The Sysinternals psexec tool allows you to execute remote code on a Windows box using the Administrative Share (C$). It's part of the pstools package.
You can just run psexec -u Username \\SomeSystem cmd and you get a command prompt on that system, no need to mess with telnet. You can even use it to distribute "batch" files or run something like "gpupdate /force" on remote machines.
Fun with psexec: run the BSOD screensaver on a remote machine :-).
Monday, October 29, 2007
Remote code execution via administrative shares
Subscribe to:
Post Comments (Atom)
2 comments:
Incredible! I use quite a few of Sysinternal's tools but did not know about this one. Thanks for the post!
Interesting to know.
Post a Comment