969

submitted 5 months ago by smileyhead@discuss.tchncs.de to c/linuxmemes@lemmy.world

104 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] elvith@feddit.de 3 points 5 months ago* (last edited 5 months ago)

I found a blog post outlining exactly that. If you use it locally, it will install and start a service temporarily. That service runs as SYSTEM and invokes your command. To succeed, you need to be a local administrator.

If you try the same remote, it tries to access \\remote-server-ip\$admin and installs the service with that. To succeed your current account on your local machine must exist on the remote machine and must be an administrator there.

So in short: It only works, if you've already the privilege to do so and the tool itself is not (ab)using a privilege escalation or something like that. Any hacker and virus may do the very same and doesn't need psexec - it's just easier for them to use that tool.

[-] 0xD@infosec.pub 1 points 5 months ago* (last edited 5 months ago)

Thank you for clearing it up!

And regarding your assessment: Exactly!

this post was submitted on 20 Apr 2024

969 points (97.1% liked)

linuxmemes

20707 readers

410 users here now

I use Arch btw

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules

Follow the site-wide rules and code of conduct
Be civil
Post Linux-related content
No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

poopsmith@lemmy.world

zephyr@lemmy.world