You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[*] SMBv3.0 dialect used
[+] Target system is 192.168.177.164 and isFQDN is False
[+] StringBinding: DESKTOP[59394]
[+] StringBinding: 192.168.177.164[59394]
[+] StringBinding chosen: ncacn_ip_tcp:192.168.177.164[59394]
[+] Target system is 192.168.177.164 and isFQDN is False
[+] StringBinding: DESKTOP[59394]
[+] StringBinding: 192.168.177.164[59394]
[+] StringBinding chosen: ncacn_ip_tcp:192.168.177.164[59394]
[+] Executing: /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__17027 2>&1
Additional context
1. Issue:
When attempting to utilize dcomexe.py to execute a command on a remote host, the execution hangs after the cd command. Upon debugging and analyzing network traffic, it is evident that the ShellExecute function is called successfully. However, the issue appears when SMB client attempts to retrieve the command output file.
2. The cause of the issue:
It appears that the ShellWindows and ShellBrowserWindow COM objects in Windows 10 lack write permissions in the ADMIN$ or C$ shares.
3. Temporary solution:
As a quick and viable solution, modify the OUTPUT_FILENAME variable in dcomexec.py on line 62 to redirect the output to the Temp folder under the Admin$ share. OUTPUT_FILENAME = 'Temp\\__' + str(time.time())[:5]
The text was updated successfully, but these errors were encountered:
Configuration
impacket version: v0.11.0
Python version: 3.11.6
Target OS: Windows 10.0.19045
Debug Output With Command String
python3 ./dcomexec.py Administrator:P@$$w0rd@192.168.177.164 -debug
Impacket v0.11.0 - Copyright 2023 Fortra
Additional context
1. Issue:
When attempting to utilize
dcomexe.py
to execute a command on a remote host, the execution hangs after thecd
command. Upon debugging and analyzing network traffic, it is evident that theShellExecute
function is called successfully. However, the issue appears when SMB client attempts to retrieve the command output file.2. The cause of the issue:
It appears that the
ShellWindows
andShellBrowserWindow
COM objects in Windows 10 lack write permissions in the ADMIN$ or C$ shares.3. Temporary solution:
As a quick and viable solution, modify the
OUTPUT_FILENAME
variable indcomexec.py
online 62
to redirect the output to the Temp folder under the Admin$ share.OUTPUT_FILENAME = 'Temp\\__' + str(time.time())[:5]
The text was updated successfully, but these errors were encountered: