PAExec does not encrypt the data

poweradminllc / PAExec

Remote execution, like PsExec

523 stars 177 forks source link

PAExec does not encrypt the data #31

Open pawel-kedzior-sw opened 5 years ago

pawel-kedzior-sw commented 5 years ago

As stated in https://github.com/poweradminllc/PAExec/issues/18 and https://www.poweradmin.com/paexec/ PAExec only XOR's data.

Any ideas on how to improve it? Which parts are vulnerable (logging? copying files? remote calls?)

poweradminllc commented 5 years ago

The most important data that needs to be encrypted is the command line passed from the local instance to the remote instance. Remote.cpp, GetDataToSend and the corresponding SetFromReceivedData are the two sides that send and receive the data. This is sent through a named pipe. The only tricky bit is agreeing on a shared key without transmitting that key.

pawel-kedzior-sw commented 5 years ago

Ok, what about the console output from the command? I assume that it also travels over the same pipe.

poweradminllc commented 5 years ago

Oh yes, that's right. stdin, stdout and stderr are redirected each through their own named pipe in ConsoleRedir.cpp, CreateIOPipesInService.