>From what I'm picking up off the list, psexec sounds very similar to the hacking tool "netcat". Instantiating a remote command prompt on an NT/2000 system, that is basically accessible to anyone who knows it's there, should give everyone the willies. It takes about 10 seconds to fire off an LSASS injector to dump the SAM into a txt which you can then password crack offline, at your leisure! Be very scared!
Ideally, the client/server setup would be more secure in that the listener/agent would only accept connections from the appropriate server (as Dirk mentioned, specified IP, username, password, etc). Nothing is 100% safe but this is a hell of a lot safer. IMHO. Alistair Francis Systems Administrator Comm Express Services SA (PTY) LTD TEL: +27 (0)11 475-5567 FAX: +27 (0)11 475-6238 CELL: +27 (0)84 607-7325 The information contained in this electronic mail message is confidential to the Matragon group of companies and may enjoy legal privilege. The contents are intended solely for the addressee and access thereto by anyone else is unauthorised. Should you not be the intended recipient, kindly delete the message and inform us. Any disclosure, copying or distribution is prohibited and may be unlawful. Please also note that any action taken, or omitted to be taken in reliance on the information contained herein is done at your own risk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Sent: 24 November 2004 09:10 To: [EMAIL PROTECTED] Subject: RE: [SA-list] Remote command as alert The way psexec (probably) works isn't therefore something great. >From my understanding: it copies it self (or part) to the remote system install it as a service starts the service service executes the "commandline" service stops service removes itself service file is deleted For this to work you need not only admin access to the remote system but you also need netbios access to the remote system. With an agent approche all would be done via ONE port (TCP probably) and as such will not require the use of Netbios. Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kurt Buff Sent: Wednesday, November 24, 2004 1:59 AM To: '[EMAIL PROTECTED]' Subject: RE: [SA-list] Remote command as alert Wouldn't necessarily require an agent. See http://sysinternals.com for their psexec utility. All you need is admin rights on the remote box. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Alistair Francis > Sent: Tuesday, November 23, 2004 03:58 > To: [EMAIL PROTECTED] > Subject: RE: [SA-list] Remote command as alert > > > Yup, it would be useful, even though it requires an agent on > the target > machine. The only problem I can see is security. It would need to be > seriously tight, possibly some sort of encrypted key between > server and > agent. If it was as simple as telneting to a certain port on > the target mac > and issuing commands... (shudder!) imagine what a IT savvy disgruntled > employee could do! Are you thinking of a restricted command > set or something > along the lines of a remote command prompt type thing? > > Alistair Francis > Systems Administrator > Comm Express Services SA (PTY) LTD > TEL: +27 (0)11 475-5567 > FAX: +27 (0)11 475-6238 > CELL: +27 (0)84 607-7325 > > The information contained in this electronic mail message is > confidential to > the Matragon group of companies and may enjoy legal > privilege. The contents > are intended solely for the addressee and access thereto by > anyone else is > unauthorised. Should you not be the intended recipient, > kindly delete the > message and inform us. Any disclosure, copying or > distribution is prohibited > and may be unlawful. Please also note that any action taken, > or omitted to > be taken in reliance on the information contained herein is > done at your own > risk. > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Dirk Bulinckx > Sent: 23 November 2004 13:28 > To: [EMAIL PROTECTED] > Subject: [SA-list] Remote command as alert > > > Is the possibility to execute a command on a remote system > (currently only > possible on the system running SA), something that would be > of any help > knowing that for that you would have to have a "remotecommand" service > installed on the system(s) that need to execute those commands. > > Dirk. > > > > > > > ------------------------- > > [This E-mail scanned for viruses by Declude Virus] > > To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] > With the following in the body of the message: > unsubscribe SAlive > > > > > ------------------------- > > [This E-mail scanned for viruses by Declude Virus] > > To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] > With the following in the body of the message: > unsubscribe SAlive > ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
