this post was submitted on 20 Apr 2024
978 points (97.3% liked)

linuxmemes

20880 readers
6 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 11 points 7 months ago (1 children)

Also please pre-install the sysinternals suite, thanks

[–] [email protected] 11 points 7 months ago (2 children)

Psexec can be pretty dangerous. Psexec.exe -i -s gives you access to the NTAUTHORITY/SYSTEM account, which is higher than Administrator. One time at work I was trying to do something and was getting permission denied so I decided to use that to get around the problem, I got to spend the afternoon talking to our security administrator because he got a bunch of alerts from our antivirus.

[–] [email protected] 15 points 7 months ago

Well that was the mistake. The first thing you do with SYSTEM is disable the security software.

[–] [email protected] 5 points 7 months ago (1 children)

Never thought about that, but since these tools just work, when you copy them to your PC.... how does psexec do that? It'd either need you to be an administrator (and then it's not really a privilege escalation as you could have registered any program into the task scheduler or as a service to run as SYSTEM) or it'd need a delegate service, that should only be available when you use an installer - which again wasn't was has been done when just copying the tool.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

You need Administrative permissions for psexec. It uploads a file to the target computer's \admin$ share (just C:\Windows) and starts a service to execute it. Services run as SYSTEM so that's why you get those privileges.

(Hah, I forgot your message while typing mine and just copied you :)

Edit: fixed c$ to admin$

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago) (1 children)

I found a blog post outlining exactly that. If you use it locally, it will install and start a service temporarily. That service runs as SYSTEM and invokes your command. To succeed, you need to be a local administrator.

If you try the same remote, it tries to access \\remote-server-ip\$admin and installs the service with that. To succeed your current account on your local machine must exist on the remote machine and must be an administrator there.

So in short: It only works, if you've already the privilege to do so and the tool itself is not (ab)using a privilege escalation or something like that. Any hacker and virus may do the very same and doesn't need psexec - it's just easier for them to use that tool.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

Thank you for clearing it up!

And regarding your assessment: Exactly!