UCMDB and UD Practitioners Forum (Previously CMS)

NTCMD - What exactly is it?

Valued Contributor.

NTCMD - What exactly is it?

I need to discover some clustered SQL servers that are installed on Windows servers. Looking at the discovery steps, I need to run 'Host connection by Shell' in order to have a NTCMD CIT created, which I can then hopefully use to discover my clustered server and clustered SQL databases. My windows server admin says the only thing he knows about NTCMD is that it is a trojan variant of sdbot.d.

Which brings me to my question, Just what exactly is NTCMD? If my windows admin is questioning what it is, how do I explain it to him?



P.S. This thread has been moved from Application Perf Mgmt (BAC / BSM) Support and News Forum to CMS and Discovery Support and News Forum. - Hp Forum Moderator

Dmitry Shevchenko
Micro Focus Expert

Re: NTCMD - What exactly is it?

NTCMD is the name of a discovery protocol available with DDM/uCMDB to work with Windows machines. For more details on how NTCMD works you may want to get familiar with some KB articles:



Trusted Contributor.

Re: NTCMD - What exactly is it?

NTCMD was originally a tool written by Zoltan Csizmadia. it was modified by HP R&D (or Mercury/Appilog to be precise) to serve as a replacement for shell login to windows boxes. its best advantage is that it does not require an agent installation such as SSH for windows.
the tool takes advantage of the default ADMIN$ share as well as default netbios service and opens a pipe to a remote CMD shell. it requires administrator privileges and an opened netbios port (default UDP port 137).
BTW: certain spywares and antivirus tools sometimes detect it as a threat, so take it into consideration when proposing it to your client.
If you are using UCMDB 7.5 and above you can install SSH service on our windows boxes and use SSH based discovery instead of NTCMD.
Hope that helped.