Use winexe to start a Windows process

windows linux remote pstools

Solution 1:

How is it possible to start processes that are actually visible on the Windows machine?

A good start would be by creating the process in the session of the currently logged on user. That's usually session 1 if there's only one person logged on. If multiple people are logged on, it might be session 2 or 3 or 27. You'd have to run code in wtsapi32.dll first to find who was connected to which session. In modern versions of Windows, session 0 is reserved for services and system functions.

You're starting a process in session 0, therefore no one can see it.

psexec can start a remote process and let you choose a different session in which to start it, but I don't know of any Linux equivalent. I looked at the man page for winexe and it does not appear to have that option.

Edit: Microsoft's official stance is that launching interactive processes remotely is too big of a security risk, and so they inhibit your ability to do it... but we can still work around it if we're willing to get dirty:

schtasks.exe /create /S COMPUTERNAME /RU "NT AUTHORITY\SYSTEM" /RL HIGHEST /SC ONSTART /TN "RemoteProcess" /TR "program.exe \"argument 1\" \"argument 2\""

schtasks.exe /Run /S COMPUTERNAME /I /TN "RemoteProcess"

schtasks.exe /Delete /S COMPUTERNAME /TN "RemoteProcess"

Related

ulimit not reflected for jenkins slave
Are there internet users connecting with HTTP/1.0?
Find command modified date in output
Aliased network interfaces and isc dhcp server
Percona: Got an error writing communication packets
User cannot access shared printer in Windows Server 2003
How do I avoid Lame DNS or other issues when switching between 3rd party DNS servers?
Exchange 2010 on VMware - can I expand a partition with databases on it?
Apache DDoS Protection in router (pFsense) [duplicate]
W3SVC service stopping error
sudo apt-get install mysql-server fails
ssh: can still use password after setting the key