Remote Windows PC Enumeration with PSTools

Remote Windows PC Enumeration with PSTools. PSTools comprises a collection of 13 tools, created by Mark Russinovich, designed for remote operation. These tools primarily operate through command line execution, managing applications and process commands on remote devices while redirecting console applications’ output to the local system. This setup makes it appear as though the applications are running locally.

These tools are special in their kind and are compatible with all the windows OS versions later than NT windows. As it’s a console command tools, these tools can work on both local computer and remote host as well. It doesn’t required any manual installation of software on the remote system to run these tools, and they let you specify alternative credentials to access the remote system. All the tools are tied up using the Ps keyword before all the tools. The “Ps” prefix in PsList relates to the fact that the standard UNIX process listing command line tool is named “ps”, so this prefix has been adopted for all the tools in order to combine them together into a suite of tools named PsTools.

Remote Windows PC Enumeration with PsTools

Download PSTool Kit from  https://technet.microsoft.com/en-us/sysinternals/pstools.aspx

PSTools contain following tools in a single kit:

• PsExec – used to execute processes remotely
• PsFile – to show files opened remotely
• PsGetSid – displays the SID of a computer or a user
• PsInfo – lists information about a system
• PsPing – measures network performance
• PsKill – kills processes by name or process ID
• PsList – lists detailed information about processes
• PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
• PsLogList – dumps event log records
• PsPasswd – changes account passwords
• PsService – view and control services
• PsShutdown – shuts down and optionally reboots a computer
• PsSuspend – suspends processes

Lets move on how to use PsTools through command prompt.

Firstly, open up PSTool Kit and to do so open your command prompt and open PSTool kit using cd command.

Note:  If you see such dialogue box as shown below, then always click on AGREE to run or else the above commands will not work.

Remote Windows PC Enumeration with PsTools

Get SID

• Once you run PSTool kit, run dir command so that you can see the list of all tools.
• Now, we run a command that will help us use PSGetsid tool in the Tool Kit. The command is:

          PSGetsidc64.exe \\192.168.1.104 -u administrator -p Ignite@123

• Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

Ignite@123 –> password

System Information

• Will use these commands to execute system information of remote PC.
• Next, we’ll learn about psinfo.exe tool which gives us all the necessary information of the remote PC. To make this tool work type:

psinfo.exe \\192.168.1.104 -u administrator -p Ignite@123

Share Folder

This will share folder of remote PC.

• Moving forward, we will now make psfile tool work by typing the following command:

psfile64.exe \\192.168.1.104  -u administrator -p Ignite@123

Process Inforatmion

This command execution will help to see every single file and directories that are remotely open on the PC of victim.

• We will see this pslist tool and to make it work using the command below:

pslist64.exe \\192.168.1.104 -u administrator -p Ignite@123

Services

Psservice.exe which lets us know all the running services on our victims’ PC. The command is:

PsService64.exe \\192.168.1.104 -u administrator -p Ignite@123

Log List

This Psloglist.exe tool helps us to see the logs of victim PC. To do so, run the following command.

psloglist.exe \\192.168.1.104 -u administrator -p Ignite@123

Change Password

Pspasswd64.exe is the most important tool as it lets us to change the password of a PC. To do, use the command:

pspasswd64.exe \\192.168.1.104 -u administrator -p ignite@123 administrator forever

Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

Ignite@123 –> password

Administrator –-> username (specify a user to change)

Remote Connect Shell

PsExec64.exe is another important tool which takes us directly in the shell of victim’s PC. Its command is:

PsExec64.exe \\192.168.1.104 -u administrator -p forever cmd

Shutdown

At last, this Psshutdown tool helps us to shutdown remote PC. Just type:

psshutdown.exe \\192.168.1.104 -u administrator -p forever

It will take 20 seconds to shutdown the PC after you execute the command.

So, these were tools in the PSTool kit and the commands to run them. These tools really make our work a lot easy and come in handy. That’s all Remote Windows PC Enumeration with PSTools.