Introduction:
PsExec is a command-line tool or you can say a portable tool that allows us to access the remote machine(s) where we can execute the processes on the remote machine and redirect the output of the processes to the local machine. This tool is the Microsoft Sysinternals PsExec tool.
Purpose:
The purpose of this tool is to handle or manage the applications and processes which are running on the remote machine. It is very flexible with the PsExec tool in order to monitor the process’s operations and manage them accordingly. We can manage devices separated by domain and site boundaries. The tool PsExec executes programs on a remote machine, but it can also redirect console input and output between systems so that you can use interactive tools remotely.
Syntax:
psexec \\computer[,computer[,..] [options] command [arguments]
psexec @run_file [options] command [arguments]
Options:
Arguments: Arguments to pass (file paths must be absolute paths on the target system)
-d Don’t wait for the application to terminate.
Only use for non-interactive applications.
-e Do NOT load the specified account’s profile.
(In early versions of PSEXEC: Load the user account’s profile, don’t use with -s)
-f Copy the specified program even if the file already exists on the remote system.
-h Run with the account’s elevated token, if available. (Vista or higher)
-i Interactive – Run the program so that it interacts with the desktop on the remote system.
If no session is specified, the process runs in the console session.
-l Limited – Run process as a limited user. Run with Low Integrity.
Strips the Administrators group and allows only privileges assigned to the Users group.
-n s Specify a timeout (s seconds) for connecting to the remote computer.
-p psswd Specify a password for the user (optional). Passed as clear text.
If omitted, you will be prompted to enter a hidden password.
-r The name of the remote service to create or interact with.
-s Run remote process in the SYSTEM account (use with caution).
-u user Specify a user name for login to a remote computer(optional).
-v Copy the specified file only if it has a higher version number or is newer than the one on the remote system.
-w directory Set the working directory of the process (relative to the remote computer).
-x Display the UI on the Winlogon desktop (local system only).
PsExec Command Examples:
Here are a few examples of how to use PsExec to do things like run remote Command Prompt commands, manage Windows Services.
In the first example: we are going to execute commands on a remote machine, for this we need to have the system Hostname or IP address, username, and password of the remote machine. I have written the complete command syntax below.
psexec [Host_name or IP] [options] [command] [command_arguments]
The actual command is given below:
$ psexec \\192.168.1.64 -u admin -p123123 ipconfig
In the above command, we are executing the command “ipconfig” to get network and hardware related information on a remote machine that has IP address 192.168.1.64, Username is admin and password is 123123.
In the second example: we are going to execute commands on a remote machine in order to execute the GUI application like a notepad. Notepad is the default GUI application of the Window Operating System. For this check the below command:
$ psexec \\192.168.1.64 -u admin -p 123123 -i notepad.exe
Now you are able to open notepad applications on remote machines.
In the third example: we are going to create an interactive shell on the remote machine. Psexec connects to the remote machine and gives us an MS-DOS shell. In order to get a remote shell, we will provide cmd.exe command in the remote system.
$ psexec \\192.168.1.64 -u admin -p 123123 cmd.exe
If you have skills in PHP programming and you want to enhance your career in this field, a PHP certification from StudySection can help you reach your desired goals. Both beginner level and expert level PHP Certification Exams are offered by StudySection along with other programming certification exams.
