Winexe
Jump to navigation
Jump to search
Description
winexe remotely executes commands on WindowsNT/2000/XP/2003 systems from GNU/Linux (probably also other Unices capable to compile Samba4).
Installation
Prerequisites
$ sudo aptitude install build-essential autoconf checkinstall \ python python-all python-dev python-all-dev python-setuptools libdcerpc-dev
Installation of winexe
$ cd ~/src/ $ wget http://downloads.sourceforge.net/project/winexe/winexe-1.00.tar.gz $ tar xzvf winexe-1.00.tar.gz $ cd winexe-1.00/source4/ $ ./autogen.sh $ ./configure $ make basics bin/winexe $ ./bin/winexe -V Version 4.0.0alpha11-GIT-UNKNOWN
Usage
Syntax
Usage: winexe //host command
Options
Common options
- --uninstall
- Uninstall winexe service after remote execution
- --reinstall
- Reinstall winexe service before remote execution
- --system
- Use SYSTEM account
- --runas=[DOMAIN\]USERNAME%PASSWORD
- Run as user (BEWARE: password is sent in cleartext over net)
- --runas-file=FILE
- Run as user options defined in a file
- --interactive=0|1
- Desktop interaction: 0 - disallow, 1 - allow. If you allow use also --system switch (Win requirement). Vista do not support this option.
- --ostype=0|1|2
- OS type: 0 - 32bit, 1 - 64bit, 2 - winexe will decide. Determines which version (32bit/64bit) of service will be installed.
Help and version options
- -?, --help
- Show this help message
- --usage
- Display brief usage message
- -V, --version
- Print version
Common samba options
- -d, --debuglevel=DEBUGLEVEL
- Set debug level
- --debug-stderr
- Send debug output to STDERR
- -s, --configfile=CONFIGFILE
- Use alternative configuration file
- --option=name=value
- Set smb.conf option from command line
- -l, --log-basename=LOGFILEBASE
- Basename for log/debug files
- --leak-report
- enable talloc leak reporting on exit
- --leak-report-full
- enable full talloc leak reporting on exit
Connection options
- -R, --name-resolve=NAME-RESOLVE-ORDER
- Use these name resolution services only
- -O, --socket-options=SOCKETOPTIONS
- socket options to use
- -n, --netbiosname=NETBIOSNAME
- Primary netbios name
- -S, --signing=on|off|required
- Set the client signing state
- -W, --workgroup=WORKGROUP
- Set the workgroup name
- --realm=REALM
- Set the realm name
- -i, --scope=SCOPE
- Use this Netbios scope
- -m, --maxprotocol=MAXPROTOCOL
- Set max protocol level
Authentication options
- -U, --user=[DOMAIN/]USERNAME[%PASSWORD]
- Set the network username
- -N, --no-pass
- Don't ask for a password
- --password=STRING
- Password
- -A, --authentication-file=FILE
- Get the credentials from a file
- -P, --machine-pass
- Use stored machine account password (implies -k)
- --simple-bind-dn=STRING
- DN to use for a simple bind
- -k, --kerberos=STRING
- Use Kerberos
Examples
Run ipconfig
~/src/winexe-1.00/source4$ ./bin/winexe -U pilou%oopsoops //192.168.1.27 "ipconfig"
Configuration IP de Windows
Carte Ethernet Connexion au r?seau local:
Suffixe DNS propre ? la connexion : localdomain
Adresse IP. . . . . . . . .?. . . : 192.168.60.135
Masque de sous-r?seau . . .?. . . : 255.255.255.0
Passerelle par d?faut . . .?. . . : 192.168.60.2
Carte Ethernet Connexion au r?seau local 2:
Suffixe DNS propre ? la connexion :
Adresse IP. . . . . . . . .?. . . : 192.168.1.27
Masque de sous-r?seau . . .?. . . : 255.255.255.0
Passerelle par d?faut . . .?. . . : 192.168.1.254
Carte Ethernet Connexion r?seau Bluetooth:
Statut du m?dia . . . . . . . . . : M?dia d?connect?
Get a remote shell
$ ./winexe -U unknown //192.168.1.32 "cmd.exe"
Password for [WORKGROUP\unknown]:
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>ipconfig
ipconfig
Configuration IP de Windows
Carte Ethernet Connexion au r�seau local:
Suffixe DNS propre � la connexion : domain.tld
Adresse IP. . . . . . . . .�. . . : 10.0.2.15
Masque de sous-r�seau . . .�. . . : 255.255.255.0
Passerelle par d�faut . . .�. . . : 10.0.2.2
Carte Ethernet Connexion au r�seau local 2:
Suffixe DNS propre � la connexion :
Adresse IP. . . . . . . . .�. . . : 192.168.1.32
Masque de sous-r�seau . . .�. . . : 255.255.255.0
Passerelle par d�faut . . .�. . . : 192.168.1.254
Carte Ethernet Network Connect Adapter:
Statut du m�dia . . . . . . . . . : M�dia d�connect