Menu

#70 winexe cannot connect to Win10 machines

none
open
nobody
None
medium
2015-08-17
2015-06-29
Jason Haar
No

We're starting to see Win10 test systems show up on our network and currently our splendid mechanism of using winexe to connect to Windows systems simply fails to work.

Win10 clients cause winexe-1.1 to return

ERROR: StartService failed. NT_STATUS_BAD_INITIAL_PC.

I have downloaded winexe via git onto my CentOS-6/64bit system along with the git release of Samba as instructed. I had to downgrade samba to a previous version as per #64 in order to get it to compile - and had to manually add "-lgnutls" on the end to get the winexe-static binary - but to no avail - that version still triggers the same fault against Win10

I suspect we have to use the newer samba source code in order to get Win10 support? But as per #64 that isn't possible?

Any other ideas how to get Win10 support working?

Thanks!

Jason

Discussion

  • Andrew Rusanov

    Andrew Rusanov - 2015-08-17

    hm... PC on win 10 without domain.
    (Windows 10 Enterprise x64)
    winexe-1.1 connected. Debian

    test pstools, he works fine to me too.

    root@localhost:/opt/winexe/winexe-winexe-waf/source/build# ./winexe //10.0.0.158 -U NOTEK53/Valerij --system cmd -d99
    INFO: Current debug levels:
    all: 99
    tdb: 99
    printdrivers: 99
    lanman: 99
    smb: 99
    rpc_parse: 99
    rpc_srv: 99
    rpc_cli: 99
    passdb: 99
    sam: 99
    auth: 99
    winbind: 99
    vfs: 99
    idmap: 99
    quota: 99
    acls: 99
    locking: 99
    msdfs: 99
    dmapi: 99
    registry: 99
    Enter password:
    winexe version 1.1
    This program may be freely redistributed under the terms of the GNU GPLv3
    added interface venet0:0 ip=10.0.0. bcast=10.0.0. netmask=255.255.255.255
    added interface venet0 ip=127.0.0.2 bcast=127.0.0.2 netmask=255.255.255.255
    added interface venet0:0 ip=10.0.0. bcast=10.0.0. netmask=255.255.255.255
    added interface venet0 ip=127.0.0.2 bcast=127.0.0.2 netmask=255.255.255.255
    Socket options:
    SO_KEEPALIVE = 0
    SO_REUSEADDR = 0
    SO_BROADCAST = 0
    TCP_NODELAY = 1
    TCP_KEEPCNT = 9
    TCP_KEEPIDLE = 7200
    TCP_KEEPINTVL = 75
    IPTOS_LOWDELAY = 0
    IPTOS_THROUGHPUT = 0
    SO_SNDBUF = 24360
    SO_RCVBUF = 87380
    SO_SNDLOWAT = 1
    SO_RCVLOWAT = 1
    Could not test socket option SO_SNDTIMEO.
    Could not test socket option SO_RCVTIMEO.
    TCP_QUICKACK = 1
    TCP_DEFER_ACCEPT = 0
    Starting GENSEC mechanism spnego
    Starting GENSEC submechanism ntlmssp
    negotiate: struct NEGOTIATE_MESSAGE
    Signature : 'NTLMSSP'
    MessageType : NtLmNegotiate (1)
    NegotiateFlags : 0x60088215 (1611170325)
    1: NTLMSSP_NEGOTIATE_UNICODE
    0: NTLMSSP_NEGOTIATE_OEM
    1: NTLMSSP_REQUEST_TARGET
    1: NTLMSSP_NEGOTIATE_SIGN
    0: NTLMSSP_NEGOTIATE_SEAL
    0: NTLMSSP_NEGOTIATE_DATAGRAM
    0: NTLMSSP_NEGOTIATE_LM_KEY
    0: NTLMSSP_NEGOTIATE_NETWARE
    1: NTLMSSP_NEGOTIATE_NTLM
    0: NTLMSSP_NEGOTIATE_NT_ONLY
    0: NTLMSSP_ANONYMOUS
    0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
    0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
    0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
    1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    0: NTLMSSP_TARGET_TYPE_DOMAIN
    0: NTLMSSP_TARGET_TYPE_SERVER
    0: NTLMSSP_TARGET_TYPE_SHARE
    1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
    0: NTLMSSP_NEGOTIATE_IDENTIFY
    0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
    0: NTLMSSP_NEGOTIATE_TARGET_INFO
    0: NTLMSSP_NEGOTIATE_VERSION
    1: NTLMSSP_NEGOTIATE_128
    1: NTLMSSP_NEGOTIATE_KEY_EXCH
    0: NTLMSSP_NEGOTIATE_56
    DomainNameLen : 0x0009 (9)
    DomainNameMaxLen : 0x0009 (9)
    DomainName :
    DomainName : 'WORKGROUP'
    WorkstationLen : 0x0009 (9)
    WorkstationMaxLen : 0x0009 (9)
    Workstation :
    Workstation : 'LOCALHOST'
    Got challenge flags:
    Got NTLMSSP neg_flags=0x628a8215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_TARGET_INFO
    NTLMSSP_NEGOTIATE_VERSION
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    NTLMSSP: Set final flags:
    Got NTLMSSP neg_flags=0x60088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
    IN: async_open(\ahexec, 2)
    IN: async_open_recv
    CTRL: Sending command: get version
    CTRL: Received: version 0x0064
    CTRL: Sending command: set system 1
    run cmd
    CTRL: Received: std_io_err 06880001
    IN: async_open(\ahexec_stdin06880001, 2)
    IN: async_open(\ahexec_stdout06880001, 2)
    IN: async_open(\ahexec_stderr06880001, 2)
    IN: async_open_recv
    IN: async_open_recv
    IN: async_open_recv
    Microsoft Windows [Version 10.0.10240]
    (c) ▒▒௮▒▒▒ ▒▒▒▒▒▒▒▒ (Microsoft Corporation), 2015 ▒. ▒▒ ▒ࠢ▒ ▒▒▒饭▒.

    C:\WINDOWS\system32>

     

    Last edit: Andrew Rusanov 2015-08-17

    • Jason Haar

      Jason Haar - 2015-08-17

      Yeah - sorry I forgot to get back about this - it's a bit more complicated.

      Basically the problem is real - but it doesn't affect all Win10 systems - just one that is based on an dev ISO from several months ago and then went through several upgrades. ie we have some win10 systems where winexe works, but one where it doesn't - but in all cases psexec works just fine

       

Log in to post a comment.