Summary
Report errors:
ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETERReason:
After doing a lot of research on code, hacker attacks and reading a lot of websites and even discussing topics with MS, the root cause of the problem is that Microsoft has deleted SMB1.0 from Windows 8.1 and Windows Server 2012 R2. See: http//technet.microsoft.com/en-us/library/dn303411.aspx To get the deleted complete list. After spending as much time as possible (to make sure it lasts no less than a few days) studying winexe code, it seems that winexe uses smbclient's SMB 1.0 library.
Solution: Compile winexe-1.1
yum install \
gcc \
perl \
mingw-binutils-generic \
mingw-filesystem-base \
mingw32-binutils \
mingw32-cpp \
mingw32-crt \
mingw32-filesystem \
mingw32-gcc \
mingw32-headers \
mingw64-binutils \
mingw64-cpp \
mingw64-crt \
mingw64-filesystem \
mingw64-gcc \
mingw64-headers \
libcom_err-devel \
libacl-devel \
gnutls-devel \
openldap-devel \
popt-devel \
zlib-devel \
zlib-static \
glibc-devel \
glibc-static \
python-devel -y
yum remove \
libbsd-devel
git clone https://github.com/opinkerfi/winexe-waf winexe-waf
cd winexe-waf
git clone git://git.samba.org/samba.git samba
cd samba
git reset --hard a6bda1f2bc85779feb9680bc74821da5ccd401c5
cd ..
sed -i "s/lib='dl'$/lib='dl gnutls'/" source/wscript_build
cd source
./waf --samba-dir=../samba configure build
build/winexe-static --helpCompiled files: https://pan.baidu.com/s/1YOQNUjyWDQUoBrS_nXy7XQ
Reference link for the original text: https://sourceforge.net/p/winexe/bugs/30/
Below is the translation of the problem, a bit long, deleted some log output content, interested can see the original post:
problem
Due to the changes of Windows 8.1 and windows Server 2012 R2, some versions of windows machines run the winexe command incorrectly:
ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER
When we ran winexe on previous versions of Windows 8.1 Bule, everything was normal.
When running - d 11 with the same command, the last lines are as follows:
Shutdown SMB signing
SMB Signing is not negotiated by the peer
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 21 20 90 DB A7 BC 3B 8D ! ....;.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB Signing is not negotiated by the peer
IN: async_open(\pipe\ahexec, 2)
IN: async_open_recv
ERROR: smb_raw_open_recv - NT_STATUS_INVALID_PARAMETER
ERROR: on_ctrl_pipe_error - NT_STATUS_INVALID_PARAMETER
ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER
winexesvc service is installed and running
Note: We have to add two lines to any EXE in our own code (C #) to make the previous outbound communication work work even where it works normally in Windows 8:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
I would like to ask if you have encountered similar situations.
discuss
William M. Rawls - 2013-07-11
I'm sure I have the same problem with Windows 8.1 and Windows Server 2012 R2
William M. Rawls- 2013-07-11
I try to download and compile windows service,I'm sure there's a need for change here. I opened it. debug. I got the output of the test.((Windows Blue / Server 2012 R2):
----Begin Bad
winexesvc: StartServiceCtrlDispatcher 126
winexesvc: RegisterServiceCtrlHandler
winexesvc: Returning the Main Thread
server_loop: alive
server_loop: CreatePipesSA done
server_loop: Create Pipe
server_loop: Connect Pipe
server_loop: Connect Pipe(0) pending
----End Bad
//For comparison, I run the same command on Windows Server 2008 R2 with winexesvc.exe, debug log:
----Begin Good
winexesvc: StartServiceCtrlDispatcher 126
winexesvc: StartServiceCtrlDispatcher (1063)
winexesvc: StartServiceCtrlDispatcher 126
winexesvc: RegisterServiceCtrlHandler
server_loop: alive
winexesvc: Returning the Main Thread
server_loop: CreatePipesSA done
server_loop: Create Pipe
server_loop: Connect Pipe
server_loop: Connect Pipe(0) pending
server_loop: CreateThread
server_loop: Thread created
server_loop: Create Pipe
server_loop: Connect Pipe
server_loop: Connect Pipe(0) pending
Retrieved line: "get version"
Retrieved line: "run ipconfig"
WaitForMultipleObjects=1
server_loop: CreateThread
server_loop: Thread created
server_loop: Create Pipe
server_loop: Connect Pipe
server_loop: Connect Pipe(0) pending
Retrieved line: "get version"
Retrieved line: "run ipconfig"
WaitForMultipleObjects=1
----End Good
ahajda- 2013-07-12
It looks like a problem between winexe and Windows 8.1. winexesvc seems to work normally. Can you check that smbclient works normally? Run it with the same credentials and try to connect to share// host / admin $, and use the - d 99 option to post the run log.
William M. Rawls - 2013-07-12
What needs to be pointed out is that Windows Blue Carry on winexe Connection, authentication and installation winexesvc It's normal.,Until you try it winexe Receive ahexec What ends in the pipe.
//The following is the result of the request run: (IPs and names are changeable but not contiguous)
smbclient Run in Windows Blue 8.1,Visit ADMIN $(No problem?)
----Begin Blue
INFO: Current debug levels:
all: 99
tdb: 99
printdrivers: 99
lanman: 99
smb: 99
rpc_parse: 99
rpc_srv: 99
rpc_cli: 99
passdb: 99
sam: 99
......(ellipsis)
smb: >
----End Blue
//The output of the command ls is consistent with the expected result (c: windows contents)
smbclient Run in Windows Blue 8.1 R2,Visit ADMIN $(No problem?)
----Begin 2008
INFO: Current debug levels:
all: 99
tdb: 99
printdrivers: 99
lanman: 99
smb: 99
rpc_parse: 99
rpc_srv: 99
......(ellipsis)
Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7601 Service Pack 1] Server=[Windows Server 2008 R2 Enterprise 6.1]
session setup ok
s3_event: Added timed event "tevent_req_timedout": 0x1b02698
s3_event: Schedule immediate event "tevent_queue_immediate_trigger": 0x1ae12f0
s3_event: Run immediate event "tevent_queue_immediate_trigger": 0x1ae12f0
s3_event: Destroying timer event 0x1b02698 "tevent_req_timedout"
tconx ok
smb: >
----End 2008
William M. Rawls - 2013-07-16
I ran some custom commands to read and write remote named pipes, and to write and read ahexec pipes. PSExec also applies to 8.1.
William M. Rawls - 2013-07-19
After doing a lot of research on code, hacker attacks, reading a lot of websites and even discussing topics with MS, the root cause of the problem is that Microsoft has deleted SMB1.0 from Windows 8.1 and Windows Server 2012 R2. See http//technet.microsoft.com/en-us/library/dn303411.aspx for a complete list of deleted items. After spending as much time as possible (to make sure it lasts no less than a few days) studying winexe code, it seems that winexe uses smbclient's SMB 1.0 library. For intentional backward compatibility, we use the lowest common Demoninator ourselves to ensure that as many people as possible can use my code.
If, as I said, if SMB1 is not available, if it does not use SMB2 at least, then winexe or winexe-waf (built yesterday) will hit the wall. On this point, I hope you can refute me and put forward other opinions. smbclient has no problem communicating with sockets. I assume that the executable automatically tries to use the newer version of SMB...
Mark - 2013-07-20
Execute in the shell:
cat </dev/null|winexe
It works, but why... I don't know either
William M. Rawls - 2013-07-20
I tried your method and made the same mistake:
ERROR: smb_raw_open_recv - NT_STATUS_INVALID_PARAMETER
ERROR: on_ctrl_pipe_error - NT_STATUS_INVALID_PARAMETER
ERROR: Cannot open control pipe - NT_STATUS_INVALID_PARAMETER
William M. Rawls - 2013-07-20
I can tell you about the error that occurred when calling smbcli_request_is_error (req) in smb_raw_open_recv. Obviously req - > state is smbcli_request_receive (req) operation is no problem.
Mark - 2013-07-20
I use it in shell scripts (cat </ dev / null | winexe)
preusercmd.sh
cat </ dev / null | $ WINEXE --uninstall --interactive = 0 -U $ UNAME -W $ WRKGRP
--password = $ PWD // $ BOX'cmd.exe /cc:backuppcpre-exec.cmd '
It's useful for me.
William M. Rawls - 2013-07-20
I tried this approach as you suggested, but with the same error message, do you run these commands with Windows 8.1 preview and/or Windows Server 2012 R2 preview (I use the latest version).
ahajda - 2013-07-21
I think Marks's suggestion is to address the problem that winexe does not use file redirection. As for your discovery of smb/smb2, I doubt it is the main reason, but I think I will not be able to finish this work in late August. Anyway, thank you for your research, it should be helpful for my patch development.
William M. Rawls - 2013-07-21
I can wait a month or more. If I can find some excellent documents about samba (and possibly it), I can solve this problem by myself. Unfortunately, this is the first time I have been exposed to the internal operation of smba. There seems to be a lack of information about its developers. I'm sure I just missed something obvious.
Bless you
William M. Rawls
http://my.william-rawls.info
William M. Rawls - 2013-08-12
Hey, hello, my boss asked me to ask you if winexe's support for Win8.1 could be achieved in August.
Bless you
William M. Rawls
http://my.william-rawls.info
ahajda - 2013-08-19
Yes, I hope it can be settled this week.
Regards
Andrzej
ahajda - 2013-08-22
I just uploaded a patch to solve this problem, at least on my machine. Please test it on as many machines as possible.
doubleparadoxx - 2013-11-06
Is the patch still useful?
Thomas Hood - 2013-11-07
Patches have been applied to the current code. You can get the latest code:
git clone git://git.code.sf.net/p/winexe/winexe-waf winexe-winexe-waf
After compiling the source code, you can get winexe 1.1
Thomas Hood - 2013-08-22
1. status: open --> closed-fixed
2. Priority: medium --> high
William M. Rawls - 2013-08-23
Follow your next steps, you must allow Netlogon to change firewall rules through the firewall to make it work, and then preview everything in Windows XP 32, 732, 764, 832, 864, Windows Blue preview, Server 2008 R2, Server 2012 and Server 2012 R2.
VM XP cannot open the connection (psexec works)
Change Firewall File Sharing Range Re-test Successful!
VM 7 32 could not open the connection (psexec works)
Failure to prevent NetLogon from retesting successfully
VM 7 64 could not open the connection (psexec works)
Failure to prevent NetLogon from retesting successfully
VM 8 32 could not open the connection (psexec works)
Failure to prevent NetLogon from retesting successfully
VM 8 64 Lucky Firewall crashed, so it didn't encounter the same problem.
VM Blue cannot open the connection (psexec works)
Unblocked NetLogon Retest Successful
VM 2008 passed
HV 2008 passed
HV 2012 passed
HV 12R2 passes
Although cross-operating system testing is not very extensive, it still shows that the basics are applicable to all versions.
Thomas Hood - 2013-08-24
1. We should always test winexe like this. What do you do?
2. Why does psexec not work and there is no winexe (no firewall changes)?
William M. Rawls - 2013-08-23
Thank you very much for your work in this area.
William M. Rawls - 2013-08-24
1. I have a Hyper-V hypervisor (in my case Hyper-V) that has set up a virtual machine, and each operating system is used to test the code I wrote for our product. Therefore, it's easy to start ubuntu and other VM s and run the same winexe command on them.
2. I would say that psexec does not send authentication like winexe 1.1. I have to check this out carefully, but winexe 1.0 is also applicable to all operating systems, except for the new operating system, which convinces me that winexe 1.1 requires netlogon services in the way that winexe 1.1 does not, but that's just a guess.
anup wattamwar - 2014-03-13
How to work on Linux... I got msg NT_STATUS_INVALID_PARAMETER when I connected on Windows 8.1. I tried to compile the complete source but could not work on ubuntu. When will any patches or new winexe-1.1 for winexe-1.0.0 be released?
Thomas Hood - 2014-03-13
Any patches for 1.winexe-1.0.0
Sorry, No.
2. When is the new winexe-1.1 being released?
Build winexe 1.1-prerelease from source code (that is, from the "current" or "winexe-waf" git repository) and use it until winexe is officially released.