karencho Posted September 20, 2016 Share Posted September 20, 2016 Hello,can someone tell me if possible to run PSEXEC on WAN? Quote Link to comment Share on other sites More sharing options...
digip Posted September 21, 2016 Share Posted September 21, 2016 over a VPN for the same domain and subnet, yes. house to house, through NAT, not really. Quote Link to comment Share on other sites More sharing options...
karencho Posted September 21, 2016 Author Share Posted September 21, 2016 11 hours ago, kdodge said: https://github.com/samyk/pwnat? so if i will portforward it will work? Quote Link to comment Share on other sites More sharing options...
digip Posted September 21, 2016 Share Posted September 21, 2016 pwnat is a client server setup, you install the server on the machine you want to control, and use the client to connect to it, which essentially is just a form of tunnel or vpn in itself. Think of it more like team viewer if you will, only without the third party proxy. I've never used pwnat though. look at the source code though to see what it does. personally I'd just go with a VPN, so my traffic is encrypted to my home network, and from there you can remote into the machine to do whatever you need. Quote Link to comment Share on other sites More sharing options...
Wallruss Posted September 27, 2016 Share Posted September 27, 2016 Agreed. VPN will essentially place you on the 'same network' and make it much easier to run remote management tools like PSExec. If you haven't run it on the remote machine before, be sure to add the 'accept eula' switch to avoid some frustration. Quote Link to comment Share on other sites More sharing options...
pentestgeek Posted September 29, 2016 Share Posted September 29, 2016 psexec requires only an IP address to a server that has SMB listening on port 445. It then binds to ADMIN$ or C$ and makes a bunch of RPC calls to the "Service Control Manager" (SCM). It does not care if you are targeting LAN or WAN. And port forwarding works just fine provided you set it up correctly. If you want to know if psexec will work on IP address x.x.x.x simple open up a Windows explorer window and navigate to \\x.x.x.x\blah. If you get prompted for credentials psexec will work. If not, the system is not broadcasting SMB (at least as far as you are concerned). additionally you could try 'smbclient -L \\x.x.x.x -U ""' from a *nix machine to see if its broadcasting any smb shares. Have a look at these slides for additional information. http://www.slideshare.net/RoyceDavis1/owning-computers-without-shell-access-dark Quote Link to comment Share on other sites More sharing options...
digip Posted September 30, 2016 Share Posted September 30, 2016 7 hours ago, pentestgeek said: psexec requires only an IP address to a server that has SMB listening on port 445. It then binds to ADMIN$ or C$ and makes a bunch of RPC calls to the "Service Control Manager" (SCM). It does not care if you are targeting LAN or WAN. And port forwarding works just fine provided you set it up correctly. If you want to know if psexec will work on IP address x.x.x.x simple open up a Windows explorer window and navigate to \\x.x.x.x\blah. If you get prompted for credentials psexec will work. If not, the system is not broadcasting SMB (at least as far as you are concerned). additionally you could try 'smbclient -L \\x.x.x.x -U ""' from a *nix machine to see if its broadcasting any smb shares. Have a look at these slides for additional information. http://www.slideshare.net/RoyceDavis1/owning-computers-without-shell-access-dark Problem with port forwarding 445 opens up the machine to SMB attacks from the web and potentially the rest of the network and other machines. There is a reason for using a VPN in this instance(or other secure network access methods) vs letting someone have access to your internal network directly via the web. Might as well put it in a DMZ if you want 445 open. Let NAT serve its purpose and use proper tools to do what you want without compromising your machine. I can't see a safe reason to open this port up on the router. Quote Link to comment Share on other sites More sharing options...
pentestgeek Posted September 30, 2016 Share Posted September 30, 2016 I agree, and I would never open up port 445 to the internet. My post was simply in response to the OP's question. "Hello,can someone tell me if possible to run PSEXEC on WAN?" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.