'PsExec'에 해당되는 글 2건
출처 : Room362.com
cash advance money 2011.11.05 05:06
You use the POST module, drop to IRB and run those 4 lines, and bam, you win. With resource files we can automate this a bit more and have it so that we do this effortlessly with any post module.
PsExec (part of PsTools - download PsExec)
Execute a command-line process on a remote machine.
Syntax psexec \\computer[,computer[,..] [options] command [arguments] psexec @run_file [options] command [arguments] Options: computer The computer on which psexec will run command. Default = local system To run against all computers in the current domain enter "\\*" @run_file Run command on every computer listed in the text file specified. command Name of the program to execute arguments Arguments to pass (file paths must be absolute paths on the target system) -a n,n,... Set processor affinity to n. Processors are numbered as 1,2,3,4 etc so to run the application on CPU 2 and CPU 4, enter: "-a 2,4" -c Copy the program (command)to the remote system for execution. -c -f Copy even if the file already exists on the remote system. -c -v Copy only if the file is a higher version or is newer than the remote copy. If you omit the -c option then the application must be in the system path on the remote system. -d Don't wait for the application to terminate. Only use for non-interactive applications. -e Load the user account's profile, don't use with the system account (-s) -i Interactive - Run the program so that it interacts with the desktop on the remote system. -l Limited - Run process as limited user. Only allow privs assigned to the Users group. -n s Specify a timeout s seconds for connecting to the remote computer. -p psswd Specify a password for user (optional). Passed as clear text. If omitted, you will be prompted to enter a hidden password. -s Run remote process in the System account. -u user Specify a user name for login to remote computer(optional). -w directory Set the working directory of the process (relative to the remote computer). -x Display the UI on the Winlogon desktop (local system only). -low, -belownormal, -abovenormal, -high or -realtime These options will run the process at a different priority.
Psexec can also be used to start GUI applications, but in that case the GUI will appear on the remote machine.
Input is passed to the remote system when you press the enter key - typing Ctrl-C will terminate the remote process.
When you specify a username the remote process will execute in that account, and will have access to that account's network resources.
If you omit username the remote process will run in the same account from which you execute PsExec, but because the remote process is impersonating it will not have access to network resources on the remote system.
PsExec does not require you to be an administrator of the local filesystem this can allow UserA to run commands as UserB - a Runas replacement.
Surround any long filenames "with quotation marks"
Launch an interactive command prompt on \\workstation64:
psexec \\workstation64 cmd
Execute IpConfig on the remote system, and display the output locally:
psexec \\workstation64 ipconfig /all
Copy the program test.exe to the remote system and execute it interactively:
psexec \\workstation64 -c test.exe
Execute a program that is already installed on the remote system:
psexec \\workstation64 "c:\Program Files\test.exe"
Run Internet Explorer on the local machine but with limited-user privileges:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
Execute a program under a different user account.
Syntax RUNAS [/profile] [/env] [/netonly] /user:user Program Key /profile Option to load the user's profile (registry) /env Use current environment instead of user's. /netonly Use the credentials specified only for remote connections. /user Username in form USER@DOMAIN or DOMAIN\USER (USER@DOMAIN is not compatible with /netonly) Program The command to execute
Enter the password when prompted.
When you start a program with RunAs /netonly, the program will execute on your local computer as the user you are currently logged on as, but any connections to other computers on the network will be made using the user account specified.
Without /netonly everything will run under the user account specified.
RunAs from Windows Explorer
Select an executable file, Shift-Right-click and select Run As..
This option can be hidden by setting
The error level (%ERRORLEVEL%) returned by RunAs in Windows XP and above: success=0, failure=1
Runas /user:SCOT_DOMAIN\jDoe "mycommand.exe" Runas /profile /user:mymachine\administrator CMD Runas /profile /env /user:SCOT_DOMAIN\administrator NOTEPAD Runas /env /user:jDoe@swest.ss64.com "NOTEPAD \"my file.txt\""
RunAs Reqires the "Secondary Logon" service to be running.
“He who reigns within himself, and rules passions, desires, and fears, is more than a king” - Milton