https://github.com/MzHmO/psexec_noinstall

Repository contains psexec, which will help to exploit the forgotten pipe
https://github.com/MzHmO/psexec_noinstall

Last synced: 5 months ago
JSON representation

Repository contains psexec, which will help to exploit the forgotten pipe

• Host: GitHub
• URL: https://github.com/MzHmO/psexec_noinstall
• Owner: MzHmO
• Created: 2023-02-20T10:25:29.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2024-11-05T10:50:56.000Z (about 1 year ago)
• Last Synced: 2024-11-21T18:38:56.528Z (about 1 year ago)
• Language: Python
• Homepage:
• Size: 9.77 KB
• Stars: 163
• Watchers: 4
• Forks: 23
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - MzHmO/psexec_noinstall - Repository contains psexec, which will help to exploit the forgotten pipe (Python)

README

          
# psexec_noinstall

The repository contains psexec, which will help to exploit the forgotten pipe

Have a non-genius administrator connect using PsExec to the host:

![изображение](https://user-images.githubusercontent.com/92790655/220080852-9588a359-b413-4b75-86ef-dc177aa59f55.png)

We discovered this when we saw the RemCom_Communication bundle. This one is standard for PsExec

![изображение](https://user-images.githubusercontent.com/92790655/220081012-c10148d6-4aef-4951-86b8-efe769d52fb7.png)

Using psexec_noinstall, it is possible to connect to this pipeline as any low-privileged user, since the DACL of the pipeline allows this:

![изображение](https://user-images.githubusercontent.com/92790655/220081419-fe45e1b0-c57a-4f10-9f61-9b6345443e87.png)

![изображение](https://user-images.githubusercontent.com/92790655/220082245-f3f4c66f-d3c7-4d7b-af5f-07fb69a47ee5.png)

Here's a checker:

https://github.com/beaverdreamer/nxc-modules