psexec.py : https://github.com/CoreSecurity/impacket

smbexec.py. Another Impacket script. This one is a bit "stealthier" as it doesn't drop a binary on the target system. Commands and output are asynchronous:

wmiexec.py. Yet another awesome Impacket script. Under the hood this one uses Windows Management Instrumentation (WMI) to launch a semi-interactive shell.

CrackMapExec. You can also use CrackMapExec to execute commands on hosts by passing it the "-x" parameter. Since it's built on Impacket's libraries, it's basically doing the exact same thing as wmiexec.py, but let's you do it across a range of IPs:

Using Remote Desktop

rdp_check :to see if you have RDP access, then use Kali's

rdesktop :to connect:

$rdp\\_check and rdesktop to command prompt$

psexec : https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

The service starts the binaryC:\Windows\PSEXECSVC.exe. That directory is actually the ADMIN$ share over SMB. So PsExec performs a few steps to get you a shell:

Copy a binary to the ADMIN$ share over SMB
Create a service on the remote maching pointing to the binary
Remotely start the service
When exited, stop the service and delete the binary

Wmis

Rain Shells - Psexec and the likes

results matching ""

No results matching ""