Updated smb-psexec to finally work on Windows XP, after countless months of it eating away at me. The issue turned out to be an innocuous field in the SMB header, 'process id', which is generally used for connection multiplexing. Apparently, not setting it causes a bug in Windows to surface (I assume it's a bug, anyways) that returns a weird failure code. I found this thanks to Kristof Boeynaems doing some research for me, and then me trying random things to make my packets look more like metasploit's.

2025-12-30 11:29:01 +00:00 · 2010-01-06 03:10:27 +00:00
parent 0189926f92
commit c4237f60b0
2 changed files with 5 additions and 1 deletions
--- a/scripts/smb-psexec.nse
+++ b/scripts/smb-psexec.nse
@@ -468,6 +468,10 @@ end
 function cleanup(host, config)
 	local status, err

+	-- Add a delay here. For some reason, calling this function too quickly causes SMB to close the connection, 
+	-- but even a tiny delay makes that issue go away.  
+	stdnse.sleep(.01)
+
 	-- If the user doesn't want to clean up, don't
 	if(nmap.registry.args.nocleanup == '1' or nmap.registry.args.nocleanup == "true") then
 		return