PsExec and xCmd

Question

I've recently come into a bit of confusion regarding PsExec and xCmd. It would be great if someone here could help clear this up, preferably with some form of external reference to given for validation.

I understand that PsExec and xCmd are tools that can be used to execute commands remotely on a system. However, not having much experience with these tools myself, I'm a bit confused as to their nature and capabilities.

• Does one tool need the other to function, or are they completely separate?
• How do they compare in terms of features?
• How do they compare in terms of security?
• How do they compare in terms of their method of operation?

Answer 1

To answer your questions:

• Both tools are completely separate and independent. xCmd is meant to be an open source clone of psexec.
• xCmd and psexec are similar in terms of featuresets.
• The commands themselves take advantage of you having permission to create services on the remote server. They take advantage of you having permission to do something. Since they are not daemons, you can't really compromise them like for example a web server. However, there are other attack vectors that such a program is vulnerable. In the case of PsExec, it is written by windows security expert Mark Russinovich. In the case of xCmd, its open source and pretty popular. Both of these facts give me the confidence that they are generally well vetted.
• Basically they both perform the same task in the same way. They create a temporary service on a remote machine to execute a remote process. This method was chosen because in NT 4.0 there was no other method to execute processes remotely built into windows.