Jump to content
  • 0
thefugginlegend

Windows Command Prompt (Working)

Question

[EDIT 6/25/2013]

Updated Script to properly check %windir%/ltsvc/ for nc.exe. Coding at 3 am may be hazardous to your health. Carry on. :)

[/EDIT]

 

So.. RockFoo and I spent the evening getting this working. As it was one of those "needtohaves" to get the rest of our techs off of Kaseya. A reliable, working access to command prompt for general purpose behind the scenes work. So without further adieu...

 

Redirector Setup

2zfpsvc.png

 

No real easy way to export/import that i know of. So here are the fields, for your copy+paste pleasure.

 

Name: Command Prompt

Program: %startpath%\RemoteCMD.bat

Arguments: %ComputerName% %LocalIP1% %LocalPort1%

Agent Run Before: start /b %windir%\ltsvc\nc.exe -l -p 1234 -d -e cmd.exe

Agent Run After: taskkill /f /im nc.exe

 

and then Redirected Ports: LocalPort = 0, LocalIP = 127.0.0.1, RemotePort = 1234, RemoteIP = %RemoteIP%, SocketType = 0 (TCP Local Listen)

 

 

The remaining setup consists of files in the zip file attached. Done up in a couple different directories.

 

:Copy to LabTech Share:

This is the nc.exe executable - downloaded from here via script to agent.

 

:Export to LabTech CC Install Folder:

Same nc.exe that runs on local pc to connect through tunnel, and a RemoteCMD.bat file that makes the command prompt look special. Special-ish at least. Titles it as "LabTech Remote CMD: %COMPUTERNAME%". This is for those people that always have 20+ command prompts open, and multiple connections to different sites. It makes it quickly ID'able.

 

:Import Script - Deploy NC.EXE to computer:

Self-explanatory, simple couple-liner that checks if file exists, other wise, downloads nc.exe to LTSVC folder.

 

--- We've got it working pretty reliably. We have noticed that you can only have ONE tunnel open to an agent on a given port at a time. I dunno if this is by design, but it's not a deal breaker for us, we would only really have one tech connecting to a given command prompt at a time anyways.

 

Any questions. Let me know! :D

 

-Donovan

LabTech Remote Command Prompt.zip

Edited by Guest

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

Donovan,

 

Thanks a bunch for putting this together. I haven't got it working yet but did notice one thing while setting this up. The script looks for nc.exe in the %windir% but then downloads it to %windir%\ltsvc\nc.exe.

 

--AJ

Share this post


Link to post
Share on other sites
  • 0

This rocks! I just set it up on our system and gave it a spin. Very cool!

 

The only thing I am missing is tab-completion....

Share this post


Link to post
Share on other sites
  • 0

Implemented this last night and love it. This is extremely useful and works reliably so far. Thanks!

Share this post


Link to post
Share on other sites
  • 0

I'm having trouble making this work from any CC other than the LT Server. :x

 

I have ensured the nc.exe and RemoteCMD.bat exist in the local CC folder. Am I missing something?

 

Thanks.

 

jeff

Share this post


Link to post
Share on other sites
  • 0

One of the first questions I asked when my company was looking at LabTech was "Do we get an interactive command shell to the client machine?"

 

This is a great addition to LabTech. I've set it up and tested it, it works great.

 

BTW, Symantec Endpoint blocks netcat (nc.exe). I had to put exceptions in to use it.

Share this post


Link to post
Share on other sites
  • 0

Just a quick note that I actually modified this a little bit on our end to use ncat.exe (the NMAP implementation of netcat) which is typically viewed as clean by most anti-virus vendors. Also, the traffic can be initiated over SSL. See below:

 

Name: Interactive Command Prompt

Program: %startpath%\ncat.exe

Arguments: -v --ssl %LocalIP1% %LocalPort1%

Agent Run Before: start /b %ltsvcdir%\ncat.exe --ssl -l -p 1234 -c cmd.exe

LocalPort: 0

LocalIP: 127.0.0.1

RemotePort: 1234

RemoteIP: %RemoteIP%

SocketType: 0

Share this post


Link to post
Share on other sites
  • 0

myoung,

 

I implemented this your way with ncat.exe but I cant seem to get it working. I am seeing ncat.exe running on the remote machine and the tunnel builds but the interactive prompt never opens on the local machine. Any ideas?

Share this post


Link to post
Share on other sites
  • 0
myoung,

 

I implemented this your way with ncat.exe but I cant seem to get it working. I am seeing ncat.exe running on the remote machine and the tunnel builds but the interactive prompt never opens on the local machine. Any ideas?

 

Neglected to mention that you will need to have ncat.exe in your C:\Program Files(x86)\Labtech Client\ directory. Sorry about that. The executable can be obtained here: http://nmap.org/ncat/

Share this post


Link to post
Share on other sites
  • 0

Has anyone got this working without tunnels? I notice it has basic ticked in the screenshot but it will not work for me without a tunnel up.

Share this post


Link to post
Share on other sites
  • 0

loving these forums, found so many cool enhancements here that i never knew about

 

I've tried to implement the ncat.exe version from myoung but when i launch it it seems to get stuck on the "start /b %ltsvcdir%\ncat.exe --ssl -l -p 1234 -c cmd.exe" command... start /b is shown in the little tunnel box as if it's trying to run that command, and it freezes my tunnel and never connects. If i also have an RDP session established through this tunnel it freezes too and i have to kill the tunnel

 

anyone else had this problem?

Share this post


Link to post
Share on other sites
  • 0

I found that if it got stuck at start /b it was because ncat or nc (whichever you are using) was not on the remote agent. Or perhaps not in the correct directory.

Share this post


Link to post
Share on other sites
  • 0

thanks Reaper, turns out I went to check the agent and the ncat.exe had disappeared! not sure if AV removed it or something but it's back now and working

Share this post


Link to post
Share on other sites
  • 0

I am running into a couple if issues with this when using ncat.exe from nmap.

1. I manually have to start a tunnel before launching the command prompt redirector. If i try run the redirector without the tunnel then i get a ERR file not found error.

2. I am running Windows 8 , I can run ncat.exe on my computer but when the redirector launches it i get a error "The Application was unable to start correctly (0xc000007b)" Has anyone had similar issues ?

Share this post


Link to post
Share on other sites
  • 0

That specific version of NetCat has been in existence for years and gets flagged by anti-virus vendors due to the potential for misuse (i.e. as a backdoor shell). The ncat.exe executable is an updated implementation of NetCat utilized in NMap and is less likely to show false negatives although offering the same functionality.

Share this post


Link to post
Share on other sites
  • 0

I had this setup and it worked fantastic on our LabTech system, and then we joined the Pilot program and once we got upgrade to LabTech 10.x it no longer works properly. Does anyone know of a fix for this?

Share this post


Link to post
Share on other sites
  • 0

Not a part of the pilot program so I don't know what has changed for the redirector setups. Is it even attempting to launch?

Share this post


Link to post
Share on other sites
  • 0

I have tried both the nc.exe and the ncat.exe and neither are working. I have confirmed the files are present on my workstation under c:\program files (x86)\labtech client and on the clients c:\windows\ltsvc but all I can get is 'ERR-File not found.'. Any ideas?

Share this post


Link to post
Share on other sites
  • 0

I can't seem to get this working correctly.

When I try to run the redirector with nc.exe, I get an ERR: File Not Found.

 

Parameters: 209.90.171.99:70|2123|127.0.0.1|1234|0|start+%2fb+%25windir%25%5cltsvc%5cnc.exe+-l+-p+1234+-d+-e+cmd.exe|

Output: ERR-File not found.

 

However, if I entirely remove the "Agent Run Before" and "Agent Run After" section of the redirector configuration, then log in to the agent and manually run "start /b %windir%\ltsvc\nc.exe -l -p 1234 -d -e cmd.exe", I can run the redirector and get the remote command prompt. So the redirector itself works, but something is not working correctly passing the "Run Before" command to the agent ahead of time.

 

I don't suppose anyone can share any thoughts on this?

Share this post


Link to post
Share on other sites
  • 0

So apparently my development environment just dislikes redirectors - it worked flawlessly in production with nc.exe as described in the original post.

This is awesome! I am overjoyed.

 

I'm having some trouble with the ncat.exe version of the redirector using SSL. Ncat refused to run until I copied libeay32.dll and ssleay.dll to the same folder as ncat.exe, which is no problem, however when I run the redirector, it opens a command prompt window, but closes once I hit enter, whether I type a command or not.

 

If I remove the --ssl part of the command, ncat still requires the two DLL files, but otherwise runs as expected, and the remote CMD window doesn't close when I run something.

I'm not exceedingly concerned with using SSL, so this is not a huge deal. That said, it would definitely be a nice to have.

 

I also noticed that Ctrl+C doesn't work as I would hope - for example, if I run a continuous ping, and want to stop the operation, hitting Ctrl+C kills ncat.exe or the batch file that runs nc.exe or ncat.exe, rather than the ping on the remote machine.

Again, this isn't a dealbreaker, but I noticed the limitation.

 

Thanks again for getting this set up! I have a feeling I'm going to end up pairing this up with a monitor that checks for the existence of ncat.exe and runs a script to deploy the relevant files. That way, all our supported machines are set up for the redirector in advance.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×