I am using paexec in my C# project and I am trying to avoid providing the password using the "-p" command line argument because while paexec is still running anyone using a utility such as Process Explorer from SysInternals could see the password in plaintext as part of the process command line arguments.

Here is my approach number one, including credentials with the ProcessStartInfo object:

        Process p = new Process();
        p.StartInfo.FileName = "paexec.exe";
        p.StartInfo.Arguments = "\\\\remote_system remote_app.exe";
        p.StartInfo.UseShellExecute = false;

        string pw = "password";
        System.Security.SecureString ss = new System.Security.SecureString();
        for (int i = 0; i < pw.Length; i++)
        {
            ss.AppendChar(pw.ToCharArray()[i]);
        }

        p.StartInfo.Domain = "domain_name";
        p.StartInfo.UserName = "administrator";
        p.StartInfo.Password = ss;

        p.Start();
        p.WaitForExit();

With the above code I would get an access denied message.

Approach number two, redirect PaExec IO:

    ProcessStartInfo psi = new ProcessStartInfo("paexec.exe", "\\\\remote_system -u administrator remote_app.exe");
psi.UseShellExecute = false;
psi.RedirectStandardInput = true;

Process p = Process.Start(psi);

StreamWriter inWriter = p.StandardInput;

inWriter.WriteLine("password_here");
p.WaitForExit();

Console.WriteLine(p.ExitCode);

In this case the paexec console window is just blank, and remote_app.exe doesn't get executed.

Has anyone ever able to accomplish this?

asked 04 Dec '12, 17:25

blee's gravatar image

blee
56113
accept rate: 100%


Thanks for the response Doug. After MUCH digging I have found a workaround.

For #1 I got the "access denied" error because my remote_app.exe is located on a network share, and the authentication method I implemented in C# calls for impersonation which doesn't allow network access. As a workaround I used -c -clist to copy remote_app.exe and all other related files from the machine running paexec to the target systems, then executing remote_app.exe locally instead of across the network.

For #2 I was never able to get redirected input to work.

link

answered 17 Dec '12, 14:45

blee's gravatar image

blee
56113
accept rate: 100%

I don't think anyone has tried this before.

For your approach #1, is the user account an administrator? The reason I ask is PAExec (and PsExec) create a temporary service on the target computer, so administrator access is needed to the remote computer.

For #2, I think the password is probably getting appended after the application name, so PAExec is probably stuck without a password (maybe prompting for one?)

Attempt #1 seems like it has the greatest chance for success. Any suggestions for an alternate way to get the password in? A temporary file or registry read might work, but then if PAExec was not allowed to run for some reason, the password would be sitting in the file or registry...

link

answered 06 Dec '12, 09:13

Doug's gravatar image

Doug ♦♦
10.2k122138
accept rate: 21%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×60
×3
×1
×1

Asked: 04 Dec '12, 17:25

Seen: 13,071 times

Last updated: 17 Dec '12, 14:45