PsExec

This is a tool from the Sysinternals suite and allows users to execute code in remote hosts over port 445 using named pipes. This extracts from its executable image, an embedded Windows service named Psexesvc, copying it to the Admin$ share of the remote system and using the Windows Service Control Manager API to start the service on the remote system.

Ex.

psexec.exe -u DOMAIN\USER -p PASSWORD \\REMOTEIP ”COMMAND”

Or with Impacket:

python psexec.py DOMAIN/USER:PASSWORD@REMOTEIP [CMD]

Last updated