We found an application which was somewhat difficult to decode/reverse engineer but we were able to reverse engineer some comments.
*.pwl help loginw version 2.2.2
Copyright © 2005-2007 Altiris, Inc. All Rights Reserved.
Usage: loginw has 4 modes: Authenticate mode, Ping mode, IP mode, Generate mode
Authenticate mode (authenticate network connection):
loginw [-f "pwlFile[;...]"] -c "computer[;...]" -d "domain" [-t seconds] [-e [all]] [-u] [-r] [-v]
-f pwlFile[;pwlFile2;...] = filename(s) of password file(s)
-c computer[:pwlFile][;computer2[:pwlFile2];...] = computer(s) (or ip address) to connect to
-d domain = name of domain to connect to
-t seconds = number of seconds to try to authenticate (%d sec)
-e [all | any] = all: process all then return (default) | any: return immediately if any fails
-u = prompt for username and password on connect failure
-r = reconnect existing connections
returns 0 on success
returns windows system error code on failure
Ping mode (test for valid IP address):
loginw -p [-192.168;172 | +172;10.12.131.17] [-w seconds] [-e any] [-a "file"] [-i] [-v]
-p = test local IP address
-nnn;nnn... = test with exclude list (eg. -169;192.168)
+nnn;nnn... = test with include list (eg. +192.168;169;172.16.100.100)
-w seconds = number of seconds to try to test (%d sec)
-e [all | any] = all: process all then return | any: return immediately if any fails (default)
-a [file] = write adapter list to file; if file is empty write to screen
-i = return ip (32 bit signed value) on success, 0 on failure
returns 0 on success
returns 1 if no ip address could be bound to an existing adapter
returns 2 if no adapters were found
IP mode (return IP address):
loginw -i [-w seconds] [-a "file"]
-i = return IP address
-w seconds = number of seconds to try to get address (%d sec)
-a [file] = write adapter list to file; if file is empty write to screen
returns the ip address (32 bit signed value) on success
returns 1 if no ip address could be bound to an existing adapter
returns 2 if no adapters were found
Generate password file mode:
loginw -g "username:password" [-f "pwlFile"]
-g username:password = username and password
-f pwlFile = file to generate; if missing use username as filename
returns 0 on success
returns 1 on invalid or missing username
returns 2 on error
All modes:
-v = verbose mode (show message boxes on failure)
This code goes along with the .bat file that was trying to use these commands to push a .pwl file (found on the same machine) to a server on our network. I tried to be a bit cryptic on my last post saying "what would we need to unblock on a firewall to make loginw.exe work" but it seems that that .exe uses basic ports that wouldn't be possible to block on most networks without disrupting all other services. Is there a way to block this that any of you may know of?