0

I want to execute winexe command through execl function call in a C program. It works if i hard code credentials and machine name in execl call as follows

execl("winexe","winexe","-U","Domain/Username%Password","//hostname","ipconfig",NULL)

But if i replace hostname or credentials with a variable, it is not working.

execl("winexe","winexe","-U",credentials_variable,hostname_variable,"ipconfig",NULL)

Output:

winexe version 1.00
This program may be freely redistributed under the terms of the GNU GPLv3
Usage: winexe [-?] [-?] [-?] [-?NP] [-?NPV] [-?|--help] [--usage] [-d|--debuglevel DEBUGLEVEL]
        [--debug-stderr] [-s|--configfile CONFIGFILE] [--option=name=value]
        [-l|--log-basename LOGFILEBASE] [--leak-report] [--leak-report-full]
        [-R|--name-resolve NAME-RESOLVE-ORDER]
        [-O|--socket-options SOCKETOPTIONS] [-n|--netbiosname NETBIOSNAME]
        [-S|--signing on|off|required] [-W|--workgroup WORKGROUP]
        [--realm=REALM] [-i|--scope SCOPE] [-m|--maxprotocol MAXPROTOCOL]
        [-U|--user [DOMAIN/]USERNAME[%PASSWORD]] [-N|--no-pass]
        [--password=STRING] [-A|--authentication-file FILE] [-P|--machine-pass]
        [--simple-bind-dn=STRING] [-k|--kerberos STRING] [-V|--version]
        [--uninstall] [--reinstall] [--system]
        [--runas=[DOMAIN\]USERNAME%PASSWORD] [--runas-file=FILE]
        [--interactive=0|1] [--ostype=0|1|2] //host command

The above output indicates that it is a syntax error. But i have used the exact string, including / and %, in the variable. Note that am reading the above variables from a file. I have passed variables as arguments to other commands using execl functions but i have no idea why winexe is not working!

Please let me know how to use variables as winexe arguments in execl function call.

Kang
  • 11
  • 5
  • Print those variables and check if they are as you expected before calling execl? – P.P Mar 21 '18 at 11:16
  • Yes. I debugged the program using gdb. print command of gdb printed the variables as expected. – Kang Mar 21 '18 at 11:21
  • You said you are reading from a file. So make sure the escapings are correct, there are no unwanted whitespaces in those variables, etc. Otherwise, it *should* work whether you use variables or passing strings directly to execl. – P.P Mar 21 '18 at 11:40
  • "reading the above variables from a file" - I bet there's a leftover newline and/or carriage return that you're overlooking in the debug print. –  Mar 21 '18 at 12:24
  • gdb print is giving me equivalent ASCII codes and NULL at the remaining end of the string. But if i use x/20bc, am seeing 0xffffc042: 47 '/' 0 '\000' 47 '/' 0 '\000' 115 's' 0 '\000' . Does these '\000' have any impact ? – Kang Mar 21 '18 at 13:01
  • Yes, definitely. Are they perhaps coded in UTF-16? (or wchar_t) – Arndt Jonasson Mar 21 '18 at 13:37
  • @ArndtJonasson Yeah, you are absolutely right! I changed it to a datatype that is not wchar_t and it worked. Thank you all. – Kang Mar 22 '18 at 07:12

0 Answers0