PsExec仅适用于“ runas / netonly”,不适用于-u和-p参数 [英] PsExec works only with "runas /netonly", not with -u and -p parameters
问题描述
我的意思是:
如果我...
-
运行
runas / netonly / user:计算机名\用户名cmd
-
输入本地管理员帐户用户名的密码
-
然后输入
psexec \\计算机名cmd
我现在有一个工作的外壳程序,并且可以以本地管理员用户的身份在远程计算机上运行命令。
但是,尝试在没有运行符的情况下运行 ...,而相反的用户名和密码参数为 psexec
会返回拒绝访问错误。
以下示例:
psexec \\计算机名-u用户名-p密码cmd
访问被拒绝
注意:其他人似乎也有这个问题。 我的提要问题:
- 这是预期的行为吗?
- 为什么还要有
-u
和-p
?
我还尝试在我的机器和目标机器上禁用防火墙,并添加列出的注册表项此处。
与 PsExec.exe
,它会尝试使用您当前通过身份验证的凭据将 PSEXESVC
复制到 \\ $ machine\ADMIN $ \System32
共享 VIA SMB ,从而可以与您的 PsExec.exe进行通信
和 $ machine
的服务。
如果您当前登录的用户帐户没有有权访问 \\ $ machine\ADMIN $ \System32
并具有安装/启动服务的功能,那么此操作将无效。 / p>
我假设,如果您可以使用自己的用户帐户访问该帐户。
这是2004年的一篇非常有趣的文章,内容涉及对原始实现进行逆向工程。我敢肯定,当时Windows 7& amp; Windows 10。
What I mean:
If I...
run
runas /netonly /user:computername\username cmd
enter the password for the local admin account "username"
then type
psexec \\computername cmd
I now have a working shell and can run commands as the local admin user on the remote machine.
However, trying to run this without the runas... and instead with the username and password arguments of psexec
returns an access denied error.
Example below:
psexec \\computername -u username -p password cmd
Access Denied
Note: Others seem to also have this issue. My refined questions:
- Is this intended behavior?
- Why even have the
-u
and-p
?
I have also tried disabling the firewall on both my machine and the target machine, and adding the registry key listed here.
When you initiate a connection with PsExec.exe
, it tries to use the credentials you are currently authenticated with to copy the PSEXESVC
to the \\$machine\ADMIN$\System32
share VIA SMB, which enables the communication with your PsExec.exe
and the $machine
's service.
If your currently logged in user account does not have access to \\$machine\ADMIN$\System32
and the ability to install/start services, then this won't work.
I'm assuming if you have access with your user account that this would work.
Here is a very interesting article from 2004 on reverse-engineering of the original implementation. I am pretty sure it has changed in that time with Windows 7 & Windows 10.
这篇关于PsExec仅适用于“ runas / netonly”,不适用于-u和-p参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!