this post was submitted on 20 Apr 2024
977 points (97.1% liked)

linuxmemes

21378 readers
1357 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] 0xD@infosec.pub 3 points 7 months ago* (last edited 7 months ago) (1 children)

    You need Administrative permissions for psexec. It uploads a file to the target computer's \admin$ share (just C:\Windows) and starts a service to execute it. Services run as SYSTEM so that's why you get those privileges.

    (Hah, I forgot your message while typing mine and just copied you :)

    Edit: fixed c$ to admin$

    [–] elvith@feddit.de 3 points 7 months ago* (last edited 7 months ago) (1 children)

    I found a blog post outlining exactly that. If you use it locally, it will install and start a service temporarily. That service runs as SYSTEM and invokes your command. To succeed, you need to be a local administrator.

    If you try the same remote, it tries to access \\remote-server-ip\$admin and installs the service with that. To succeed your current account on your local machine must exist on the remote machine and must be an administrator there.

    So in short: It only works, if you've already the privilege to do so and the tool itself is not (ab)using a privilege escalation or something like that. Any hacker and virus may do the very same and doesn't need psexec - it's just easier for them to use that tool.

    [–] 0xD@infosec.pub 1 points 7 months ago* (last edited 7 months ago)

    Thank you for clearing it up!

    And regarding your assessment: Exactly!