Metasploit mailing list archives
Problems with calling OpenSCManager()
From: ron at skullsecurity.net (Ron)
Date: Sat, 03 Jan 2009 17:01:27 -0600
Hi all, This isn't directly related to MSF, but I'm hoping somebody here can help me out since MSF has implemented this. I'm trying to implement psexec-like functionality in Lua (as an Nmap script), but I'm running into an issue. Everything works fine running against Windows 2000 and Windows 2003, but when I run it against Windows XP, it fails with error 0x000006e4 (1764 = RPC_S_CANNOT_SUPPORT) when I call either OpenSCManagerA() or OpenSCManagerW(). I've attached a pcap of this happening. As far as I know, my SMB and MSRPC code is solid, and has been tested pretty significantly. I've compared packetlogs to both MSF and pwdump6, and have copied the constants used by both. Unfortunately, even when my packets are practically identical to MSF, my code fails with that error while MSF works fine against the same target. The biggest difference is that I use straight up NTLM for authentication, not NTLMSSP, but I find it unlikely that that's the issue. I also send different fragment sizes, and things like that. Have you guys run into this problem? Any clue what I'm doing wrong? I've been banging my head against this problem for some time now, with no avail. Thanks! Ron -- Ron Bowes http://www.skullsecurity.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: nmap.pcap Type: application/octet-stream Size: 4371 bytes Desc: not available URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090103/38ebd272/attachment.obj>
Current thread:
- Problems with calling OpenSCManager() Ron (Jan 03)
- Problems with calling OpenSCManager() H D Moore (Jan 03)
- Problems with calling OpenSCManager() Ron (Jan 03)
- Problems with calling OpenSCManager() Ron (Feb 15)
- Problems with calling OpenSCManager() Ron (Feb 15)
- Problems with calling OpenSCManager() Jun Koi (Feb 17)
- Problems with calling OpenSCManager() Tobias Andersson (Feb 17)
- Problems with calling OpenSCManager() H D Moore (Jan 03)