Before we begin, you must:
- Install PsTools – https://docs.microsoft.com/en-us/sysinternals/downloads/pstools
- Have administrator access on remote computer
1) Open your text editor of choice and paste the following code:
C:\path\to\PSTools\PsExec.exe \\%1 cmd /c %2
Correct the path for PsExec.exe. Save it as
rce.bat in the
%windir%\system32 folder. If not permitted, save it elsewhere and copy it into the system32 folder manually (will probably show UAC prompt).
Fun fact: RCE is short for Remote Code Execution, typically the holy grail of vulnerability exploits
2) Actually there’s no more steps, you’re done.
Lets try it out. Open cmd.exe and run the following command:
rce computername ipconfig
Note that if the command uses several separated words, you must enclose it with ” ”
rce computername "net stats workstation"
You might also be interested in this other article showing you how to make a sudo-like command for opening an elevated command prompt: