One of the problems with using PSEXEC from Metasploit (any of the psexec modules) is that it runs as SYSTEM. What’s the problem with that? Isn’t SYSTEM god mode? Ya, and normally I’d agree that it’s the best level to have, but the defenses these days have gotten better, and getting direct connections out is pretty rare. That leaves proxies, and as you know SYSTEM doesn’t get any proxy settings.
Here is a blog post that I made about setting the proxies for SYSTEM but leaving settings like this set is not only sloppy but hard to clean up.
Along comes RunAsCurrentUser-2.0.3.1.exe
more here...................http://www.room362.com/blog/2014/08/14/milkman-creating-processes-as-any-currently-logged-in-user/
Here is a blog post that I made about setting the proxies for SYSTEM but leaving settings like this set is not only sloppy but hard to clean up.
Along comes RunAsCurrentUser-2.0.3.1.exe
more here...................http://www.room362.com/blog/2014/08/14/milkman-creating-processes-as-any-currently-logged-in-user/