OXIESEC PANEL
- Current Dir:
/
/
usr
/
share
/
nmap
/
nselib
/
data
/
psexec
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
08/07/2020 12:36:00 PM
rwxr-xr-x
📄
README
1.03 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
backdoor.lua
921 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
default.lua
5.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
drives.lua
1.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
examples.lua
2.3 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
experimental.lua
712 bytes
04/16/2018 01:11:39 AM
rw-r--r--
📄
network.lua
4.01 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nmap_service.c
10.55 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
nmap_service.vcproj
3.91 KB
04/16/2018 01:11:39 AM
rw-r--r--
📄
pwdump.lua
1.8 KB
04/16/2018 01:11:39 AM
rw-r--r--
Editing: README
Close
The files in this directory are the data files required for smb-psexec.nse. The .lua files are configurations. Each of these defines a profile for a psexec execution. nmap_service.exe is a program that facilitates the operation of smb-psexec.nse. It is uploaded to the remote host and runs the programs it's directed to run, redirecting their output to a file. This file is then downloaded by the script and displayed to the user. When Nmap released version 5.20, it was discovered that some over-zealous antivirus software tagged this program as spyware[1]. For that reason, when stored on the host machine, it is now encoded by xoring every byte of the file with 0xFF. When uploaded to a target machine, it is decoded in-stream. This prevents programs on the host machine from tagging it as malicious, but does not prevent the target from detecting it (which is arguably a good thing). The encoder.c program reads a program from stdin, encodes it by xoring with 0xFF, and writes it to stdout. [1] http://seclists.org/nmap-dev/2010/q1/198