[jcifs] Re: Remote command Execution?

Jean-Baptiste Marchand Jean-Baptiste.Marchand at hsc.fr
Fri Sep 10 16:37:06 GMT 2004


* michael melhem <michaelm at managesoft.com> [10/09/04 - 16:18]:

> Remote execution via atsvc + jarapac is working fine for me. However there are
> two issues:
> 
>  
> 
> 1. There appears to be no way of running tasks immediately using atsvc? the
> best I can do is work out the time of the remote windows machine and calculate
> a invocation time + 2mins. I can get the time from the remote windows machine
> using NET TIME. (Seems strange that relative or immediate scheduling is not
> supported by the standard windows schedulers)

Well, using the atsvc MSRPC interface, you are actually using the
Windows Task Scheduler API (think cron on Unix).

I suppose that the Task Scheduler was not designed to support immediate
task execution.

> An aside:
> 
> I think its possible using RPC to remotely install and start an arbitrary
> service on a remote windows machine (from a windows machine). Is it possible to
> do something similar from Linux, using jarapac perhaps? This could be another
> way to implement remote command execution by installing the appropriate
> service.

Samba4 has the IDL for the svcctl interface, which is the MSRPC
interface that can used to remotely administer the Windows SCM:

http://www.hsc.fr/ressources/articles/win_net_srv/#htoc33

I think it should not be too hard to convert it to the Jarapac IDL
syntax, which is MIDL compatible and does not support Samba4 extensions,
if I understood correctly...


The problem you're trying to solve was discussed a few weeks ago on the
Full-Disclosure mailing list (see the following thread):

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0279.html


In Windows environnments, you probably know the psexec tools
(http://www.sysinternals.com/), which is exactly what you want but for
Windows environments.

As explained in the thread, it should be possible, using SMB, to copy
the psexec service executable to an administrative share and start it
remotely using the appropriate svcctl operations.

Then, once the service is started, I suppose that you can connect to a
TCP port opened by the service to send commands to execute remotely.

Of course, this is only needed if you need to gather the output of a
command or the status code. If this is not the case, the Task Scheduler
trick is probably enough.


Hope this helps,

Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand at hsc.fr
HSC - http://www.hsc.fr/


More information about the jcifs mailing list