The wkssvc interface is used to manage the lanmanworkstation service.
IDL (Interface Definition Language) for the wkssvc interface is available in Samba 4 [62].
Table 4.26. wkssvc operations
| Interface | Operation number | Operation name | Windows API |
|---|---|---|---|
| 6bffd098-a112-3610-9833-46c3f87e345a v1.0: wkssvc | |||
| 0x00 | NetrWkstaGetInfo | NetWkstaGetInfo | |
| 0x01 | NetrWkstaSetInfo | NetWkstaSetInfo | |
| 0x02 | NetrWkstaUserEnum | NetWkstaUserEnum | |
| 0x03 | NetrWkstaUserGetInfo | NetWkstaUserGetInfo | |
| 0x04 | NetrWkstaUserSetInfo | NetWkstaUserSetInfo | |
| 0x05 | NetrWkstaTransportEnum | NetWkstaTransportEnum | |
| 0x06 | NetrWkstaTransportAdd | NetWkstaTransportAdd | |
| 0x07 | NetrWkstaTransportDel | NetWkstaTransportDel | |
| 0x08 | NetrUseAdd | NetUseAdd | |
| 0x09 | NetrUseGetInfo | NetUseGetInfo | |
| 0x0a | NetrUseDel | NetUseDel | |
| 0x0b | NetrUseEnum | NetUseEnum | |
| 0x0c | NetrMessageBufferSend | NetMessageBufferSend | |
| 0x0d | NetrWorkstationStatisticsGet | NetWkstaStatisticsGet | |
| 0x0e | NetrLogonDomainNameAdd | ||
| > Windows 2000 | 0x0f | NetrLogonDomainNameDel | |
| - | 0x10 | NetrJoinDomain | NetJoinDomain |
| - | 0x11 | NetrUnjoinDomain | NetUnjoinDomain |
| - | 0x12 | NetrValidateName | NetValidateName |
| - | 0x13 | NetrRenameMachineInDomain | NetRenameMachineInDomain |
| - | 0x14 | NetrGetJoinInformation | NetGetJoinInformation |
| - | 0x15 | NetrGetJoinableOUs | NetGetJoinableOUs |
| - | 0x16 | NetrJoinDomain2 | NetJoinDomain |
| - | 0x17 | NetrUnjoinDomain2 | NetUnjoinDomain |
| - | 0x18 | NetrRenameMachineInDomain2 | NetRenameMachineInDomain |
| - | 0x19 | NetrValidateName2 | NetValidateName |
| - | 0x1a | NetrGetJoinableOUs2 | NetGetJoinableOUs |
| > Windows XP and Windows Server 2003 | 0x1b | NetrAddAlternateComputerName | NetAddAlternateComputerName |
| - | 0x1c | NetrRemoveAlternateComputerName | NetRemoveAlternateComputerName |
| - | 0x1d | NetrSetPrimaryComputerName | NetSetPrimaryComputerName |
| - | 0x1e | NetrEnumerateComputerNames | NetEnumerateComputerNames |
| - | 0x1f | NetrWorkstationResetDfsCache |
A vulnerability in the workstation service was discovered by Yuji Ukai [64] and fixed by Microsoft in November 2003 in the MS03-049 security bulletin [65]. It can be exploited anonymously because it is always possible to open the wkssvc named pipe in the context of a NULL session, as explained earlier.
Obtaining general information on the workstation service:
Managing SMB sessions (client-side):
Managing transport mappings for the SMB redirector:
Preparing a join operation:
Joining or unjoining a remote machine to a domain:
Managing computer names: