How to run code on a remote machine using non-standard or standard Windows tools?

K

K1ingleonide2018-06-11 17:47:13

System administration

K1ingleonide, 2018-06-11 17:47:13

Greetings.
There is a person who has a local server of one toy spinning, IP is static, the essence of the task is to somehow run a batch file on this remote machine.
At the moment there is a direct connection to the desired folder where I can modify the server, there is also a batch file for the server reboot.
1. I tried to use psexec, added a key to the registry on a remote machine, also changed the local security policy (I don’t remember which parameter is related to the user’s authorization in the system, changed it from a guest to a regular one).
But this did not bear fruit, because I catch "couldn access" for unknown reasons, the user under which I sit in the general access has both read and write rights.

Used commands to execute code

psexec \\{remote-ip} -u DevUser -p {simplePassword} cmd /c "echo 1"
psexec \\{remote-ip} -u DevUser -p {simplePassword} cmd /c "\\{remote-ip}\dir\test.bat"
psexec \\{remote-ip} -u DevUser -p {simplePassword} "notepad.exe"
psexec \\{remote-ip} -u DevUser -p {simplePassword} "c:\WINDOWS\notepad.exe"
net use \\{remote-ip}\ipc$ /user:DevUser {simplePassword}
psexec -u d -p {simplePassword} \\{remote-ip} -h -s -d -accepteula cmd.exe
Test-WsMan {remote-ip}
Invoke-Command -ComputerName {remote-ip} -ScriptBlock { Write-Output "test"; } -credential DevUser

2. There are thoughts about raising the http server, but I don’t know which server can force the GET request handler to execute the code or run the same batch file in the directory.
Maybe you have come across similar problems and suggest an http server that can solve my problem. My vision of the server config is something like
[GET] Index "start C:\Workshop\Index.bat"
[GET] Help "echo help && start C:\Workshop\help\test.bat" The hodgepodge
above is from the bullshit, just to be at least some understanding of the problem.
I’ll also leave a wish that I don’t want to pull Noda, python, etc. onto a person’s car, the car is still not mine, I just want to simplify the task for a person and restart the server remotely, a person cannot always restart the server.
Just a small server, an executable file and its config handler.
I hope for your help.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

R

res2001, 2018-06-11
@res2001

On account of "couldn't access" - interferes with UAC. To bypass it (for remote access to a computer with administrator rights), you need to set the key in the registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
LocalAccountTokenFilterPolicy [REG_DWORD] = 1
And, of course, you need to execute from a user with administrator rights.
psexec works fine.
There is also a native tool - wmic .
For wmic, you can set the remote username and password in the options (see wmic /?). The user must also have administrator rights on the remote computer.
There is also winrm, but I won’t tell you right away how to cook it correctly.
PS: the remote launch tools in Windows are for the needs of the administrator, so administrator rights are required everywhere. If you need without admin rights, then you can set up a remote desktop and let people come in via RDP and run whatever they need with their hands.
PPS: if the application somehow interacts with the user interface (opens windows, etc., etc.), then when running remotely via psexec or wmic, there may be difficulties, because for remote launch, a separate user session is created that is not associated with a local session. Accordingly, the application will have nowhere to open its windows. Because of this, it may not be possible to launch the application remotely. Console applications run normally - they automatically redirect output to your remote machine. In psexec, you must use the -i switch to allow an application to open windows. There is no such key in wmic, in my opinion.

G

GavriKos, 2018-06-11
@GavriKos

Use telnet or ssh.

A

Artem @Jump, 2018-06-11
Tag

If there is access to files, then a crutch but quite a working version with a batch file is also possible.
Create a task in the scheduler to launch a batch file every five minutes, for example.
Your batch file is empty. Nothing comes through.
How to do something - write down the necessary commands in the batch file.
The next time you run them, they will be executed.

S

Saboteur, 2018-06-11
@saboteur_kiev

Option 1. Install the openssh server on your computer and connect via ssh to the command line.
Option 2. Any web server will allow you to execute the batch file in the usual way - in mybat.php you can embed the exec external command
Option 3. Apache HTTPD allows you to execute CGI, that is, you can force it to execute your batch files.