Leave a comment

PSExec: Free Security Testing and System Management Tool

Written by:  • Edited by: Ronda Roberts
Updated Jul 4, 2011 • Related Guides: Microsoft

PSExec is a free Sysinternals utility. With it, system administrators can manage remote desktops via scripts or command line. Security analysts can use it to test system vulnerabilities.

The Challenge

System administrators and help desk personnel often need access to perform a quick lookup on a remote system. They might also want to check system status during script operation to determine if a required file or application exists and copy it to the target computer if it does not. On the other hand, security analysts want to know if devices are vulnerable to these activities when attempted by unauthorized personnel. A useful tool for both challenges is PSExec, a utility from Microsoft Sysinternals. It is part of the PSTools suite, a free downloadable collection of security applications.

PSExec

PSExec is run from the command line. It's long list of optional parameters allow a great deal of flexibility. Click the following image to see the parameters and a short description of their use.

Figure 1: PSExec Parameters
click to enlarge
Essentially, PSExec runs an application within the security context of either the currently logged on user or as a user provided during program initialization. The application shows up on the administrator's system without any notification to the remote user.

I conducted a short test on my test network. Using a Vista Home Ultimate desktop system, I attempted to run CMD.exe on my Windows XP SP2 laptop. It worked as advertised. Enlarge the following image to view the command line and the results as they appeared on my desktop. Note the remote system name and command executed in the upper left corner. A PSExec parameter can be used to shut down interactive sessions like this, allowing scripts to run unattended.

Figure 2: Command Line
click to enlarge
Again, not only is this a great tool for administrators. It's also a good way to check for system vulnerabilities. Especially since this and other PSTools are integrated into malware from time to time. According to a note on the PSExec page,

Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. None of the PsTools contain viruses, but they have been used by viruses, which is why they trigger virus notifications.

Next Article »
Use SysInternals security utilities to manage network and system security
SysInternals provides free security utilities for managing Microsoft Windows networks and systems. Available for download from Microsoft, they provide a powerful set of applications for oversight and protection of network assets.
 
blog comments powered by Disqus
Enterprise Security
FEATURED AUTHORS
Arun Kumar, MVP Donna Buenaventura Steve Mallard Mojave Media Group
Rhonda Callow Steve McFarlane Tony Bradley Robert Faustus
Most Popular Articles
Email to a friend