Jump to content

remote shutdown


Guest bitingsock
 Share

Recommended Posts

Guest bitingsock

HI!

So here's the deal: my brother has gotten pretty good with autoit and he made a remote shutdown script, I on the other hand well lets just say the limit to my skills is just about "leftclick(", "send(", and "sleep(".

Now, this shut down script can shutdown anyone on the network. My question is: is there a way I can block him from doing it to me?/a way I can Immunate my self?

Help me! I'm gettin' kinda irratated. :)

Thx

Link to comment
Share on other sites

  • Developers

HI!

So here's the deal: my brother has gotten pretty good with autoit and he made a remote shutdown script, I on the other hand well lets just say the limit to my skills is just about "leftclick(", "send(", and "sleep(".

Now, this shut down script can shutdown anyone on the network. My question is: is there a way I can block him from doing it to me?/a way I can Immunate my self?

Help me! I'm gettin' kinda irratated. :)

Thx

<{POST_SNAPBACK}>

Remote execution via RPC is only possible when you know an account that has Administrator privileges..... so, change the password of the account he knows.

This is not really an AutoIT function but you use a utility like PSEXEC or PSSHUTDOWN to accomplish this...

Another possibility is that you pc is "Infected" with a script that is constandly running or launched via the task scheduler........

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • 2 weeks later...
Guest bitingsock

hmmm...

i dont think thats it...

would it help if i sent you the actual script?

and if so, how?

Link to comment
Share on other sites

Guest bitingsock

he can shut anyone down...

anyone on the network...

as an example: any onw at a lan party.

just...does it

Link to comment
Share on other sites

he can shut anyone down...

anyone on the network...

as an example: any onw at a lan party.

just...does it

<{POST_SNAPBACK}>

I dont think he can shutdown anyone. Only those that:

1. have an admin account on their computer for which he knows the password

2. have not installed all security patches

Both things cannot be done with AutoIt alone. To stop him from doing it, you need to find out what of this he has done. This means changing the passwords for your accounts on your computer and installing all security updates. and then checking if there's anything left (try going to Start -> Run -> msconfig.exe and check if there's anything strange and for that you need to know your computer).

Link to comment
Share on other sites

  • 1 month later...

www.zonelabs.com

get zonealarms firewall

and make sure YOU are the only account on your comp with admin access... and change the pass

Ive been trying to do things remotely on a network where i have the domain (not enterprise) password and i havent been able to get it to work yet :(

Link to comment
Share on other sites

can u send me ur brother script...

may be it is useful for my work..

Afsar

hmmm...

i dont think thats it...

would it help if i sent you the actual script?

and if so, how?

<{POST_SNAPBACK}>

Link to comment
Share on other sites

hmmm...

i dont think thats it...

would it help if i sent you the actual script?

and if so, how?

<{POST_SNAPBACK}>

I would like to see the script. I could then tell you exactly what he is doing to be able to call those procedures. You can PM me if you would like.

JS

AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Link to comment
Share on other sites

  • 3 months later...

Remote execution via RPC is only possible when you know an account that has Administrator privileges.....  so, change the password of the account he knows.

This is not really an AutoIT function but you use a utility like PSEXEC or PSSHUTDOWN to accomplish this...

Another possibility is that you pc is "Infected" with a script that is constandly running or launched via the task scheduler........

<{POST_SNAPBACK}>

this is something personal for documentation

to operate with remote pc's which tool is better in PsExec.exe and BeyondExec.exe from www.sysinternals.com and www.beyondlogic.com and please tell me the reason also?

i preferred psexec.exe but i have to write in documentation why i chosen it..?

thanx for help

Link to comment
Share on other sites

You haven't mentioned what OS yet.

Assuming Windows XP, here are some options:

1. Stop and disable the "Remote Procedure Call (RPC)" service.

or

2. Using GPEDIT.MSC

a. Under Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy, change "Audit account logon events", "Audit logon events", "and "Audit privledge use" to success AND failure. Attempts to access the computer will be logged in the Security Event Log. This will also give you ammunition to show your parents or whoever that your brother is doing stuff to piss you off. Of course, this is ludacris since you should be getting him back, not "telling Mommy." :dance:

b. Under Computer Configuration -> Windows Settings -> Local Policies -> Audit Policy, remove "Everyone" from "Access this computer from the network." Assuming he doesn't have a local account on your computer, make this only "Authenticated Users" or "Administrators". Also remove all entries from the "Force shutdown from a remote system" policy. Keep the policy defined, but with no entries.

c. Once you've caught him in the Security log because of the auditing settings and know what account he's using, put that account in the "Deny access to this computer from the network" policy, unless of course it's Administrator or your account.

d. If you're still using Administrator, create yourself a new account, put it in the Administrators group, login under that ID, disable Administrator and rename it to something he won't guess.

3. Look for some corporate security hardening procedures on Google or Microsoft's website and implement them. They usually walk you through it step-by-step in case you don't think you'll know how to do it.

Good luck! :whistle:

My UDFs: ExitCodes

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...