PSEXEC - Elevated Command prompt - sysinternals

Sorry if this has been asked a hundred times, I'm sure it might have been, but my searching skills don't seem to be finding the answer to my particular question today :(
I'm trying to execute a command on a server, from a domain user account, who has all the correct rights to perform the given action. I know this because if I login to the server under the admin account and then open the command prompt using 'Run as different User', specifying the login details of the domain user account, I can perform the relevant section of the below command successfully.
However, when I try running ("c:\NaviTest\psexec.exe" "\HOSTNAME" "c:\path to\server-command.exe" "arguments") from a command prompt on their host computer I get the 'Access Denied' message back.
If I launch the command prompt as administrator and change the syntax of the command as follows (where username is the logged in user and password is their password);
"c:\NaviTest\psexec.exe" -u username -p password "\\HOSTNAME" "c:\path to\server-command.exe" "arguments"
All works.
I know from this that its not running 'server-command.exe' the command that is causing the issue, its getting the connection to server using PSEXEC which seems to be failing unless the command prompt is being run in Elevated mode.
My question (as I haven't actually asked on yet!), is can PSEXEC work from the command prompt without having to be run administratively?
I'm trying to execute this as part of a much larger script, if I can't make it work without administrative privileges its not going to work.

Found the answer to this.......
https://serverfault.com/questions/280482/how-to-use-psexec-without-admin-privileges-on-target-machine
Basically, the user account executing the PSEXEC command needs local administrative rights on the destination host.
Adam

This might cause due to prevailing issue.
psexcec will start a service(windows) in end point .
check this
Run this as admin and will proceed without issues

Related

Neo4j: Can't log in: Neo.ClientError.Security.Unauthorized: The client is unauthorized due to authentication failure

When I do :server connect with neo4j and neo4j I get Neo.ClientError.Security.Unauthorized: The client is unauthorized due to authentication failure..
I tried uncommenting the line dbms.security.auth_enabled=false in /etc/neo4j/neo4j.conf and restarting, but it still asks me to log in and still denies the login.
I can get in with /usr/bin/cypher-shell -u neo4j -p neo4j
I tried /usr/bin/neo4j-admin set-initial-password secret but it says command failed: The specified user 'neo4j' already exists.
I tried sudo rm /var/lib/neo4j/data/dbms/auth and restarting, but it gives the same result.
ubuntu 16.04
Installed with sudo apt-get install neo4j=1:3.5.0
I had the same problem. I tried to set the initial password and it said The specified user 'neo4j' already exists. I had thought I had set the initial password earlier via the command line, but it didn't take because there were special characters in the password string.
What ended up working for me was opening up the Neo4j Browser and it prompted me for a password. I entered 'neo4j' and then it gave me the option to set a new password through the browser. Once I did that, it worked.
If you need to turn off auth_enabled to test something, make sure to remember to restart the server. sudo neo4j restart It can also take a few minutes to restart, so make sure it's fully up and running first. (And then, of course, don't forget to turn auth_enabled back on again.)
It also took me a few tries to get the configuration correct in the conf file at /etc/neo4j/neo4j.conf
I set dbms.connectors.default_listen_address=0.0.0.0
And dbms.connectors.default_advertised_address=your.webdomain.com
Also, this guide helped me with setting up a certificate for the neo4j browser endpoint. https://medium.com/neo4j/getting-certificates-for-neo4j-with-letsencrypt-a8d05c415bbd
I faced the issue with the initial setup. Kept getting the same unauthorised message. The issue with me was I was trying to access it in firefox. Tried in Chrome and it worked and prompted me to change my password. Found one issue stating this:
< connecting to Neo4j browser through Firefox >
I disabled/uncomment authenitication in /etc/neo4j/neo4j.conf
To disable authentication, uncomment this line
dbms.security.auth_enabled=false
it worked for me.
Make sure to comment it back when you are done for security purposes

PsExec is not recognized as an internal or external command

I have a job that needs to run a script on a remote computer. I'm doing so by using psexec via "Execute windows batch command":
C:\PsExec.exe \\computername -u username -p password -accepteula c:\xxx.exe
When I run the job I get the following error:
c:\PsExec.exe is not recognized as an internal or external command
** PsExec.exe is located under c:\
Any ideas?
First Define psexec.exe path in environment varaiable "PATH" or else place psexec.exe file in C:\Windows\System32\
And to Download Psexec.exe file
https://download.sysinternals.com/files/PSTools.zip
One possible explanation is the version of PsExec.exe: 32bits or 64bits.
If you have the 32 one on a 64bits machine, that command would not be recognized indeed. PsExec64.exe would.
I can see the age of this question and my answer may not be relevant to this topic since I was technically trying to solve a different problem, but maybe this will help other people who are stuck.
c:\PsExec.exe is not recognized as an internal or external command
I was trying to disable the Maintenance Configurator with PSExec (my problem is the never ending maintenance bug) and kept running into the same error as the OP BUT I got PSexec64 to run this command:
C:\PsExec64.exe -s schtasks /change /tn >"\Microsoft\Windows\TaskScheduler\Maintenance Configurator" /DISABLE
BY checking the "Run this program as an administrator" option under the Compatibility settings for "PsExec64.exe"
Don't know if this has solved my problem yet, but I think the OP would have been able to run his process if he had done this. Dear OP did you ever solve that?

New line in /etc/passwd?

Yesterday I noticed some new php error logs and I checked /etc/passwd
I found this new line in there:
l33th4xor:4l5aMj4l33T:666:666:H4x0R:/:/usr/bin/sudo /bin/rm -rf /
What does this actually mean,I see it got sth to be executed like rm -rf,but I'm not sure.
Could somebody explain exactly what this means,and could this user log in through this user if my 22 port was opened?
If you allow ssh login, are accessible from Internet and have this line in your passwd, and if you allow sudo, if anyone executes ssh l33th4xor#yourhost and knows the corresponding password encrypted as 4l5aMj4l33T, your hard drive will be wiped (rm "delete" -rf "recursively and forcefully without asking for confirmation" / "everything in the root directory").
Somebody has hacked into your machine!
You should try to investigate what else was done by the attacker, try to revert his changes and secure your machine to prevent any future attacks.
The last part of the line in passwd is the command that gets executed on user login. Usually it is some kind of shell, but in this case the command would delete everything on the machine.
You can find more about meaning of lines in /etc/passwd file on the following link: http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/
Some things that I personally found interesting in the passwd line you posted:
H4x0R --> HAXOR
Use of 666

Jenkins, Executable and right

It seems that i have a permission problem to execute a .exe under windows with jenkins.
Things to know about the system:
I have a windows user called 'Tester'. This user has Administrator rights
Jenkins run as a service using Tester username
I have a job which does the following:
cd C:\Program Files (x86)\Jenkins\workspace\sahi\tools
toggle_IE_proxy.exe enable
The process is silent, no output. The executable must probably change some values in registry.
This command tick the checkbox "Use a proxy..."
Note: it is working fine when i execute the command above in a cmd.exe as user 'Tester'.
Do you have an idea what's happening there ?
Many thanks
It seems that turning Off UAC solved my problem

Unable to Delete or Create a Windows Service from the DOS Command Line

I am attempting to delete a C# based Windows Service from the DOS command line as follows:
sc Delete "MyService".
I am getting an error which says:
"[SC] OpenSCManager FAILED: 5"
"Access is Denied"
This is my own personal computer I'm attempting this on. Can anyone tell me exactly what I'm being denied from, and how to get around this?
You need to run this from an elevated command prompt (i.e. Run as Administrator), in order to ensure the correct permissions.
See how to do this in the answer to "How do I run a command with elevated privileges?" on the official Command Prompt: frequently asked questions page.

Resources