You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[*] SMBv3.0 dialect used
[+] Target system is 192.168.177.164 and isFQDN is False
[+] StringBinding: DESKTOP[59394]
[+] StringBinding: 192.168.177.164[59394]
[+] StringBinding chosen: ncacn_ip_tcp:192.168.177.164[59394]
[+] Target system is 192.168.177.164 and isFQDN is False
[+] StringBinding: DESKTOP[59394]
[+] StringBinding: 192.168.177.164[59394]
[+] StringBinding chosen: ncacn_ip_tcp:192.168.177.164[59394]
[+] Executing: /Q /c cd \ 1> \\127.0.0.1\ADMIN$\__17027 2>&1
Additional context
1. Issue:
When attempting to utilize dcomexe.py to execute a command on a remote host, the execution hangs after the cd command. Upon debugging and analyzing network traffic, it is evident that the ShellExecute function is called successfully. However, the issue appears when SMB client attempts to retrieve the command output file.
2. The cause of the issue:
It appears that the ShellWindows and ShellBrowserWindow COM objects in Windows 10 lack write permissions in the ADMIN$ or C$ shares.
3. Temporary solution:
As a quick and viable solution, modify the OUTPUT_FILENAME variable in dcomexec.py on line 62 to redirect the output to the Temp folder under the Admin$ share. OUTPUT_FILENAME = 'Temp\\__' + str(time.time())[:5]
The text was updated successfully, but these errors were encountered:
Configuration
impacket version: v0.11.0
Python version: 3.11.6
Target OS: Windows 10.0.19045
Debug Output With Command String
python3 ./dcomexec.py Administrator:P@$$w0rd@192.168.177.164 -debug
Impacket v0.11.0 - Copyright 2023 Fortra
Additional context
1. Issue:
When attempting to utilize
dcomexe.pyto execute a command on a remote host, the execution hangs after thecdcommand. Upon debugging and analyzing network traffic, it is evident that theShellExecutefunction is called successfully. However, the issue appears when SMB client attempts to retrieve the command output file.2. The cause of the issue:
It appears that the
ShellWindowsandShellBrowserWindowCOM objects in Windows 10 lack write permissions in the ADMIN$ or C$ shares.3. Temporary solution:
As a quick and viable solution, modify the
OUTPUT_FILENAMEvariable indcomexec.pyonline 62to redirect the output to the Temp folder under the Admin$ share.OUTPUT_FILENAME = 'Temp\\__' + str(time.time())[:5]The text was updated successfully, but these errors were encountered: