Have you heard of them? If not, I suggest you download the suite and start enjoying the benefits that they can bring you (white or black hat).
PSTools are a suite of tools put together by Mark Russinovich. This 1.60MB download includes tools that will allow you to do things such as executing processes remotely, display the SID of a computer or user, kill processes by name or process ID, list detailed information about processes and much more. These tools are available for free from the Microsoft TechNet website and run on Windows XP and higher and Windows Server 2003 and higher. I must warn you, upon execution of some tools your anti-virus software may kick back a false positive. The reasoning behind this is, in the past viruses have used these tools for malicious purposes and as a result some anti-virus vendors have included them in their definition files as a virus.
Here is a list of the tools and a description of their functions that I have obtained from the Microsoft TechNet site:
PsExec – execute processes remotely
PsFile – shows files opened remotely
PsGetSid – display the SID of a computer or a user
PsInfo – list information about a system
PsKill – kill processes by name or process ID
PsList – list detailed information about processes
PsLoggedOn – see who’s logged on locally and via resource sharing (full source is included)
PsLogList – dump event log records
PsPasswd – changes account passwords
PsService – view and control services
PsShutdown – shuts down and optionally reboots a computer
PsSuspend – suspends processes
PsUptime – shows you how long a system has been running since its last reboot (PsUptime’s functionality has been incorporated into PsInfo)
Installation is a piece of cake and it does not require anything special. The download includes a help file with instructions on how to use each of these. If you get more enjoyment out of the command line, you can CD into the directory that contains the tools, and add the “-?” option to the end of the command (tool) that you are interested in running.
For more information and the download, visit http://technet.microsoft.com/en-us/sysinternals/bb896649