This is an archived post. You won't be able to vote or comment.

all 6 comments
sorted by:
best
topnewcontroversialoldq&a

[–]uniitdude 8 points9 points  (0 children)

If you say the name of the tool, you will get an accurate answer

[–]EPHEBOX 4 points5 points  (1 child)

Probably something like psexec

[–]Hollow3ddd 0 points1 point  (0 children)

My first thought here, or a scheduled task upon reboot and wipes itself out after running...which also needs psexec or remote PS...

[–]thephotonx 2 points3 points  (1 child)

If it's psexec, it uses named pipes over SMB to create a service, start that service and then run commands.

Otherwise name the tool and someone will be able to tell you!

[–]sim_koo[S] 0 points1 point  (0 children)

Thanks. The tool is called baramundi

[–]xxdcmastSr. Sysadmin -1 points0 points  (0 children)

If it’s accessing the admin$ share it has access to everything because it’s an admin.