PsExec 是 Sysinternals 工具套件的一部分,它是一组用于管理和排除 Windows 系统故障的实用程序。
它非常适合在目标机器上远程执行指令。
注意:一些AV将PsExec检测为“远程管理员”病毒。
安装:(PowerShell)
Invoke-WebRequest -Uri 'https://download./files/PSTools.zip' -OutFile 'pstools.zip'
Expand-Archive -Path 'pstools.zip' -DestinationPath '$env:TEMP\pstools'
Move-Item -Path '$env:TEMP\pstools\psexec.exe' .
Remove-Item -Path '$env:TEMP\pstools' -Recurse
使用方法:
# Prevent the license agreement from being displayed
psexec.exe /accepteula
# Run the 'hostname' command on remote machine
psexec.exe \\REMOTECOMPUTER hostname
# Run the 'hostname' command on EVERYTHING (on the domain)
psexec.exe \\* hostname
# Run a local executable on a remote machine
psexec.exe \\REMOTECOMPUTER -c C:\Tools\program.exe
# Run the 'hostname' command with different credentials
psexec.exe \\REMOTECOMPUTER hostname -u localadmin -p secret-p@$$word
# Spawn shell on remote machine
psexec.exe -s \\REMOTECOMPUTER cmd