Posted by: Talha | April 14, 2006

The open source psexec

(RemCom - The open source psexec) [http://rce.sourceforge.net]

Terminal Services are expensive in terms of bandwidth, Utilities like GotoMyPC and remote control programs like PC Anywhere let you execute programs on remote systems, but they take time to set up and require that you install client software on the remote systems that you wish to access and are extremely costly when it comes to running just some administrative commands over a group of systems.

What is RemCom : RemCom is a small (10KB upx packed) remoteshell / telnet replacement that lets you execute processes on remote windows systems, copy files on remote systems, process there output and stream it back. It allows execution of remote shell commands directly with full interactive console without having to install any client software. On local machines it is also able to impersonate so can be used as a silent replacement for Runas command.

Platform and Language : RemCom is written in C++ and works on NT 4.0, Win2K, Windows XP and Server 2003 including x64 versions of Windows.

Project Insipiration: Mark Russinovich [sysinternals] Psexec.

Backgound: I started this this project to make my own RAT [Remote Administration Tool]. Before this for numerous tasks i used the sysinternals pstools, but my ability to use / extend it was always limited by its liscensing and usage terms. That is why started of writing my own version of something similar to psexec and RemCom was the result.

Some Features :

  • RemCom is open source :) (source available here).
  • You can run as many remote commands on the machine as you want
  • You can execute internal commands (net, netsh, ipconfig) directly : RemCom \\foo-bar-system net start snmp
  • You can start a light “telnet” connection with a remote machine without any telnet server : RemCom.exe \\foo-bar-system cmd
  • You can also copy any file on the remote machine and receive its output.
  • RemCom creates a small ( < 1 KB) service on the remote machine (which it extracts it from itself at runtime).
  • All communication is done via named pipes & RPC .
  • The application removes its traces of the connection and the service on successful disconnect (neat huh?).

RemCom is also used in OCS Inventory NG. See this post .

Future Roadmap:

  • A Pretty UserInterface.
  • Multi Consoles in a single session.
  • A builtin option for fetching files.

Any comments, bugs, wishlists: email to: talha [dot] tariq [at] gmail [dot] com

Source & Download : The most recent version of RemCom is available here.

Hosted by :
Disclaimer: This software is provided “AS IS” with no warranties of any kind. The entire risk arising out of the use or performance of the software is with you.

Posted in Codes & Utilities, Programming, Security

« Procom Poster
Detecting Virtualization »

Responses

Looks really cool

but I’m not convinced it’s THAT much better than psexec…

“You can run as many remote commands on the machine as you want
You can execute internal commands (net, netsh, ipconfig) directly :
xRCE \\foo-bar-system net start snmp

Those a good things, but not much

“You can start a light “telnet” connection with a remote machine without any telnet server : xRCE.exe \\foo-bar-system cmd”
“You can also copy any file on the remote machine and receive its output.”
Psexec does those things too, and the rest is either the same as psexec, or it doesn’t matter.

I’m willing to try something new, but only if I see real benefit… so…. convince me :)

By: Steve on August 1, 2006
at 1:46 pm

it is *open source* :). You can build applications on top of it. customise it, automate it and do what not. sysinternals is also acquired by microsoft so what its future is we do not know yet.

By: Talha on August 1, 2006
at 2:23 pm

Sounds cool and open source–or so claimed. where is the source code? its not at the link provided.

By: David on August 5, 2006
at 11:25 pm

http://rce.sourceforge.net

By: Talha on August 12, 2006
at 6:47 pm

Thanks for making this tool.

You say you can build applications on top of it, but if I understand things correctly, you cannot do so with the existing code. The existing code is implemented as an executable and not a library and thus if you wanted to build an application on top of it you’d have to revise it to be like a library. Why not make a C++ class and just have main call that class? The only thing in the way of that seems to be that the code is written in C (despite the files being .cpp files).

Thanks.

By: Paul on December 6, 2006
at 6:02 am

Hello Talha,

very compliments for your tool.

I discovered it trying to solve a problem with PsExec on Windows NT 4.0 (http://forum.sysinternals.com/forum_posts.asp?TID=440&PN=1&TPN=2 ).

I tryed RemCom on WinNT but I got the error “CreateProcessWithLogonW non found in ADVAPI32.DLL”, that’s as you say very well is an api not present in WinNT 4.

Could you help me?

Thank you very much! :)

By: Lancillotto on February 27, 2007
at 11:17 am

Great job on this tool. Works a lot faster than psexec and doesn’t have the limitations that psexec seems to have. No need for full path’s to exe’s and you can actually run built in shell commands (DIR) with it. Benchmarking some of the scripts I had been using psexec for, this runs around 10 times faster.

By: Nathan on July 1, 2008
at 3:11 am

Leave a response






Your response:

Categories