![]() ![]() Tools: PsExec,exe, psexec.py (impacket), winexe, MSF, smbexec IPC$ is leveraged to create named pipes for input and output which act as a semi-interactive shell. Local administrative privileges are required to push the service binary to the ADMIN$ share, after which an RPC/SVCCTL call creates and starts the remote control service. SysInternalsSuite includes the PsExec binary which is largely credited for developing and leveraging this technique. Another feature often abused by attackers is the use of administrative shares (C$, ADMIN$, IPC$) to push a service binary to a target machine, then start the service for semi-interactive I/O. SMB has been leveraged for file administration on Windows and *nix systems for decades.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |