Pin Me

PSExec: Free Security Testing and System Management Tool

written by: Tom Olzak, CISSP•edited by: Ronda Bowen•updated: 7/4/2011

PSExec is a free Sysinternals utility. With it, system administrators can manage remote desktops via scripts or command line. Security analysts can use it to test system vulnerabilities.

  • slide 1 of 2

    The Challenge

    System administrators and help desk personnel often need access to perform a quick lookup on a remote system. They might also want to check system status during script operation to determine if a required file or application exists and copy it to the target computer if it does not. On the other hand, security analysts want to know if devices are vulnerable to these activities when attempted by unauthorized personnel. A useful tool for both challenges is PSExec, a utility from Microsoft Sysinternals. It is part of the PSTools suite, a free downloadable collection of security applications.

  • slide 2 of 2

    PSExec

    PSExec is run from the command line. It's long list of optional parameters allow a great deal of flexibility. Click the following image to see the parameters and a short description of their use.Figure 1: PSExec Parameters Essentially, PSExec runs an application within the security context of either the currently logged on user or as a user provided during program initialization. The application shows up on the administrator's system without any notification to the remote user.

    I conducted a short test on my test network. Using a Vista Home Ultimate desktop system, I attempted to run CMD.exe on my Windows XP SP2 laptop. It worked as advertised. Enlarge the following image to view the command line and the results as they appeared on my desktop. Note the remote system name and command executed in the upper left corner. A PSExec parameter can be used to shut down interactive sessions like this, allowing scripts to run unattended.Figure 2: Command Line Again, not only is this a great tool for administrators. It's also a good way to check for system vulnerabilities. Especially since this and other PSTools are integrated into malware from time to time. According to a note on the PSExec page,

    Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.