We've got an Ubuntu 14.04.1 system here running winexe 1.0 installed with apt-get.
The following command works normally and produces the following output:
winexe -U DOMAIN\\<userid> //system.domain.tld "tasklist"
Password for [DOMAIN\userid]:
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 308 K
smss.exe 276 Services 0 1,256 K
csrss.exe 372 Services 0 6,356 K
wininit.exe 416 Services 0 4,704 K
csrss.exe 424 Console 1 6,992 K
winlogon.exe 476 Console 1 4,588 K
services.exe 520 Services 0 25,404 K
etc....
When we try the following command it fails:
winexe -d 2 -A /opt/jaeger/credentials.cfg //system.domain.tld "tasklist"
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE.
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm CNXPROD)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE
The file
/opt/jaeger/credentials.cfg
contains the same userid, password and domain as what is on the command line version and its permissions and ownership are as follows so I don't see that as an issue:
-rw-rw-r-- 1 ubuntu ubuntu 51 Feb 24 16:07 credentials.cfg
The other command we are trying and failing with is
winexe -d 10 -A /opt/jaeger/credentials.cfg //system.domain.tld "cmd /c dir \\systyem\jaeger_deployments\DPLY-1033"
adding hidden service IPC$
adding hidden service ADMIN$
failed to get principal from default ccache: No such file or directory: open(/tmp/krb5cc_0): No such file or directory
winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
Using binding ncacn_np:vibcifpwa02.mgmt.cnxprod.com[,print]
Mapped to DCERPC endpoint \pipe\svcctl
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Cannot reach a KDC we require to contact
cifs@system.domain.tld
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 86 B6 4E 2F 7C 1F E8 84 ..N/|...
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: Cannot connect to svcctl pipe. NT_STATUS_LOGON_FAILURE.
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
added interface ip=10.30.10.200 nmask=255.255.255.0
added interface ip=192.168.212.120 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is not_defined_in_RFC4178@please_ignore
Starting GENSEC submechanism gssapi_krb5
kinit for userid@DOMAIN failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm DOMAIN)
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm
Cannot reach a KDC we require to contact
cifs@system.domain.tld
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 0E DB 9E E4 CA 8F 13 18 ........
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE
Can anyone assist with getting this working??