The Ps Tools from Mark Russinovich are very handy remote administration utilities. However, they all come with one big caveat.
Note that the password is transmitted in clear text to the remote system.
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
Does this only happen when a credential is provided to the tool, like when the account being used locally does not have privileges on the remote system? Or is some form of authenticator (password, token, or hash) always being sent in the clear? If I'm logged in locally with an account that has the necessary privileges on the remote system (and, therefore, don't have to provide my password to the Ps Tool), are my credentials still at risk?
How can I demonstrate this to myself or someone else, like with Wireshark? What filters can I use to isolate the critical packets, and which properties should be shown?