How to analyze specific data components on a network ?
You could use the PsTools suite to analyze individual files, ID’s, passwords on both the local PC and/or the targeted network/IP.
It can be useful for tracing a Trojan.
The tools included in the PsTools suite are :
- PsExec – execute processes remotely
- PsFile – shows files opened remotely
- PsGetSid – display the SID of a computer or a user
- PsInfo – list information about a system
- PsPing – measure network performance
- PsKill – kill processes by name or process ID
- PsList – list detailed information about processes
- PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
- PsLogList – dump event log records
- PsPasswd – changes account passwords
- PsService – view and control services
- PsShutdown – shuts down and optionally reboots a computer
- PsSuspend – suspends processes
- PsUptime – shows you how long a system has been running since its last reboot (PsUptime’s functionality has been incorporated into PsInfo
Other basic usage :
Start the “notepad” application in the remote user’s session
psexec.exe -s -d -i 0 \\xxx.xxx.xxx.xxx -u xxx -p "xxx" notepad.exe
Change a user password on a remote computer
pspasswd.exe \\xxx.xxx.xxx.xxx -u xxx -p "xxx" xxx xxx
Restart a remote computer
psshutdown.exe -r -t 0 -u xxx -p "xxx" \\xxx.xxx.xxx.xxx
Leave a Reply