0

We are trying to execute windows command remotely from Linux(CentOS 7) to Windows 10. I have setup Winexe in CentOS 7. I think setup seems fine

[user@abcd build]$ ./winexe-static -v
winexe version 1.1
This program may be freely redistributed under the terms of the GNU GPLv3
Usage: winexe-static [OPTION]... //HOST COMMAND
Options:
-h, --help                                  Display help message
-V, --version                               Display version number
-U, --user=[DOMAIN/]USERNAME[%PASSWORD]     Set the network username
-A, --authentication-file=FILE              Get the credentials from a file
-N, --no-pass                               Do not ask for a password
-k, --kerberos=STRING                       Use Kerberos, -k [yes|no]
-d, --debuglevel=DEBUGLEVEL                 Set debug level
--uninstall                                 Uninstall winexe service after
                                          remote execution
--reinstall                                 Reinstall winexe service before
                                          remote execution
--system                                    Use SYSTEM account
--profile                                   Load user profile
--convert                                   Try to convert characters
                                          between local and remote
                                          code-pages
--runas=[DOMAIN\]USERNAME%PASSWORD          Run as the given user (BEWARE:
                                          this password is sent in
                                          cleartext over the network!)
--runas-file=FILE                           Run as user options defined in a
                                          file
--interactive=0|1                           Desktop interaction: 0 -
                                          disallow, 1 - allow. If allow,
                                          also use the --system switch
                                          (Windows requirement). Vista
                                          does not support this option.
--ostype=0|1|2                              OS type: 0 - 32-bit, 1 - 64-bit,
                                          2 - winexe will decide.
                                          Determines which version (32-bit
                                          or 64-bit) of service will be
                                          installed.

However its not connecting to Windows 10 machine. Following are the commands we used to test. We tried Sudo user aswell. Showing ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET error

[user@abcd build]$ ./winexe-static -U Domain123/CI.Admin%JeesOver*819 //Windows10 “ipconfig”
ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET

[user@abcd build]$ sudo ./winexe-static -U 'Domain123/CI.Admin%JeesOver*819' //Windows10  “ipconfig”
[sudo] password for user:
ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET
Saagar
  • 644
  • 3
  • 16
  • 30

1 Answers1

1

Your winexe is probably using SMB1 dialect to connect, which is deprecated in modern windows versions.

Just for debugging purposes, temporarily enable SMB1 in Windows (hint:OptionalFeatures.exe) and try again. It should work, unless you also need to add "LocalAccountTokenFilterPolicy" to the registry.

Don't forget to disable SMB1 again.

There is a winexec binary with SMB2 support that works in Centos 7 against Windows 10: http://dl-openaudit.opmantek.com/winexe-static

The source code that worked for me: https://bitbucket.org/reevertcode/reevert-winexe-waf

Besides the README file, you should also read the 'BUILD' file, it contains additional information (patches to apply).

Good luck!

masimito
  • 11
  • 1