net rpc shutdown - how to poweroff

Richard Sharpe rsharpe at richardsharpe.com
Tue Dec 31 00:07:00 GMT 2002 

On Tue, 31 Dec 2002, Simo Sorce wrote:

> Thank you Willi,
> unfortuately the traces is encapsulated in an ntlmssp encrypted session
> so I cannot see anything.
> Can you kindly disable ntlmssp and redo the sniff from beginning?
> feel free to send the sniff only to me if you fear information
> disclosure.

Hmmm, I would be interested in seeing that. De[l]vin posted some patches 
to Ethereal that might be able to deal with that, given the key :-)
 
> Simo.
> 
> On Tue, 2002-12-31 at 00:38, Willi Mann wrote:
> > Hi Simo!
> > 
> > I've put the sniff and the script which produced the shutdown on my 
> > homepage:
> > 
> > http://www.wm1.at/samba/wmisniff.bin
> > http://www.wm1.at/samba/RemoteShutdown.vbs
> > 
> > w2k Professional german (192.168.0.1, P4) has the sniffer and asks a w2k 
> > server german (192.168.0.254, WILLI) to do the shutdown. It only works 
> > if you have the same passwords on both of the two machines. Don't ask me 
> > about the sense of the for--next loop.
> > 
> > Willi
> > 
> > 
> > Simo Sorce wrote:
> > 
> > >On Mon, 2002-12-30 at 01:06, Willi Mann wrote:
> > >  
> > >
> > >>Hi Andrew!
> > >>
> > >>The existing net rpc shutdown function doesn't seem to be able to do a 
> > >>power off. It seems to be an implementation of the 
> > >>initiateSystemShutdown API-call, which is used in many freeware 
> > >>closed-source shutdown applications. I've played around with the flags 
> > >>in the current Samba-implementation with the following result:
> > >>If one of the first 8 bits is set to 1 the machine reboots.
> > >>The second 8 bits mark the forced shutdown but I haven't verified that 
> > >>it makes a difference to non-forced shutdowns.
> > >>    
> > >>
> > >
> > >the 16bit flags we show in the source are really 2 booleans in the form
> > >of two bytes imho, I'm modifying the code in samba to behave this way.
> > >
> > >I made some test and I think you are right the rpc shutdown function is
> > >equivalent to InitiateSystemShutdownEx call on windows, so no power off
> > >possible, only the 2 booleans: force shutdown and reboot on shutdown.
> > >
> > >  
> > >
> > >>There is a way for a working remote power off. The WMI-framework 
> > >>provides a function called win32shutdown. This function is also used by 
> > >>the Management Console-Shutdown. It offers nearly all flags which are 
> > >>available in the ExitWindowsEx-function. It is completely different to 
> > >>the net rpc shutdown. I've modified a VBscript-example provided in the 
> > >>WMI-SDK to get the shortest possible shutdown-session and sniffed it. 
> > >>There are about 100 packets on the wire (incl. authentication, SYNs, 
> > >>RSTs, etc.) I'll try to work out more about that in the next few days.
> > >>    
> > >>
> > >
> > >If you can send me the trace (ina aformate readable by ethereal) I'm
> > >interested at looking into it and see how it is done.
> > >
> > >Simo.
> > >
> > >  
> > >
> 

-- 
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, 
sharpe[at]ethereal.com, http://www.richardsharpe.com

More information about the samba-technical mailing list