PsExec

In order to create a process on a remote machine via PsExec, we need credentials of a member of the Administrators local group on the remote machine. (which can also be a domain user). Also ADMIN$ share must be available and File and Printer Sharing has to be turned on. (This is the case by default)

PsExec leverages SMB.

PsExec is part of the sysinternal suite. We can download here => https://learn.microsoft.com/en-us/sysinternals/downloads/psexec

This spawns an interactive cmd

./PsExec64.exe -i  \\FILES04 -u corp\jen -p Nexus123! cmd

PreviousWMI & WinRM NextPass-the-Hash

Last updated 2 years ago