This program is based off of netcat(thanks to Hobbit). This program allows multiple connections while netcat only allows one and is a bit easier to use. Run this program on any NT machine to open a remote shell on any port You can start the program hidden (/h) and also assign it what port to listen on(default is 2323). Type “srvcmd.exe /?” for help. Once the program is listening telnet into the computer on that port and you have a shell(cmd) environment waiting for you. The shell will have the same permissions as the user who started the program. If the shell is started with administrator access, you can do things like add users via the net command:
net user jason password /add
net localgroup “administrator” jason /add
There is now a user account named jason, with password as the password with local administrator access on the remote machine. You can now mount all administrative shares on your machine by running the following commands in a cmd window on your local machine:
net use x: \\remote_computer\c$ password /USER:jason
Of course, there are many other things this is useful for.