Hi Forensic Focus,
I am currently trying to simulate an attack using psexec (lateral movement phase) so I can check what detection our IDS will trigger.
Basically, I would like to use psexec to install a malicious file in one of our test machine and I would like to check what detections our IDS will have.
I typed the following commands and was able to get the command shell of the remote machine.
I have shared the network path that contains the malicious file to everyone and tried using the robocopy command to copy the malicious file from my machine to the remote machine but I am getting the access denied error.
I’ve also already tried using xcopy, copy commands but I am still getting the same error. I also already ran cmd as administrator.
Basically, what I would like to accomplish is to install the malicious file remotely from PC A to PC B.
I have been researching on this the whole day.
Any inputs will be appreciated.
Thank you,
BtForensics
It seems like the SOURCE path (not the destination) is not accessible. 😯
Is "Malicious" (without extension) the actual name of the file or is it a folder containing several files?
Try issuing a DIR of the source…
You started the psexec with the -s (as System) parameter, is that what you really want?
Try a Whoami on the remote prompt, to make sure it worked.
Maybe that is the issue and you need to be using a local user account?
jaclaz
Hi Jaclaz,
Thank you for your response.
I was now able to successfully simulate the installation of the malicious file remotely using pxesec.
If anyone is interested, here is the command that I used
psexec \\192.168.66.xxx -u WOURGROUP/COMPUTERNAME -p password -c -s -h "C\Users\chris\Desktop\PsExec\maliciousfile.exe".
Our IDS was able to flag the psexec as well as the file transfer of the malicious file.
Thank you Jaclaz, Forensic Focus!
Regards,
BTForensics