RE: Remotely starting the "server" process on win XP

From: Brass, Phil (ISS Atlanta) (PBrass@iss.net)
Date: Wed Sep 03 2003 - 08:28:29 EDT

• Next message: Dave Killion: "RE: Remotely starting the "server" process on win XP"
• Previous message: Matt Bergen: "Has anyone found the WFS-1"
• Maybe in reply to: Lachniet, Mark: "Remotely starting the "server" process on win XP"
• Next in thread: Dave Killion: "RE: Remotely starting the "server" process on win XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Use WMI over DCOM/RPC instead. Here's a little script that starts a
service you specify on a server you specify using WMI:

GetObject("winmgmts:\\" & strComputer &
"\root\cimv2:Win32_Service.Name=_
'"&WScript.Arguments.Item(1)&"'").StartService

Here's one to create some arbitrary process.

GetObject("winmgmts:\\" & strComputer &
"\root\cimv2:Win32_Process").Create _
WScript.Arguments.Item(1),NULL,NULL,procID

Alternately, use the scheduler, it also works over RPC.

If you need to provide credentials, you might want to look at the
WbemScripting.SWbemLocator interface, which will let you specify
username and password before creating the object.

Phil

> -----Original Message-----
> From: Lachniet, Mark [mailto:mlachniet@sequoianet.com]
> Sent: Tuesday, September 02, 2003 11:24 AM
> To: Pen-test@securityfocus.com
> Subject: Remotely starting the "server" process on win XP
>
>
> Hello all,
>
> I was hoping someone could provide an opinion on the
> following scenario:
>
> Assume that I am pen-testing a Windows XP workstation across
> the network. Further assume that it is fully patched, and no
> known exploits will work. Lastly, assume that I have gotten
> the admin password, but am limited by the amount of fun I can
> have because the Server process is not started, nor is IIS or
> any other obvious means of ingress. Short of the usual
> trickery (physical access to the machine, tricking someone,
> hacking a user workstation, etc.), can anyone suggest a good
> way to remotely start the server process so that I could then
> continue pen-testing the box?
>
> Thanks,
>
> Mark Lachniet
>
> --------------------------------------------------------------
> -------------
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE
> PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try
> it free for 21 days at:
> http://www.securityfocus.com/sponsor/Foundstone_pen-test_03082
5
------------------------------------------------------------------------

----
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------

• Next message: Dave Killion: "RE: Remotely starting the "server" process on win XP"
• Previous message: Matt Bergen: "Has anyone found the WFS-1"
• Maybe in reply to: Lachniet, Mark: "Remotely starting the "server" process on win XP"
• Next in thread: Dave Killion: "RE: Remotely starting the "server" process on win XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT