Open pawel-kedzior-sw opened 5 years ago
The most important data that needs to be encrypted is the command line passed from the local instance to the remote instance. Remote.cpp, GetDataToSend and the corresponding SetFromReceivedData are the two sides that send and receive the data. This is sent through a named pipe. The only tricky bit is agreeing on a shared key without transmitting that key.
Ok, what about the console output from the command? I assume that it also travels over the same pipe.
Oh yes, that's right. stdin, stdout and stderr are redirected each through their own named pipe in ConsoleRedir.cpp, CreateIOPipesInService.
As stated in https://github.com/poweradminllc/PAExec/issues/18 and https://www.poweradmin.com/paexec/ PAExec only XOR's data.
Any ideas on how to improve it? Which parts are vulnerable (logging? copying files? remote calls?)