Named Pipes
Windows has a mechanism called "named pipes" for inter-process communication (IPC) βοΈ. It works even if the processes are:
- Executed by different users
- Executed on different machines
One process creates the pipe and clients connect to it. You can list every pipe host on your machine using:
PS> gci \\.\pipe\
You can list named pipes on which you have write access:
PS> .\accesschk.exe /accepteula -w \pipe\* -v
You can list the permissions you have on a named pipe using:
PS> .\accesschk.exe /accepteula \\.\Pipe\lsass -v
β‘οΈ Look for exploits/PoC to try to exploit them.