Updated smb-psexec to finally work on Windows XP, after countless months of it eating away at me. The issue turned out to be an innocuous field in the SMB header, 'process id', which is generally used for connection multiplexing. Apparently, not setting it causes a bug in Windows to surface (I assume it's a bug, anyways) that returns a weird failure code. I found this thanks to Kristof Boeynaems doing some research for me, and then me trying random things to make my packets look more like metasploit's.

2025-12-28 18:39:03 +00:00 · 2010-01-06 03:10:27 +00:00
parent 0189926f92
commit c4237f60b0
2 changed files with 5 additions and 1 deletions
--- a/nselib/smb.lua
+++ b/nselib/smb.lua
@@ -719,7 +719,7 @@ local function smb_encode_header(smb, command)
 				0,            -- extra (signature)
 				0,            -- extra (unused)
 				smb['tid'],   -- tid
-				0,            -- pid
+				12345,        -- pid
 				smb['uid'],   -- uid
 				0             -- mid
 			)