 09:24 AM
Re: Remote Execution - Driving me insane!
|
cj
MM club member
Registered: 2000-04-06
Posts: 1102
Loc: Brisbane, Australia
|
jtokach said:
...From what I have gathered, it seems as though VBS may be a better platform for this. Booooo!...
If you get this working in VBScript, please let me know. I have spent all day on this and am about to s(h)ell out to dos?!
cj
|
Top
|
|
|
|
#85683 - 2002-06-25 12:17 AM
Re: Remote Execution - Driving me insane!
|
JSchroeder
Fresh Scripter
Registered: 2002-06-24
Posts: 11
|
I'm in this thing about 6 Month now ... wohoo ... i scripted everything for my company, but this thing is hard work.
Maybe following Tool will help you out :
http://www.stefan-kuhr.de/supsu/main.php3
It's a rewriten Version of Microsofts SU ... i think you don't need it installed as service ... maybe some of you can test it out and post me Success or not ...8)
Greetings
J.S.
|
Top
|
|
|
|
#85684 - 2002-07-18 10:49 PM
Re: Remote Execution - Driving me insane!
|
jtokach
Seasoned Scripter
Registered: 2001-11-15
Posts: 513
Loc: PA, USA
|
Hurray, put this topic to rest!
I contacted Keith Brown, author of Programming Windows Security.
Excerpts:
JIM quote: I am seeking a solution using any scripting language, (KIX, VBS, JS with WMI or WSH or any other means) to connect to a remote box and access the network through that box, without using tools like SU.EXE or PSEXEC.EXE. I have managed to connect via all languages and means, but I keep running into the dreaded ERROR 1312 - A specified logon session does not exist. It may already have been terminated. Is there any way around this using a scripting language?
KEITH quote: So you wish to establish something like a remote console on the target machine? Kind of like a telnet session? Or are you simply trying to access the file system on the remote machine?
JIM quote: I can already connect to the remote machine using the impersonate method in WMI or the WSHController object in WSH, unfortunately when I am connected, I do not have access to network resources through the remote box. It is like a Telnet session already...
KEITH quote: Ahh. You are running into the classic delegation problem. You are trying to make two network hops with your credentials. This won’t work by default, and I’m not sure you even *want* it to work unless you really trust that remote box to which you’d delegate your credentials.
JIM quote: You hit it on the nose. Unfortunately, delegation, from what I understand, will only work under Kerberos authentication supplied by AD. ...I don't think VBS or Kix are capable enough to handle any other required means...
KEITH quote: If you’re using NTLM, then the only way to delegate your credentials would be to send your password to the remote machine, using an encrypted link. NTLM does support encryption, but you won’t be doing this via scripting languages anytime soon, as you’ve pointed out.
_________________________
-Jim
...the sort of general malaise that only the genius possess and the insane lament.
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 320 anonymous users online.
|
|
|