FreeSSHd and Administrator Rights

Here's a fun problem I ran into the other day. I needed SSH on a Windows server, and until Server 2016 comes along and offers native SSH, I'm stuck with third party utils, on a domain controller no less. Not an ideal situation, but it is what it is. FreeSSHd seems to be one of the more popular and easy to setup programs, and I've used it before for personal servers.

The issue lies in the way it seemingly checks for Administrator level. Apparently it doesn't check if the user has administrator rights, or is an administrator, it checks if you are "Administrator", as in that user, punctuation and all (third paragraph here). I'm not sure this is 100% correct because, prior to promoting the domain controller, I simply launched the program as administrator and it worked fine. However, once the server was promoted, and local accounts disappeared, I started seeing this behavior.

I think the "Administrator" account checking had been fixed somewhat in a more recent release, but it was still looking for a local account. Being a domain controller, there were no longer any local accounts, administrator or not, and the check started failing. That's my guess anyway.

There's several blogs I found that gave the same answer for fixing this. This one won't contain anything new, other than the correct address space for the newest freeSSHd version, which is incorrect in the others (or at least not the same as mine).

The best way, for future reference, to find the address was given by a comment on one of those blogs, thanks Dipen Parekh, whoever you are.

Hi Friends, Please ensure that the module at top says FreeSSHD and not ntdll or any other module. To change the module press Alt+E and select the FreeSSHDService.exe module, generally the first one in the list. Easier way to find the Address in this module is to right click and Search for-->All referenced text strings, a new window opens, here right click and "Search for text" then search for the text "Tray icon shown (admin logged in)", note down this address, go back to the main window and then search for the noted address and then scroll up 4 lines and you will find the address with value of 74 49 or 74 56, change this to 90 90 and follow the rest of the steps.

This should allow you to find the address on your own, in the event it moves in the future. As of right now the current version of freeSSHd is 1.3.1 and the address is 002E333E

Lets take this from the top

  1. Download
  2. Open freeSSHDService.exe in OllyDbg
  3. Press Alt+E and select the FreeSSHDService.exe module (first one on the list)
  4. Right click in the box and click Search for -> All referenced text strings.
    a. A new window will open
  5. In the new window, in the new window right click and select Search for text, enter "Tray icon shown (admin logged in)".
  6. Note the address here, in 1.3.1 it's 002E3349
  7. Go back to your main window and press CTRL+G, enter this address.
  8. Scroll up 4 lines, the address in 1.3.1 is 002E333E, it should read 74 56
  9. Right click on this address and select Binary -> Edit
  10. Change the HEX +00 field (bottom box) to 90 90, click ok
  11. Right click on the modified addresses, select Copy to executable -> Selection
  12. Right click in the resulting window and select Save File
  13. Overright the existing FreeSSHDService.exe

You should now be able to launch the app.