Get started with PSExec⚒️

Introduction:

What is PsExec?

PsExec is a lightweight telnet replacement that helps you to connect with the remote machine and execute the process with full interactivity for console applications without installing any client software. For example, using PsTool you can launch a command prompt and execute the commands, or you can run the notepad and many more operations on the remote machine.

In this blog, you will learn how to run the notepad on a remote machine using PsExec.

Get started with PsExec

Click here to download PsExec.

Extract the downloaded file and move it to the targeted folder. In my case, it is C:\Users\gowthamk91\PSTools, as shown in the below figure.

Switch to extracted PStools folder and execute the below command to run the command prompt on the remote machine

C:\Users\gowthamk91\PSTools>psexec \\[your system ip] cmd

Now you are in a remote machine, type IpConfig command to get the IP information about the remote system.

Let’s see how to open notepad on the remote machine with PsExec using PowerShell script.

The below PsExec command is used to execute the notepad on remote machine

$remoteComputer = "[remote machine ip]" <#  replace with your target machine public/private IP#>
$command = "C:\users\gowthamk91\pstools\psexec.exe" <# locate PS execute path #>
$username="[remote machine user name]" <# target server username #>
$password="[remote machine password]" <#target server password #>


$arguments = "\\$remoteComputer -u $username  -p $password -i {0} notepad.exe" -f (Get-SessionIdByUsername $remoteComputer $username)

<# Download and install Get-TSSession
 from powershell gallery https://www.powershellgallery.com/packages/PSTerminalServices/1.0 #>


function Get-SessionIdByUsername {
param(
        [Parameter(Mandatory = $true)]
        [string]$ComputerName,
        
        [Parameter(Mandatory = $true)]
        [string]$Username
    )
$sessionInfo = Get-TSSession -UserName $Username -ComputerName $ComputerName | select SessionId
$sessionId=$sessionInfo.SessionId
return $sessionId
}


$commandLine = "$command $arguments"
$scriptPath = "C:\users\gowthamk91\open_notepad.ps1" <# path of this PS file saved #> 

$scriptContent = @"
& {
    `$commandLine = '$commandLine'
    Invoke-Expression `$commandLine
}
"@

$scriptContent | Out-File -FilePath $scriptPath -Encoding ASCII

$arguments = "\\$remoteComputer -u $username -p $password -i {0} notepad.exe" -f (Get-SessionIdByUsername $remoteComputer $username)

-u parameter is to provide the username of the remote machine

-p parameter is to provide the password of the remote machine

-i parameter is to run the program so that it triggers the interactive session. It attempts to run the console applications interactively.

Get-SessionIdByUsername – This function is used to get the current session id of the user on the remote machine and the value will be assigned to the placeholder {0}.

PSTerminalServices 1.0 PowerShell package is used get the session id of the user on the remote machine. Install the package from PowerShell Gallery.

Execute the Powershell script, you can see the notepad opened in the target machine.

Summary:

 We have seen what is PsExec and how to use this lightweight tool to access your remote machine and play with the console application like Notepad just by executing the commands. Finally, we have seen how to open the notepad on a remote machine with interactive mode using the PowerShell script.