Microsoft Windows SMB Named Pipe Transport and Service
Implement a Microsoft Windows SMB named pipe transport and service.
Pushy should be able to connect to remote Windows machines. This can be done at the moment by running an SSH daemon. Ideally, Pushy should not require anything non-standard on the Windows machine to be pre-existing.
Proposed solution is to implement a Windows service that runs a named-pipe server. The server will impersonate clients, and execute a command that is send to the named pipe, and then connect pipes to the standard I/O of the sub-process.
On the client (Pushy)-side, a connection to the named-pipe server will be made using Impacket, or some other Python SMB package. To support the "no pre-existing non-standard software" scenario, Pushy should support the ability to remotely create the service via the service control manager RPC interface.
Blueprint information
- Status:
- Complete
- Approver:
- Andrew Wilkins
- Priority:
- Medium
- Drafter:
- Andrew Wilkins
- Direction:
- Approved
- Assignee:
- Andrew Wilkins
- Definition:
- Approved
- Series goal:
- Accepted for 0.3
- Implementation:
- Implemented
- Milestone target:
- 0.3
- Started by
- Andrew Wilkins
- Completed by
- Andrew Wilkins
Whiteboard
Basic implementation is complete.
Deferring following tasks:
- Utility for remotely installing Windows service.
- Test Impacket more thoroughly. Have found a defect related to passing domain through when using plaintext authentication.
- Need to ensure use of NTLMv1, NTLMv2 for authenticating are possible from non-Windows system (i.e. using Impacket or other).