Next step to privilege escalation is executing commands and programs on compromised system I.e performing remote administration task. The task of executing commands and programs remotely on any system is known as remote administration. For a hacker it is quite necessary to administer remote system without installing any remote administration tool specially those which appear in process list and task manager.
Such functionality is only provided by command line tool and hence no matter how powerful and functional a graphical tool may appear a hacker will surely prefer a command line tool to do his/her job. Here we will consider both graphical as well as command line remote command and program execution tools but still preference will always be given to command line utilities.
Pstools is set of several tools that are created for remote execution. They work equally on Windows 2K, XP, NT 4.0 and server 2003. What sets these tools apart is that they allow you to manage remote as well as local system that too without any installation of third party software. Please note that some anti-virus programs report that some or all tools in Pstools are infected with RAT or remote admin virus. But none of these tools is infected, in fact many viruses use pstools in background for operation, hopefully if I retain this when I’ll create a post on creating your own virus programs I’ll surely cover using pstools in scope. Tools is pstools list include,
* PsExec – execute processes remotely
* PsFile – shows files opened remotely
* PsGetSid – display the SID of a computer or a user
* PsInfo – list information about a system
* PsKill – kill processes by name or process ID
* PsList – list detailed information about processes
* PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
* PsLogList – dump event log records
* PsPasswd – changes account passwords
* PsService – view and control services
* PsShutdown – shuts down and optionally reboots a computer
* PsSuspend – suspends processes
* PsUptime – shows you how long a system has been running since its last reboot (PsUptime’s functionality has been incorporated into PsInfo)
Ok the list is very big to cover but we can cover basic usage. And be sure what I ll cover about them is sufficient. For more information refer compiled HTML help script of tool.
If system is local
C:\tools\PsTools>psexec.exe cmd winver
If system is remote system
toolname IP_address options
C:\tools\PsTools>psexec.exe 192.168.248.128 cmd winver
If system is domain system
toolname IP_Address,hostname options
C:\tools\PsTools>psexec.exe 192.168.248.128,demo cmd winver
If system asks for user name and password
toolname IP_Address -u user_name -p password options
C:\tools\PsTools>psexec.exe 192.168.248.128 -u demouser -p 12345 cmd winver
It is light weight graphical remote program execution tool. Not as much robust as pstools but can execute programs in remote with ease. Requires IP address, Domain, user name and password.
Alchemy Remote Executor:
It is a network and system management tool that permits Network administrators to execute other programs on remote network computers and display the program execution result on their own system.