winexe
http://eol.ovh.org/winexe/ Example: winexe --user=Requirements
- Linux/Unix side:
- Working network
- Samba is NOT neccessary
- Windows side:
- Working network
- Standard Windows installation with enabled remote sharing and administration (Windows XP Home do not support remote administration). What does it mean exactly:
- Enabled services: Workstation, Server
- "Windows Network" is running and "Printer and File Sharing" are activated
- Enabled "Remote IPC" and "Remote Admin" shares. To verify it, in cmd box run command "net share", and check if there are ADMIN$ and IPC$ shares. In Windows XP to enable it you should turn off "Simple sharing" in "Control Panel\Folder Options\View\Use simple file sharing".
- Account with administrative privileges and not empty password
- Firewall rules allowing traffic between both machines
Usage
winexe started without arguments shows list of options, using "--help" will show their descriptions. Most of the tasks can be done using syntax:winexe -U [Domain/]User%Password //host commandWhere 'host' can be given as ip number or DNS hostname and 'command' is a command which will be run on remote system.
Examples: # winexe -U HOME/Administrator%Pass123 //192.168.0.10 "ipconfig /all" # winexe -U HOME/Administrator%Pass123 //host 'cmd /C dir C:\' # winexe -U HOME/Administrator%Pass123 //host.com 'cmd /C net stop wuauserv && net start wuauserv && echo AutoUpdates service restarted' # cat | winexe -U HOME/Administrator%Pass123 //host cmd <<EOF >net stop wuauserv >net start wuauserv >echo AutoUpdates service restarted >exit >EOFMany options of winexe are the same as for Samba tools and you can check for their description in Samba documentation. Below description of most important options:
| winexe specific | |
| host | Windows hostname provided as ip address or DNS name. Using NETBIOS names should be also possible after playing with Samba specific options. |
| command | Command which will be run on remote system. If command contains spaces and/or parameters use quotes and/or double quotes, ex. '"long name.exe" -option -"option with spaces"', if you like to run internal cmd interpreter command use "cmd /C" syntax, ex. "cmd /C ver". If command interact with desktop GUI check option --interactive. |
| --uninstall | Uninstall winexesvc service after remote execution |
| --reinstall | Reinstall winexesvc service before remote execution |
| --system | Run command using SYSTEM account |
| --runas=[DOMAIN/]USERNAME%PASSWORD | Run command as user (BEWARE: password is sent in cleartext over net) |
| --interactive=0|1 | Desktop interaction: 0 - disallow, 1 - allow. If you allow use also --system switch (Win requirement). Windows Vista do not support this option. |
| --ostype=0|1|2 | OS type: 0 - 32bit, 1 - 64bit, 2 - winexe will decide. Determines which version (32bit/64bit) of service will be installed. |
| General | |
| -U [DOMAIN/]USERNAME[%PASSWORD] | User with admin privileges for Windows authentication. If not overrided by other options 'command' will be run on this account. If you omit password you will be prompted. |
| -d DEBUGLEVEL | Set debug level, 0 - no debug (default), 11 - highest level (it is safe to use bigger numbers) |
How does it work
- winexe connects to IPC$ share of host.
- Next it tries to open winexesvc control named pipe (to make things easier pipe is called "ahexe" :)).
- If there is not such pipe, winexe copies winexesvc.exe to ADMIN$ share, creates winexesvc service, starts it and tries to connect to control pipe again.
- After succesfull connection it passess optional parameters (ex. --runas, --system) and the command itself to winexesvc process via the pipe.
- winexesvc creates two pipes: ahexec_stdio%08X, and ahexec_stderr%08X(where %08X is replaced by unique number) and runs command with I/O redirected to those pipes.
- winexe redirects those pipes to Linux console.
- After command exit winexe return its exit code to system.
How to get it
- Precompiled version (linked statically)
- Download winexe-static-081123.bz2
- Unpack: bunzip2 winexe-static-081123.bz2
- Change permissions if necessary: chmod a+x winexe
- Use it
- FYI: During static linking I have recieved following warnings:
bin/static/libldb.a(ldb_modules.o): In function `ldb_try_load_dso': ldb_modules.c:(.text+0x4c5): warning: Using 'dlopen' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libauth.a(auth_unix.o): In function `talloc_getpwnam': auth_unix.c:(.text+0x3f6): warning: Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libheimdal_krb5.a(get_default_principal.o): In function `_krb5_get_default_principal_local': get_default_principal.c:(.text+0x132): warning: Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libheimdal_krb5.a(addr_families.o): In function `krb5_parse_address': addr_families.c:(.text+0x1780): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libsamba-socket.a(socket_ipv6.o): In function `ipv6_tcp_get_peer_name': socket_ipv6.c:(.text+0xa12): warning: Using 'gethostbyaddr' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libsamba-util.a(system.o): In function `sys_gethostbyname': system.c:(.text+0x19): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libsamba-socket.a(socket_ipv6.o): In function `interpret_addr6': socket_ipv6.c:(.text+0x76): warning: Using 'gethostbyname2' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking bin/static/libheimdal_krb5.a(get_port.o): In function `krb5_getportbyname': get_port.c:(.text+0x20): warning: Using 'getservbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
GLIBC version used for linking: 2.9 WARNING:Users reports that static version often crashes on systems with different GLIBC version You can check GLIBC version using command: ldd --version
- Compile from sources
- Install necessary packages (gcc, svn, *-devel....)
- Get sources from winexe-source-081123.tar.bz2.
- Compile samba according to README file:
- cd to unpacked tar.bz2 sources
- ./autogen.sh
- ./configure
- make proto bin/winexe
- Compiled file will be located in wmi/Samba/source/bin/winexe
- Install winexe:
install -s wmi/Samba/source/bin/winexe /usr/local/bin/winexe
Remarks
- winexe is very quiet, if you want to have some (not too much) debug info run with -d 1 parameter.
- wmi/Samba/source/winexe/winexesvc can be compiled by crosscompiler or in Windows using Cygwin or Mingw32. If you compile service under win after succesfull make, copy winexesvc_exe.c into wmi/Samba/source/winexe/winexesvc/ directory. You can also use 'precompiled' version of winexesvc_exe.c, which is included in svn, you can 'touch' it to fool compiler if neccessary.
Changelog
Changelog:0.90 - 22/11/08 Added 64bit version of winexesvc, and option --ostype=0|1|2. Where os type can be(0 - 32bit, 1 - 64bit, 2 - winexe will decide). 0.80 - 26/10/07 Added --interactive option. winexesvc is replaced only if version differs on more than last digit. 0.77 - 11/10/07 Fixed bug causing winexe crash during service uninstallation. 0.76 - 10/10/07 Service status is checked during service (un)installation. Corrected service installation code(case of deleted winexesvc.exe file). 0.75 - 09/07/07 Added workaround for delayed pipe handle destruction(error 0x000000E7). Removed token handle leaks in case of error condition. 0.74 - 04/07/07 Added version checking and automatic service reinstallation Pipe names now depends on ProcessID(should solve issue with unterminated winexe processes) 0.73 - 29/06/07 Corrected bug in signal handling 0.72 - 26/06/07 Added winexe INT/TERM signal handling 0.71 - 22/05/07 Workarounds for win2003sp2 service (re)installation issues Removed token handle leaks in winexesvc 0.7 - 25/07/06 Making code more pretty. By default commands run on user's account. Added --system - commands run on system account. Added --runas - any user can be impersonated(BEWARE: passwords are sent in clear text). Many changes in winexesvc. 0.61 - 07/07/06 Fixed bug in svcctl.idl Changed types of 'dependencies' and 'password' params in CreateServiceW. 0.6 - 07/07/06 svcctl.idl cosmetics Linux code style applied, semi automatic. Removed // style comments. Changed includesto 0.5 - 06/07/06 Cleaned up winexe/service code. Changed deps in winexe/config.mk. Renamed directory service to winexesvc. STDIN read corrected. async_write serialized - now server should receive input in correct order. 0.4 - 02/07/06 Added dependencies in winexe/config.mk to auto rebuild service. Turned off timeouts - proces do not disconnect after 60sec. Added some debug messages. Removed small leaks in winexesvc. 0.3 - 02/07/06 winexe is fully integrated with smb_build system. Now there is no need to separately compile winexe/service. I have also removed symlink to winexesvc_exe.c, should be cleaner. 0.2 - 02/07/06 Now it works with NT - all pipes are created with security descriptor allowing admins to open it. Added options --reinstall/--uninstall. Added error messages, cleaned debug messages(-d 1). Some code cleaning. Added 'precompiled' winexe/service/winexesvc_exe.c, for users without crosscompiler or windows compile enironment. 0.1 - 01/07/06 In winexe dir added link to winexe/service/winexesvc_exe.c, I am not sure if patch utility supports it. 0.0 - 30/06/06 Initial release
Donations
You can support developement of winexe by making donations via PayPal or Moneybookers:| Donate: |
My e-mail: andrzej.hajda at wp.pl
posted by Pine Car @ 8:48 PM
9 comments
