Hey guys, Having some trouble running the PsLoggedon tool in PStools, on some of our graphics stations here. It was working perfectly up until a few weeks ago, now when it is run it is showing every user that has ever logged on with an value as their log on.
Remote Windows PC Enumeration with PSTools. PS Tools is a all in one collection of 13 tools developed by Mark Russinovich. All tools are command line (cmd) based tools that let you execute processes on remote systems and redirect console applications’ output to the local system so that these applications appear to be running locally. These tools are special and are compatible with all windows versions later than NT windows. As it’s a console cmd tools, these tools can work on both local computer and remote host. It doesn’t required any manual installation of software on the remote system to run these tools, and they let you specify alternative credentials to access the remote system. All the tools are tied up using the Ps keyword before all the tools. The “Ps” prefix in PsList relates to the fact that the standard UNIX process listing command line tool is named “ps”, so this prefix has been adopted for all the tools in order to tie them together into a suite of tools named PsTools.
Remote Windows PC Enumeration with PSTools
Sep 18, 2019 The Sysinternals PsExec utility is as ubiquitous as they come in an IT admin arsenal. This tool allows administrators to remotely run commands just as if they were on the local computer. To cover the PsExec tool in depth, it was fitting to cover this coveted tool in an ATA Ultimate Guide. Using tools such as PSExec, it is possible to add or remove user accounts to a remote computer using command line utilities. Using the same tools, we can set that user as a local administrator as well. To get started, navigate to the PsTools Download Page, then download the PsTools Suite. Extract the contents of the downloaded zip file to c. Front-end for PsTools (FePsTools) is a graphical interface around the command line tools from SysInternal’s PsTools. FePsTools gives you an easy way to build the command you need to execute a PsTool utility. While you are clicking and typing the needed options you can see the command line build up.
Download PSTool Kit from https://technet.microsoft.com/en-us/sysinternals/pstools.aspx
PSTools contain following tools in a single kit:
- PsExec – used to execute processes remotely
- PsFile – to show files opened remotely
- PsGetSid – displays the SID of a computer or a user
- PsInfo – lists information about a system
- PsPing – measures network performance
- PsKill – kills processes by name or process ID
- PsList – lists detailed information about processes
- PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
- PsLogList – dumps event log records
- PsPasswd – changes account passwords
- PsService – view and control services
- PsShutdown – shuts down and optionally reboots a computer
- PsSuspend – suspends processes
Lets move on how to use these tools through command prompt.
First of all, open PSTool Kit and to do so open your command prompt and open PSTool kit using cd command.
Note: If you see such dialogue box as shown below, then always click on AGREE to run or else the above commands will not work.
Remote Windows PC Enumeration with PSTools
Get SID
- Once you run PSTool kit, run dir command so that you can see the list of all tools.
- Now, we run a command that will help us use PSGetsid tool in the Tool Kit. The command is:
PSGetsidc64.exe 192.168.1.104 -u administrator -p Ignite@123
- Here,
192.168.1.104 –> our victim’s IP
-u –> denotes username
Administrator –> username
-p –> denotes password
Pstools User Guide Manual
Ignite@123 –> password
System Information
- Will use these commands to execute system information of remote PC.
- Next, we’ll learn about psinfo.exe tool which gives us all the necessary information of the remote PC. To make this tool work type:
psinfo.exe 192.168.1.104 -u administrator -p Ignite@123
Share Folder
This will share folder of remote PC.
- Moving forward, we will now make psfile tool work by typing the following command:
psfile64.exe 192.168.1.104 -u administrator -p Ignite@123
Process Information
This command execution will help to see every single file and directories that are remotely open on the PC of victim.
- We will see this pslist tool and to make it work using the command below:
pslist64.exe 192.168.1.104 -u administrator -p Ignite@123
Services
Psservice.exe which lets us know all the running services on our victims’ PC. The command is:
PsService64.exe 192.168.1.104 -u administrator -p Ignite@123
Log List
This Psloglist.exe tool helps us to see the logs of victim PC. To do so, run the following command.
psloglist.exe 192.168.1.104 -u administrator -p Ignite@123
Change Password
Pspasswd64.exe is the most important tool as it lets us to change the password of a PC. To do, use the command:
pspasswd64.exe 192.168.1.104 -u administrator -p ignite@123 administrator forever
Here,
User Guide Ipad
192.168.1.104 –> our victim’s IP
-u –> denotes username
Administrator –> username
-p –> denotes password
Ignite@123 –> password
Administrator –-> username (specify a user to change)
Remote Connect Shell
PsExec64.exe is another important tool which takes us directly in the shell of victim’s PC. Its command is:
PsExec64.exe 192.168.1.104 -u administrator -p forever cmd
Shutdown
At last, this Psshutdown tool helps us to shutdown remote PC. Just type:
psshutdown.exe 192.168.1.104 -u administrator -p forever
User Guide Definition
It will take 20 seconds to shutdown the PC after you execute the command.
Pstools User Guide List
So, these were tools in the PSTool kit and the commands to run them. These tools really make our work a lot easy and come in handy. That’s all Remote Windows PC Enumeration with PSTools.