Analyze Data Components / PsTools

How to analyze specific data components on a network ?
You could use the PsTools suite to analyze individual files, ID’s, passwords on both the local PC and/or the targeted network/IP.

It can be useful for tracing a Trojan.

The tools included in the PsTools suite are :

  • PsExec – execute processes remotely
  • PsFile – shows files opened remotely
  • PsGetSid – display the SID of a computer or a user
  • PsInfo – list information about a system
  • PsPing – measure network performance
  • PsKill – kill processes by name or process ID
  • PsList – list detailed information about processes
  • PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
  • PsLogList – dump event log records
  • PsPasswd – changes account passwords
  • PsService – view and control services
  • PsShutdown – shuts down and optionally reboots a computer
  • PsSuspend – suspends processes
  • PsUptime – shows you how long a system has been running since its last reboot (PsUptime’s functionality has been incorporated into PsInfo

Other basic usage :

Start the “notepad” application in the remote user’s session

psexec.exe -s -d -i 0 \\ -u xxx -p "xxx" notepad.exe

Change a user password on a remote computer

pspasswd.exe \\ -u xxx -p "xxx" xxx xxx

Restart a remote computer

psshutdown.exe -r -t 0 -u xxx -p "xxx" \\

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.