Running psexec against a rogue node, with domain admin credentials, will
get your the domain controller pwned (via relay attacks). It sounds like
the agent install is not automatic for remote machines, but in the case
of a manual install against a rogue system, it is an issue.
On Thursday 29 May 2008, Kevin Reiter wrote:
> Another thing to note is the fact that psexec is used for remote tasks.
> psexec lives only on the server, which is located at the MSP's data
> center/NOC, and communications between the agent and the server are
> encrypted. Sniff away..
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on May 29 2008
Intro
