Winexe

From aldeid
Jump to navigation Jump to search

Description

winexe remotely executes commands on WindowsNT/2000/XP/2003 systems from GNU/Linux (probably also other Unices capable to compile Samba4).

Installation

Prerequisites

$ sudo aptitude install build-essential autoconf checkinstall \
 python python-all python-dev python-all-dev python-setuptools libdcerpc-dev

Installation of winexe

$ cd ~/src/
$ wget http://downloads.sourceforge.net/project/winexe/winexe-1.00.tar.gz
$ tar xzvf winexe-1.00.tar.gz
$ cd winexe-1.00/source4/
$ ./autogen.sh
$ ./configure
$ make basics bin/winexe
$ ./bin/winexe -V
Version 4.0.0alpha11-GIT-UNKNOWN

Usage

Syntax

Usage: winexe //host command

Options

Common options

--uninstall
Uninstall winexe service after remote execution
--reinstall
Reinstall winexe service before remote execution
--system
Use SYSTEM account
--runas=[DOMAIN\]USERNAME%PASSWORD
Run as user (BEWARE: password is sent in cleartext over net)
--runas-file=FILE
Run as user options defined in a file
--interactive=0|1
Desktop interaction: 0 - disallow, 1 - allow. If you allow use also --system switch (Win requirement). Vista do not support this option.
--ostype=0|1|2
OS type: 0 - 32bit, 1 - 64bit, 2 - winexe will decide. Determines which version (32bit/64bit) of service will be installed.

Help and version options

-?, --help
Show this help message
--usage
Display brief usage message
-V, --version
Print version

Common samba options

-d, --debuglevel=DEBUGLEVEL
Set debug level
--debug-stderr
Send debug output to STDERR
-s, --configfile=CONFIGFILE
Use alternative configuration file
--option=name=value
Set smb.conf option from command line
-l, --log-basename=LOGFILEBASE
Basename for log/debug files
--leak-report
enable talloc leak reporting on exit
--leak-report-full
enable full talloc leak reporting on exit

Connection options

-R, --name-resolve=NAME-RESOLVE-ORDER
Use these name resolution services only
-O, --socket-options=SOCKETOPTIONS
socket options to use
-n, --netbiosname=NETBIOSNAME
Primary netbios name
-S, --signing=on|off|required
Set the client signing state
-W, --workgroup=WORKGROUP
Set the workgroup name
--realm=REALM
Set the realm name
-i, --scope=SCOPE
Use this Netbios scope
-m, --maxprotocol=MAXPROTOCOL
Set max protocol level

Authentication options

-U, --user=[DOMAIN/]USERNAME[%PASSWORD]
Set the network username
-N, --no-pass
Don't ask for a password
--password=STRING
Password
-A, --authentication-file=FILE
Get the credentials from a file
-P, --machine-pass
Use stored machine account password (implies -k)
--simple-bind-dn=STRING
DN to use for a simple bind
-k, --kerberos=STRING
Use Kerberos

Examples

Run ipconfig

~/src/winexe-1.00/source4$ ./bin/winexe -U pilou%oopsoops //192.168.1.27 "ipconfig" 

Configuration IP de Windows


Carte Ethernet Connexion au r?seau local:

        Suffixe DNS propre ? la connexion : localdomain
        Adresse IP. . . . . . . . .?. . . : 192.168.60.135
        Masque de sous-r?seau . . .?. . . : 255.255.255.0
        Passerelle par d?faut . . .?. . . : 192.168.60.2

Carte Ethernet Connexion au r?seau local 2:

        Suffixe DNS propre ? la connexion : 
        Adresse IP. . . . . . . . .?. . . : 192.168.1.27
        Masque de sous-r?seau . . .?. . . : 255.255.255.0
        Passerelle par d?faut . . .?. . . : 192.168.1.254

Carte Ethernet Connexion r?seau Bluetooth:

        Statut du m?dia . . . . . . . . . : M?dia d?connect?

Get a remote shell

$ ./winexe -U unknown //192.168.1.32 "cmd.exe"
Password for [WORKGROUP\unknown]:
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>ipconfig
ipconfig

Configuration IP de Windows


Carte Ethernet Connexion au r�seau local:

        Suffixe DNS propre � la connexion : domain.tld
        Adresse IP. . . . . . . . .�. . . : 10.0.2.15
        Masque de sous-r�seau . . .�. . . : 255.255.255.0
        Passerelle par d�faut . . .�. . . : 10.0.2.2

Carte Ethernet Connexion au r�seau local 2:

        Suffixe DNS propre � la connexion : 
        Adresse IP. . . . . . . . .�. . . : 192.168.1.32
        Masque de sous-r�seau . . .�. . . : 255.255.255.0
        Passerelle par d�faut . . .�. . . : 192.168.1.254

Carte Ethernet Network Connect Adapter:

        Statut du m�dia . . . . . . . . . : M�dia d�connect

Comments