none
Unable to run VB script on a remote server using c# Asp.Net RRS feed

  • Question

  • I am trying to Run DelTemp-Final.vbs on a remote server which is being imported from a web portal. I tried to use native C# to get the task done, No luck. So I opted for PS tools to help me out. I am stuck with he below scenario. Please help

    Psexec is working using command prompt, but not working with c#

    Below is the command prompt output which is working fine:

    C:\inetpub\wwwroot\DelTemp\Scripts>psexec \\testusit1 -u XXXX\xxxxxxx -p xxxx
    Xxxxxxxx -accepteula -i 0 -d c:\windows\system32\cscript.exe /nologo "\\testusi
    t2\C$\karthik\DelTemp-Final.vbs"
     
    PsExec v2.11 - Execute processes remotely
    Copyright (C) 2001-2014 Mark Russinovich
    Sysinternals - www.sysinternals.com
      
    c:\windows\system32\cscript.exe started on testusit1 with process ID 5452.
     
    C:\inetpub\wwwroot\DelTemp\Scripts>psexec \\testusit2 -u XXXX\xxxxxxx -p xxxxx
    xxxxxxxxx -accepteula -i 0 -d c:\windows\system32\cscript.exe /nologo "\\testusi
    t2\C$\karthik\DelTemp-Final.vbs"
     
    PsExec v2.11 - Execute processes remotely
    Copyright (C) 2001-2014 Mark Russinovich
    Sysinternals - www.sysinternals.com
      
    c:\windows\system32\cscript.exe started on testusit2 with process ID 7416.

    Whereas, the same command does not work when included with c# in asp.net

    Process p = new Process();
    p.StartInfo.UseShellExecute = false;
    p.StartInfo.RedirectStandardOutput = true;
    p.StartInfo.RedirectStandardError = true;
    p.StartInfo.RedirectStandardInput = true;
    p.StartInfo.FileName = @"C:\inetpub\wwwroot\DelTemp\Scripts\PsExec.exe";
    p.StartInfo.Arguments = "\\\\"+li.Text+" -u XXXX\\xxxxxx -p xxxxxxxxxxx -accepteula -i 0 -d c:\\windows\\system32\\cscript.exe /nologo \\\\testusit2\\C$\\karthik\\DelTemp-Final.vbs";
    p.Start();
    string output = p.StandardOutput.ReadToEnd();
    string errormessage = p.StandardError.ReadToEnd();
    p.WaitForExit();
    txtValueA.Text += "PSexec argument :" + p.StartInfo.Arguments;
    txtValueA.Text += "<br/> Output : " + output+ "| error messsage: "+errormessage;

    Output of the above code for two servers is as follows:

    PSexec argument :\\testusit1 -u XXXX\xxxxxxxxxx -p xxxxxxxxxx -accepteula -i 0 -d c:\windows\system32\cscript.exe /nologo \\testusit2\C$\karthik\DelTemp-Final.vbs Output : | error messsage: PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com The handle is invalid. Connecting to testusit1... Starting PSEXESVC service on testusit1... Connecting with PsExec service on testusit1... Error deriving session key:

    PSexec argument :\\testusit2 -u XXXX\xxxxxxxxxxx-p xxxxxxxxxx -accepteula -i 0 -d c:\windows\system32\cscript.exe /nologo \\testusit2\C$\karthik\DelTemp-Final.vbs Output : | error messsage: PsExec v2.11 - Execute processes remotely Copyright (C) 2001-2014 Mark Russinovich Sysinternals - www.sysinternals.com Access is denied. Connecting to testusit2... Starting PSEXESVC service on testusit2... Could not start PSEXESVC service on testusit2: Connecting to testusit2... Starting PSEXESVC service on testusit2... 

    Please assist.. Is there any changes I need to do to the script? Any help is greatly appreciated.

    Thanks a lot in advance :)



    • Edited by KarthikSN Thursday, October 9, 2014 8:01 AM
    Thursday, October 9, 2014 7:40 AM

Answers

  • We have already explained it: You cannot configure a web site to run arbitrary code on a computer that connects to your web server. That would be a violation of security. Imagine if this were possible: A web site that could run any program on your computer? What if the program is malicious? (In fact, you actually are wanting to do something some would consider malicious: Deleting files!) The implications should be obvious.

    The answer is that your project is doomed to failure and will not work the way you want. You will need to stop trying to do this and approach your problem some other way.


    -- Bill Stewart [Bill_Stewart]

    Friday, October 10, 2014 2:25 PM
    Moderator

All replies

  • Sorry but this is not a support forum for the psexec utility.

    It looks like you already started a thread for your question in the PsTools forum, which is the right place to ask this question.


    -- Bill Stewart [Bill_Stewart]

    Thursday, October 9, 2014 2:29 PM
    Moderator
  • There are many, many technical reasons why this cannot be done.  You need to post in the ASP.Net forum to get them to explain why.  It is not a scripting issue.  It is a security and delegation issue around web servers.

    ¯\_(ツ)_/¯

    Thursday, October 9, 2014 2:31 PM
  • I missed the part about ASP.NET (didn't read carefully).

    Are you asking if a web server can run a command on a machine that visits your web site?

    If that's what you are asking, ask yourself: "Imagine if this were possible." (This is also known as: When people ask for security holes as features.)


    -- Bill Stewart [Bill_Stewart]

    Thursday, October 9, 2014 2:34 PM
    Moderator
  • Hi Bill,

    Thanks for looking into this. I have created a portal through which user specifies the server name. I am trying to find a way to run the script 'DelTemp-Final.vbs' on the server specified by the user. I am new to scripting, would be great if you could help me find a way to get this done. I am also trying to use WMI to invoke the process instead of PSTools, not luck so far. :(

    I also found a way to bind the vbs into an exe which runs locally. (not sure if this is gonna help)

    Please assist. Thanks!

    Friday, October 10, 2014 7:28 AM
  • Bill is asking if what you are trying to do makes any sense because it doesn't.  As the question in an ASP.Net forum.  This is not a forum for web server issues.

    What you are trying to do cannot be done.  What you are asking about an EXE makes no sense.

    You need to ask questions about web servers in the web forums.  You need to ask a single question and not a ramble-on of vague questions.  Pleaase try to think clearly and try to understand that this is not the correct forum for your issues.


    ¯\_(ツ)_/¯

    Friday, October 10, 2014 10:57 AM
  • Hi Karthik, I can't make any sense out of your questions, either. Perhaps if you stated your specific goal instead of how you think it needs to be done, we might be able to offer suggestions. As it stands, however, what I initially thought you were asking (run arbitrary scripts on machines that visit your web server) is obviously not possible for security reasons.

    -- Bill Stewart [Bill_Stewart]

    Friday, October 10, 2014 12:22 PM
    Moderator
  • Hello Jrv, Got it. Thank you! 
    Friday, October 10, 2014 12:46 PM
  • Bill,

    Sorry for not being clear earlier. I have posted my requirement in the IIS forum here. Kindly let me know if you can make any sense of it. If not, I would be happy to explain more. Thank you!

    Friday, October 10, 2014 1:50 PM
  • Your issue is about ASP.Net and C#.  It has nothing to do with scripting.  This is not the correct forum.

    What you are trying to do cannot be done because, as Bill has tried to point out,  It violates security restrictions and standards.

    There are ways to do this but you will hve to get the IIS people to help you understand how this can be done and why it is a very bad idea.


    ¯\_(ツ)_/¯

    Friday, October 10, 2014 1:57 PM
  • We have already explained it: You cannot configure a web site to run arbitrary code on a computer that connects to your web server. That would be a violation of security. Imagine if this were possible: A web site that could run any program on your computer? What if the program is malicious? (In fact, you actually are wanting to do something some would consider malicious: Deleting files!) The implications should be obvious.

    The answer is that your project is doomed to failure and will not work the way you want. You will need to stop trying to do this and approach your problem some other way.


    -- Bill Stewart [Bill_Stewart]

    Friday, October 10, 2014 2:25 PM
    Moderator
  • Bill, Thanks for summing that up. That is a disappointment. I will try to find another way to approach this. Thanks again!
    Saturday, October 11, 2014 2:21 AM
  • It's not a disappointment. It's a good thing that's the way it is. I don't want for web sites I visit to be able to run arbitrary code on my computer. That would be very bad.

    -- Bill Stewart [Bill_Stewart]

    Saturday, October 11, 2014 11:22 AM
    Moderator