(RemCom – The open source psexec) [http://rce.sourceforge.net]
Terminal Services are expensive in terms of bandwidth, Utilities like GotoMyPC and remote control programs like PC Anywhere let you execute programs on remote systems, but they take time to set up and require that you install client software on the remote systems that you wish to access and are extremely costly when it comes to running just some administrative commands over a group of systems.
What is RemCom : RemCom is a small (10KB upx packed) remoteshell / telnet replacement that lets you execute processes on remote windows systems, copy files on remote systems, process there output and stream it back. It allows execution of remote shell commands directly with full interactive console without having to install any client software. On local machines it is also able to impersonate so can be used as a silent replacement for Runas command.
Platform and Language : RemCom is written in C++ and works on NT 4.0, Win2K, Windows XP and Server 2003 including x64 versions of Windows.
Project Insipiration: Mark Russinovich [sysinternals] Psexec.
Backgound: I started this this project to make my own RAT [Remote Administration Tool]. Before this for numerous tasks i used the sysinternals pstools, but my ability to use / extend it was always limited by its liscensing and usage terms. That is why started of writing my own version of something similar to psexec and RemCom was the result.
Some Features :
- RemCom is open source :) (source available here).
- You can run as many remote commands on the machine as you want
- You can execute internal commands (net, netsh, ipconfig) directly : RemCom \\foo-bar-system net start snmp
- You can start a light “telnet” connection with a remote machine without any telnet server : RemCom.exe \\foo-bar-system cmd
- You can also copy any file on the remote machine and receive its output.
- RemCom creates a small ( < 1 KB) service on the remote machine (which it extracts it from itself at runtime).
- All communication is done via named pipes & RPC .
- The application removes its traces of the connection and the service on successful disconnect (neat huh?).
RemCom is also used in OCS Inventory NG. See this post .
Future Roadmap:
- A Pretty UserInterface.
- Multi Consoles in a single session.
- A builtin option for fetching files.
Any comments, bugs, wishlists: email to: talha [dot] tariq [at] gmail [dot] com
Source & Download : The most recent version of RemCom is available here.
Hosted by :
Disclaimer: This software is provided “AS IS” with no warranties of any kind. The entire risk arising out of the use or performance of the software is with you.
neat!
By: Abdul Basit on August 14, 2006
at 9:59 am
Somehow, I am not able to execute remote command using this tool. While PsExec works perfect for the same credentials.
It gives error like,
Connecting to remote service … Failed
Couldn’t connect to \\remote_machine\ADMIN$
Access is denied.
By: Prashant on August 22, 2006
at 9:19 am
Prashant,
This might be due to a lot of reasons:
On your target machine check if
1. It is not running Windows XP Home which lacks some of core network functionality required by RCE.
2. The Workstation service is running
3. The Server service is running
4. The Admin$ share is available. (MOST IMPORTANT). Follow these process to check:
a. net use \\Admincomp\Admin$ /user:Admin
b. dir \\Admincomp\Admin$
5. The Windows Network is running and Printer and File Sharing are activated.
6. Incomming network users authenticate as themselves. (Classical Network Authentication requires a non-empty password)
7. Check your firewall settings. By default most firewalls will block any incoming traffice to 135 & 445.
8. You may be experiencing Network Timeouts / loss of packets.
The above checklist is on the basis of my little experience and the issues reported to me so far. In any case if on some machine with same credentials psexec works, RCE should work too. You can always dig in deep: debug the source and check the reason by “GetLastError” from “rc = WNetAddConnection2( &nr, lpszPassword, lpszUser, FALSE );” from the EstablishConnection function.
Hope this helps,
Cheers
By: Talha on August 22, 2006
at 3:52 pm
Does this work on Windows Vista?
By: Yan on August 31, 2006
at 6:43 pm
Hi Tariq,
I have been looking for such utility for a long time. I used Net-Telnet to invoke remote programs on Unix boxes. I did use this tool and it’s very handy. You have done a great job!!.
I am looking forward to hear from you.
BTW:- Where are you located?
Cheers,
~Sujit Apte
By: Sujit Apte on September 5, 2006
at 10:55 am
if i use the following command
net use \\Admincomp\Admin$ /user:Admin
i get the following error
SERVER IS not configured for Remote administration.
and for the following command
net use \\localhost\Admin$ /user:Admin
it prompts for password; which is unable to authenicate.
is there any doc which explains what are the prequistes for getting xrce running on your machine. I am trying all the above mentioned commands in XP machine and i have cross verfied the services mentioned above
By: Inder on September 27, 2006
at 10:45 am
Talha,
Its wonderful tool, it works fine for me over PsTools(psexec). I have little problem, please advise me.
C:\>pstools\remcom \\172.20.1.184 /user:administrator /pwd:epoint0fe reg query HKLM\
Software\Microsoft\Windows NT\CurrentVersion /v ProductName
Remote Command Executor
Copyright 2006 The WiseGuyz [ http://talhatariq.wordpress.com ]
Author: Talha Tariq
Initiating Connection to Remote Service . . . Ok
Error: Too many command-line parameters
Remote command returned 1(0×1)
By: Subhash Yadav on January 4, 2007
at 2:15 pm
Hello,
This product is almost identical to another tool called xCMD.exe that was developed some time ago. I use xCMD.exe as well as psexec for various remote installations and one reason I always find myself going back to psexec is because of the -i (interactive) option.
Do you have any plans to include this option possibly in a future release?
Thanks,
Max
By: Max on January 24, 2007
at 1:36 am
Very cool application any change of adding the ability to load a users profile like psexec
‘-e Loads the specified account’s profile’
By: JonnyG on February 2, 2007
at 1:52 pm
I get the following error when I try to use the /c option.
remcom \\192.168.1.124 /c /user:Administrator /pwd:testing c:\temp\test44.txt
Failed
Couldn’t start remote service
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.
…
According to the documentation this option only copies the specified file to the remote system. (is it trying to execute it?)
Any help would be greatly appreciated…
Many Thanks
David
By: David C on February 13, 2007
at 7:25 pm
I have tried to fix this the above problem myself, with the help of friends who know C++ much better than I do, when we recompile we get the following error…a missing binary file called “ProcComs.bin”.
Do anyone know where this file is…. or where to get it?
Any help would be greatly appreciated…
David
By: David C on February 14, 2007
at 7:25 pm
I would like to execute many .bat file that are located in a network drive from remote computers. I need to use 10 remote CPU’s but the executables are in a network drive.
remcom \\Pc001 cmd P:/public/share/5566.bat /user:user1 /pwd:rej774
I triedm, without sucess..
its is possible ?
Joe
By: Joe on February 19, 2007
at 6:43 pm
hi,
can your appl. be used on win98-client?
thks.
mickey
By: mickey on May 17, 2007
at 9:53 am
i never tested it, but u are most welcome to.
By: Talha on May 17, 2007
at 10:32 am
Talhia,
Very interesting program. Good job.
1) I have also tried the reg query command as Subhash Yadav (see above).
It seems that there is a limit with commands.
Ex :
REMCOM \\W0200968 /user:XXXX /pwd:YYY reg query HKLM\Software\Microsoft works fine, but :
REMCOM \\W0200968 /user:XXXX /pwd:YYY reg query HKLM\Software\Microsoft\Windows NT doen not work fine.
Remote Command Executor
Copyright 2006 The WiseGuyz [ http://talhatariq.wordpress.com ]
Author: Talha Tariq [talha.tariq@gmail.com]
Initiating Connection to Remote Service . . . Ok
Erreur : paramÞtres de ligne de commande non valides
Remote command returned 1(0×1)
2) About the /c command.
REMCOM \\10.153.108.226 /user:XXX /pwd:PPP /c a.txt works fine.
The file a.txt is really downloaded, but we have no access for next commands.
Initiating Connection to Remote Service . . . Ok
We need to CtrlC for stoping
3) About the /d command.
It seems not to work with the /c command.
How can we copy a file in a desired location, and not at C:\WINDOWS\SYSTEM32?
Thanks for the answer
By: Neven on June 21, 2007
at 12:16 pm
Good job
I got a issue.
your binary copies my test perl script to remote machines system32 dir and executes( here i havent specified to copy. its fine if it copies).
The issue is when i edited infact removed certains things in test script and run once again. you binary is executing the previous version that it copied and ran it.
Please help.
Sid
By: Siddhartha on June 27, 2007
at 3:09 pm
Hello, I think that RemCom is a fantastic tool.
I have a doubt. I try to automatizate a backup with this tool, and I try to copy file to server with this command:
remcom \\machine “copy eula.txt \\server\files\novale.txt”
The result is
Acceso denegado.
0 archivos copiados.
Remote command returned 1(0×1)
If I execute copy eula.txt \\server\files\novale.txt in the machine the result is OK.
Do you know how can I use copy to send data to another machine?
Best Regards, Julio.
By: Julio Ríos on July 9, 2007
at 7:26 am
Hello, I have seen that the RemCom code is C++, and the code is executable in windows machine,
It is possible that a future this tool can be used from Linux or another OS diferent that MS Windows to be able to administer Windows computers?
Best regards, Julio.
By: Julio Ríos on July 9, 2007
at 7:31 am
Hey Buddy!
your tool is great, I just request to you one feature. A command line argument to specify TIMEOUT, like the psexec -n 30 if not, if the program fails to connect in a timeout hangs in a neverending loop.
Thanks!
By: Daniel on September 18, 2007
at 1:15 pm
Hi Tariq
I was going to try your tool because of the issues with “psexec” output handling. Like someone else already specified when I login with credentials “/user:username /pwd:password” it says:
Initiating Connection to Remote Service . . . Failed
Couldn’t connect to \\machine-name\ADMIN$
Logon failure: unknown user name or bad password.
Q: Not sure why it says \ADMI$, I’m logging as a user.
As I’ve already stated this works with “psexec” I get through and I use these credentials everyday to log to the remote machine.
Any help/hint will be appreciated.
Roman
By: Radar on September 27, 2007
at 11:32 pm
This tool looks like the way forward for me, it actually works under .NET and I can capture the stdin/out streams unlike psexec, however (inevitably) i have a problem when I try to hit any network resource:
xcopy /E /S /H /I \\server\share\dir C:\tempThrows up this:
Invalid drive specification0 File(s) copied
Also,
net use * \\server\shareyields:
The password is invalid for \\server\share.Type the password for \\server\share: System error 5 has occurred.
Access is denied.
I’m using my own domain admin account to run remcom using /user /pwd arguments. As the help text explains that network resources will be unavailable if I don’t. Looks like network resources are unavailable anyway… This didn’t happen with psexec, any idea what’s going on?
By: Steve on October 9, 2007
at 10:09 am
Very Good. Any chance in porting it to C# ?
By: wurzel on November 1, 2007
at 6:12 pm
Congratulations!
Very useful tool
By: AlexB on December 7, 2007
at 3:43 am
Hi,
i’m currently working with psexec but having some problems :
Is it possible to hide the execution of an executable runned with RemCom ?
Does RemCom runs on Itanium ?
By: Sebastien BEAL on December 10, 2007
at 3:36 pm
Hi Talha Tariq
Please can you explain how to pass command line argument, to install any exe. However
In Psexec Tool
————–
psexec.exe \\hostname –u XXX–p XXX-c -f -i -e E:\win32.exe
In above exe is copied to system32 folder and “installed”
How about in RemCom Tool:
————————
RemCom.exe \\10.100.100.100 /user:XX /pwd:XX /c E:\win32.exe
In RemCom exe is copied to system32 folder only how to trigger the above exe in order to install in remote machine. I want to pass any extra arguments with above command . Please advise me on the same
By: venkiperu on December 11, 2007
at 11:07 am
RemCom DEOS execute a file after copying it on the remote machine, if that is not happening it is either a bug or you are not doing it right.
By: Talha on December 11, 2007
at 11:13 am
Talha
Thanks for your reply. I wan to manually execute through runas command then trigger the exe right.
By: venkiperu on December 11, 2007
at 12:32 pm
remcom.exe is great but it would be helpful if you could login and work as a specific user instead of as the system account
By: Ringster on January 2, 2008
at 3:40 pm
Salam Tariq. That’s Great work, I found it very useful in my project. And its /c option have solved my big problem. Without wasting my time I get your working code and implement it in my project via dll. Thanx Again for your contribution. I will release my working copy of my project soon on sourceforge.net
By: Shaikh Sariq M. on January 30, 2008
at 6:56 am
Hi,
Anyone knows how to remote install a msi package using remcom? My command line is:
remcom \\10.0.0.1 /user:test /pwd:test msiexec /i c:\temp\MBSASetup.msi /qn
MBSASetup.msi is in c:\temp on target machine. The command always hangs. Any idea?
By: Jane on March 10, 2008
at 8:34 pm
In addition to the newer feature of PSexec… duplicating those of BeyondExec (free alternative as well) would be nice.
http://www.beyondlogic.org/solutions/remoteprocess/BeyondExec.htm
By: geepers on March 11, 2008
at 7:40 pm
I believe icluding NT 4.0 in the platforms supported on this page is incorrect. You only support W2K+ per the source.
“Platform and Language : RemCom is written in C++ and works on NT 4.0, Win2K, Windows XP and Server 2003 including x64 versions of Windows.”
By: geepers on March 11, 2008
at 7:42 pm
yea support for NT4.0 is depreciated when I added a few API calls like CreateProcessAsUser for impersonation which Microsoft introduced from windows 2000. I could not find an API which was available on all platforms. In any case why are u using NT 4 still ?
By: Talha on March 11, 2008
at 9:19 pm
> In any case why are u using NT 4 still ?
Pointing out that you should update the “Platform and Language” section on this webpage to NOT include NT4, does not in any way means that I “USE” NT4. Your making a huge jump there.
By: geepers on March 12, 2008
at 6:56 am
[...] the word for you. You can use SlickRun to call and provide parameters to batch files or tools like RemCom and NirCmd to execute complex operations on remote computers using simple commands. The [...]
By: SlickRun | Mathieu Dallaire on March 14, 2008
at 11:46 pm
hi
Your remcom sounds good for its real purpose. But I used to use psexec as a wrapper to execute commands from other software on the localhost for the nowait feature . With psexec I did not need to enter login and password.
If I try remcom . “notepad.exe” it returns login failure.
Do I absolutly need to identify a command on localhost.
Thanks anyway
By: charles on March 31, 2008
at 9:00 pm
My PC is XP
When execute the command remcom.exe we get the following message:
Couldn’t connect to \\fasa-citi\ADMIN$
Access is denied.
We used “net use \\fasa-citi\Admin$ /user:xxxxx”
and get the following message:
System error 5 has occurred.
Access is denied.
Could you help me with this issue.
By: Ernesto Maravi on April 1, 2008
at 4:05 pm
Hi,
This is not a problem of RemCom. The following Knowledge base articles of might be some help:
http://support.microsoft.com/kb/555644
http://www.chicagotech.net/systemerrors.htm#System%20error%20%205%20-%20Access%20is%20denied
By: Talha on April 21, 2008
at 3:23 pm
I am testing the two executable files thats Remcom.exe and Rctrlx.exe, so i wanted to know what is the difference? Coz when i am doing the testing both these behave in the same way. Can you give more details on this Talha.
By: Naseer on June 25, 2008
at 8:49 am
I havent heard of Rctrlx.exe, can u pass me on the link ?
By: Talha on June 25, 2008
at 8:51 am
Brother, here is the link
http://www.geocities.com/gtalon51/projects.html
By: Naseer on June 25, 2008
at 9:26 am
Can you please reply to my query?
By: Naseer on June 26, 2008
at 5:32 am
Still waiting for your reply………
By: Naseer on June 27, 2008
at 8:53 am
you can use anyone of them according to ur wish and needs. I can only answer technical or functional details of Remcom. If u dont want to go deep in code then use anyone as long as they work ..
By: Talha on June 28, 2008
at 5:59 am
1. Can we execute commands that take into a subshell e.g. telnet or invoking cmd.exe etc and then invoking commands within the sub-shell? And how do we do that using this RemCom?
2. Does this remcom support the Hop scenario of command execution e.g. you telnet to system A from where you telnet to a system B and continue this chaining to finally execute a commad like, say “dir”? And how do we do that using this RemCom?
By: Naseer on July 2, 2008
at 5:45 am
Hi — any way to pass a username that includes spaces, like: domain/joe smith
I’ve tried the following, and none seemed to work:
/user:”domain/joe smith”
/user:domain/joe\ smith
“/user:domain/joe smith”
Also, are there any problems if passwords contain characters like @ or . (dot)?
By: Darryl on July 14, 2008
at 4:30 am
I was using psexec to run a batch file on a remote machine, and the batch file executes a setup file from the network to install the application to the remote machine.
I tried RemCom and it seem to work when supplied with the correct credentials. My batch file will run (check IF conditions, copy files, write to output files, etc) up until the point where it needs to run the setup.exe file from the network. Then it returns the “Access is denied” error…
I am very curious as to why this would happen… Any idea how psexec can get around the access restriction but RemCom cant?
By: probedrone on August 5, 2008
at 6:25 pm
I have found the problem. Running the “set” command remotely and directing output to a file, you can see that psexec executes with the given username, while remcom uses “LocalService” as the USERPROFILE environment variable…
any insights?
By: probedrone on August 7, 2008
at 4:43 pm
Thanks! Been banging my head for weeks on the output issues with psexec…This solved my prob.
By: Sean on October 27, 2008
at 5:34 pm
Will this work on Window Vista also?
By: anonymous on November 13, 2008
at 8:55 am
Hi.
My remote host haven’t password and return error:
C:\RemCom_bin_1.2>remcom \\hostname /user:uname /c “xxx.exe”
Initiating Connection to Remote Service . . . Invalid password
Enter Password:
Connecting to remote service … Failed
Couldn’t connect to \\hostname\ADMIN$
Access deny
By: picchio on November 19, 2008
at 6:20 pm
I had some problems with psexec and stdout. Thanks for this great tool! It’s working perfect now!
By: Jeroen on December 9, 2008
at 3:31 pm
Great product. I noticed that with command with spaces ex: reg query xxxxx It has problems. I receive “Error: Invalid command-line parameters” The way I got around it was to have the command within a cmd file and send it to the remote station remcom /c \\hostname c:\temp\batchfile.cmd and that seems to work. In regards to usernames with spaces. I would do a runas /user:domain/adminsitrator password with the alternate credentials on the admin terminal. and then run the remcom app. That way you don’t have the issues. But its a great product and fast. I have had issues with psexec hanging on some workstations even with the -n xx switch. Your app doesn’t hang on a non responsive workstation. Too bad there is no switch to run as service account. But its great.
By: meoverthere on December 26, 2008
at 5:57 pm
Hi!
I’m Tryin to acces to a Windows Vista computer.
At first i can login, and in my cmd i used
net use \\server\\Admin% /USER:usr (asked me for a pasword) and the operation complete succesfully.
But when i send another process to create a Task Sheduler, i receive the message: “Initiating Connection to Remote Service . . . Failed”.
I have already has File & Printer Sharing and I using an administrator user.
Can you help me?
Thank’s in advanced.
By: Marcela on February 5, 2009
at 11:01 pm
Hi there,
We have started to use this very useful tool recently. However it has begun to trigger a Sophos alert ( http://www.sophos.com/security/analyses/suspicious-behavior-and-files/hipsregmod013.html ). I am curious about this as we also use the PsTools suite ( psexec actually ) and this has not triggered Sophos, the mechanics of the two tools are after all very similar.
I know we could simply allow RemCom in Sophos, but I am interested to understand how the two tools might differ in such a way that only one triggers the alert.
Thanks in advance for your help.
Andy
By: Andy McCall on February 17, 2009
at 9:05 am
I love it.
If you run it with this command line, the prompt will tell you which computer you are connected to:
RemCom.exe \\ComputerName “cmd.exe /K prompt $C%computername%$F$S$p$G”
By: Jared on February 28, 2009
at 5:57 pm
Thank you for RemCom – it is a great tool.
I wish I were a talented programmer like yourself.
Would it be hard to see sending the username and password in a secure manner?
I need to run scripts, etc. on remote machines but always need to fear that a remote admin has setup a sniffer that I do not know about it.
Thanks again.
Mark
By: Mark on June 11, 2009
at 1:39 pm
Hi!
Im sure that The Admin$ share is available, the RPC, Winmgmt and LmHosts services are Running.
There’s another reason to return
Initiating Connection to Remote Service . . . Failed
Thank’s
By: mocariz on June 18, 2009
at 7:52 pm
Advice me on how to copy a file into temp folder of remote machine using RemCom.
By: vembu on July 15, 2009
at 9:58 am
We currently use psexec, but are annoyed by its error with stdout when using a hosted scripting process. (Teamcity -> nant -> psexec falls over)
How is RemCom? I’m a bit worried that it hasn’t been updated since 2006.
By: Luke on September 4, 2009
at 5:57 am
Thank you so much for this tool!!! I too had the problem that I could not read the output of psexec from within my own program (Java).
With this tool we can have our server-client integration test automatically start multiple remote clients on other machines and wait until they output a message that they are ready and connected and the test can start!!!
By: SlowStrider on October 6, 2009
at 12:10 am
[...] much searching, I came across RemCom, “the open source psexec”. RemCom performed the same function as PsExec, but it did so without [...]
By: hotgazpacho » Blog Archive » Continuous Integration: Executing Remote Tasks with TeamCity, MSBuild, RemCom, and ExecParse on October 18, 2009
at 3:48 am
Tool seems neat.
Is it encrypting credentials when connecting to a remote server or is it sending them in clear text?
By: Manu on October 27, 2009
at 12:18 pm