PSEXEC.PY

this is a utility from the impacket framework. with this tool, impacket will create a remote service by uploading a randomly-named executable on the ADMIN$ share on the remote system and then register it as a Windows service. this will result in having an interactive shell available on the remote Windows system via TCP port 445 . Psexec requires credentials for a user with local administrator privileges or higher since reading/writing to the ADMIN$ share is required to upload to the ADMIN$ share. Once authenticated, it will drop you into a NT AUTHORITY\SYSTEM shell. this utility is often preferred in simulated testing environments only as it can be easily detected by the Windows Defender in real-world assessments.

SYNTAX

root@oco:~$ psexec.py -h
root@oco:~$ python psexec.py username:password@{targetIP}

 * if the target doesn't have password, then use the below cmd
    - psexec.py username@{targetIP}

PreviousIMPACKET NextMSSQLCLIENT.PY

Last updated 1 month ago