March 27th, 2003, 09:51 PM
I have just discovered a new version of PSTools has been released (I previously had v1.31).
For those who dont know it, it can perform the following on remote NT/2K systems:
PsExec - execute processes remotely
PsFile - shows files opened remotely
PsGetSid - display the SID of a computer or a user
PsKill - kill processes by name or process ID
PsInfo - list information about a system
PsList - list detailed information about processes
PsLoggedOn - see who's logged on locally and via resource sharing (full source is included)
PsLogList - dump event log records
PsPassswd - changes account passwords
PsService - view and control services
PsShutdown - shuts down and optionally reboots a computer
PsSuspend - suspends processes
I think that the remote host needs the server service running, as well as NETBIOS listening, and of course, you need to know the relevant account details.
Tools like this reinforce the importance of disabling non-essential services on your machine. Although this program can be helpful for admins, it can also be used for malicious purposes....
[glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]
March 28th, 2003, 07:47 AM
Thanks, now I don't have to write programs to do the same thing. I was just getting started on a ps clone and from there I was going to write a kill clone. Saved me the work
March 28th, 2003, 01:33 PM
I just ran these against one of my employees machines. She didn't even know I was there....<s> These are great tools for forensics because they can dump their output to text files and the output is incredibly detailed all without touching the machine.
Good job Soggy
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides