On Tue, 31 Dec 2002, Simo Sorce wrote: > Thank you Willi, > unfortuately the traces is encapsulated in an ntlmssp encrypted session > so I cannot see anything. > Can you kindly disable ntlmssp and redo the sniff from beginning? > feel free to send the sniff only to me if you fear information > disclosure.
Hmmm, I would be interested in seeing that. De[l]vin posted some patches to Ethereal that might be able to deal with that, given the key :-) > Simo. > > On Tue, 2002-12-31 at 00:38, Willi Mann wrote: > > Hi Simo! > > > > I've put the sniff and the script which produced the shutdown on my > > homepage: > > > > http://www.wm1.at/samba/wmisniff.bin > > http://www.wm1.at/samba/RemoteShutdown.vbs > > > > w2k Professional german (192.168.0.1, P4) has the sniffer and asks a w2k > > server german (192.168.0.254, WILLI) to do the shutdown. It only works > > if you have the same passwords on both of the two machines. Don't ask me > > about the sense of the for--next loop. > > > > Willi > > > > > > Simo Sorce wrote: > > > > >On Mon, 2002-12-30 at 01:06, Willi Mann wrote: > > > > > > > > >>Hi Andrew! > > >> > > >>The existing net rpc shutdown function doesn't seem to be able to do a > > >>power off. It seems to be an implementation of the > > >>initiateSystemShutdown API-call, which is used in many freeware > > >>closed-source shutdown applications. I've played around with the flags > > >>in the current Samba-implementation with the following result: > > >>If one of the first 8 bits is set to 1 the machine reboots. > > >>The second 8 bits mark the forced shutdown but I haven't verified that > > >>it makes a difference to non-forced shutdowns. > > >> > > >> > > > > > >the 16bit flags we show in the source are really 2 booleans in the form > > >of two bytes imho, I'm modifying the code in samba to behave this way. > > > > > >I made some test and I think you are right the rpc shutdown function is > > >equivalent to InitiateSystemShutdownEx call on windows, so no power off > > >possible, only the 2 booleans: force shutdown and reboot on shutdown. > > > > > > > > > > > >>There is a way for a working remote power off. The WMI-framework > > >>provides a function called win32shutdown. This function is also used by > > >>the Management Console-Shutdown. It offers nearly all flags which are > > >>available in the ExitWindowsEx-function. It is completely different to > > >>the net rpc shutdown. I've modified a VBscript-example provided in the > > >>WMI-SDK to get the shortest possible shutdown-session and sniffed it. > > >>There are about 100 packets on the wire (incl. authentication, SYNs, > > >>RSTs, etc.) I'll try to work out more about that in the next few days. > > >> > > >> > > > > > >If you can send me the trace (ina aformate readable by ethereal) I'm > > >interested at looking into it and see how it is done. > > > > > >Simo. > > > > > > > > > > -- Regards ----- Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
