Jump to content

Capturing PSEXEC's command line output


Duck
 Share

Recommended Posts

I'm attempting to capture the output from the command line tool PSEXEC. I'm using AutoIT to run an instance of PSEXEC against a remote PC to audit Local Admins in my environment using net.exe (C:\Windows\System32> net localgroup administrators). However the usual trick I use to capture command line output does not appear to work well with PSEXEC, as the bottom portion of the output is missing from the return. Any ideas or recommendations are greatly appreciated.  

 

Here is what I'm working with: 

;This script will read from a list of hosts and report who has local admin privileges on the machine
#RequireAdmin

Global $fileName = @ScriptDir & '\test.txt' ;hostlist, one host per line

readHostList()

;Read list of hosts
Func readHostList()
    Local $file = FileOpen($fileName, 0)

    While 1
        $line = FileReadLine($file)
        If @error = -1 Then ExitLoop
        ConsoleWrite($line & @CRLF)
        ;MsgBox(0,0,$line)
        getLocalAdmins($line)
    WEnd

    FileClose($file)
EndFunc

;run PSEXEC to list local admins
Func getLocalAdmins($remotePC)
    Local $testFile = @ScriptDir &'\test234.txt'
    FileOpen($testFile, 1)
    Local $psexec = 'psexec \\' & $remotePC & ' net localgroup administrators'
    FileWriteLine($testFile, _RunCmd($psexec) )
    FileClose($testFile)
EndFunc

;Used to return CLI output
Func _RunCmd($sCommand)
    Local $nPid = Run(@Comspec & " /c" & $sCommand, @SystemDir, @SW_Hide, 8), $sRet = ""
    If @Error then Return "ERROR:" & @ERROR
    ProcessWait($nPid)
    While 1
        $sRet &= StdoutRead($nPID)
        If @error Or (Not ProcessExists ($nPid)) Then ExitLoop
    WEnd

    Return $sRet
EndFunc

 

## If i manually run the command on the remote PC via PSEXEC I will get the following output: 

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Starting net on PCNAME... on PCNAME...
net exited on PCNAME with error code 0.

-------------------------------------------------------------------------------
admin
Administrator
Alias name     administrators
Domain\Domain Admins
Comment        Administrators have complete and unrestricted access to the computer/domain
Members
The command completed successfully.

 

## The returned output from running the above script is as follows:

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Alias name     administrators
Connecting to PCNAME...

Starting PSEXESVC service on PCNAME...

Connecting with PsExec service on PCName...

Starting net on PCNAME..

net exited on PCNAME with error code 0.

 

**Note to test this script PSEXEC must be in the system dir or the path in the script changed 
PSEXEC tool: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...