This technique is good for auditing a users internet explorer history without the user knowing about it.
Step one is to download Internet Explorer History Viewer, "iehv".
http://www.nirsoft.net/utils/iehv.html
Step two, if PSEXEC is not already installed on the management system, install it.
Step three, from the command prompt change directory into the folder containing iehv.exe.
Step four, execute iehv.exe remotely from the target computer, using the executable push feature of PSEXEC. (Note: you will need domain administrator privilege of course).
Example: Psexec –c –s –d \\computername iehv.exe /shtml “c:\data.html” –user username
Username is going to be the target user profile to explore.
Step five, move the data.html file off of their computer and back to your management workstation.
Example: Move \\computername\c$\data.html c:\
Step six, delete the pushed executable.
Example: Del \\computername\c$\windows\system32\iehv.exe
Now you can analyze the data. The only traces left are windows log files showing the PSEXEC service starting.
No comments:
Post a Comment