Site Overlay

PsExec Simple Tutorial

PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec’s most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems.

 

PsExec can be downloaded from this link:

http://download.sysinternals.com/files/PSTools.zip

 

Then you need to unzip the downloaded PSTools.zip (I usually unzip all my files to Desktop)

Navigate to the zipped folder (Which is “Desktop\PSTools” in my case) and start CMD by writing “cmd” in the address bar

 

Let’s say I want to start CMD on a computer that is on the same domain (Domain.com). Lets say this other computer has the IP address 192.168.100.2 –user name is Administrator –Password is P@ssw0rd

So we write the command:

PsExec.exe \\192.168.100.2 -u Domain\Administrator -p P@ssw0rd cmd

You can run any executable file that is found in C:\Windows\System32”

 

Let’s say you want to run an EXE file (Test.exe) that is not found in the other computer’s “C:\Windows\System32” folder and you don’t want to copy that EXE file to that location.

Well, its also possible by writing the command:

PsExec.exe -i -s -d -c –f \\192.168.100.2 -u Domain\Administrator -p P@ssw0rd Test.exe

 

Detailed explanation:

-i

Run the program so that it interacts with the desktop of the specified session on the remote system.

-s

Run the remote process in the System account.

-d

Don’t wait for process to terminate.

-c

Copy the specified program to the remote system for execution.

-f

Copy the specified program even if the file already exists on the remote system.

 

EXE file is copied to the “C:\Windows” folder and is executed from there.

 

You can also run EXE files in different folder locations. As an example, I want to run “Test.exe” that is inside a folder called “Application on the Desktop

Then:

PsExec.exe -i -s -d \\192.168.100.2 -u Domain\Administrator -p P@ssw0rd C:\Users\Administrator\Desktop\Test.exe

 

Hope you enjoyed this simple tutorial. Thanks

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.