unstdio.org

I was recently taking a look a making remote calls from linux to a windows server. I found this nice little tool that makes this task pretty simple with winexe.  It’s basically like psexe but for linux. I was having problems getting version 0.80 working on some environments but v 0.90 seems to work on everything I have tried. (complied with a new version of glibc)  Here are the options.

winexe version 0.90This program may be freely redistributed under the terms of the GNU GPLUsage:

winexe [-?|--help] [--usage] [-d|--debuglevel DEBUGLEVEL]       [--debug-stderr] [-s|--configfile CONFIGFILE] [--option=name=value]        [-l|--log-basename LOGFILEBASE] [--leak-report] [--leak-report-full]        [-R|--name-resolve NAME-RESOLVE-ORDER]        [-O|--socket-options SOCKETOPTIONS] [-n|--netbiosname NETBIOSNAME]        [-W|--workgroup WORKGROUP] [--realm=REALM] [-i|--scope SCOPE]        [-m|--maxprotocol MAXPROTOCOL] [-U|--user [DOMAIN\]USERNAME[%PASSWORD]]        [-N|--no-pass] [--password=STRING] [-A|--authentication-file FILE]        [-S|--signing on|off|required] [-P|--machine-pass]        [--simple-bind-dn=STRING] [-k|--kerberos STRING]        [--use-security-mechanisms=STRING] [-V|--version] [--uninstall]        [--reinstall] [--system] [--runas=[DOMAIN\]USERNAME%PASSWORD]        [--interactive=0|1] [--ostype=0|1|2] //host command

Apparently it’s maintained by Stuart Henderson, but it looks somewhat dead? The site link doesn’t work. (returns blank page) http://eol.ovh.org/winexe/

Some ways to use it:

winexe -U DOMAIN/Username%Passwd //192.168.1.123 "ipconfig /all"

winexe -U DOMAIN/Username%Passwd //remote.com \
'cmd /C net stop SomeService && net start SomeService && echo AutoUpdates service restarted'

or get a shell,

winexe -U DOMAIN/Username%Passwd //remote.com 'cmd.exe'

or use it to configure synergy,

#!/bin/bash
OUT='winexe -U MAIN/User%Pass --runas MAIN/UserB%Pass //your-other-comp "ipconfig"'
IP=`$OUT |  grep "IPv4" | awk {'print $14'}`
synergyc $IP

This site also has some more info on it: http://opensourceinfo.blogspot.com/2010/01/winexe.html

Defcon is a week away and I’m starting to get some stuff together to take on the trip. The thing I’m most excited about is the arduino project. I will have a page dedicated to the build, process, software, and hardware that I used. Basically it’s and arduino hooked up to a wifi router and and LCD display. The router and arduino will talk serial to give and receive commands. I will have this out for display and to hack on at Defcon, so if you see a weird looking clear router looking thing stop by and say hey.

Here’s a few teaser pics.

Here is a good video I found demonstrating classic HTTP Parameter Pollution on yahoo mail. This will work for most web-mail clients out there. This does work and is a nasty way to delete someone’s mail if they aren’t careful.

I had some time yesterday to tryout Backtrack 4 Beta. For the most part it’s pretty good. I thought the mortal combat sounds were funny at first but could get kind of annoying. I was mainly in it to use the 2.6 kernel with the packet injection patched wireless drivers. This turned out pretty well with use with my HP nc8430 laptop. It has a Broadcom (I think) chip in it. I also ordered a EEE PC 701SD on Monday as well as a GIGABYTE GN-WI01GT Air Cruiser Mach G MINI PCI-EXPRESS wireless card because the 701SD apparently has a crappy ralink chipset that does not support injection. I will take pics and post them when I get it.

Turns out the new backtrack is now based on Ubuntu, Which is nice because I like aptitude, Ubuntu’s package manager. As I mentioned before I really wanted to try out the WEP cracking. I setup an extra router I had sitting around at home with WEP and a random generated WEP key. I found a good post about starting to use the aircrack-ng suite. It walks you through a couple steps on setting up the wifi card in monitor mode and to check if the AP has MAC filtering. I was able to crack it successfully a few times using different key and packet injection. I was amazed how fast it works and if everything is working correctly you really can crack that sucker in under a minute. I also listed to a blog on Security Now that really explains very well and in depth the workings behind WEP vs WPA and WPA2. Here is a link. I would suggest anyone interested in this topic to listen to it.