HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

psexec.py — Execute commands on a remote Windows machine using `RemComSvc`, providing PsExec-like functionality.

Submitted by: @import:tldr-pages··
0
Viewed 0 times
clitldrpsexec.pycommand-line
commandcommandswindowsexecutepsexec.pyclimachineremote

Problem

How to use the psexec.py command: Execute commands on a remote Windows machine using RemComSvc, providing PsExec-like functionality. Part of the Impacket suite. More information: <https://github.com/fortra/impacket>.

Solution

psexec.py — Execute commands on a remote Windows machine using RemComSvc, providing PsExec-like functionality. Part of the Impacket suite. More information: <https://github.com/fortra/impacket>.

Spawn an interactive shell on a remote target:
psexec.py {{domain}}/{{username}}:{{password}}@{{target}}


Execute a specific command on a remote target:
psexec.py {{domain}}/{{username}}:{{password}}@{{target}} {{command}}


Copy the filename for later execution, arguments are passed in the command:
psexec.py -c {{filename}} {{domain}}/{{username}}:{{password}}@{{target}} {{command}}


Execute a command from a specific path on a remote target:
psexec.py -path {{path}} {{domain}}/{{username}}:{{password}}@{{target}} {{command}}


Authenticate using pass-the-hash authentication instead of a password:
psexec.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}@{{target}}


Use Kerberos authentication for the target:
psexec.py -k -no-pass {{domain}}/{{username}}@{{target}}


Specify the IP address of the domain controller:
psexec.py -dc-ip {{domain_controller_ip}} {{domain}}/{{username}}:{{password}}@{{target}}

Code Snippets

Spawn an interactive shell on a remote target

psexec.py {{domain}}/{{username}}:{{password}}@{{target}}

Execute a specific command on a remote target

psexec.py {{domain}}/{{username}}:{{password}}@{{target}} {{command}}

Copy the filename for later execution, arguments are passed in the command

psexec.py -c {{filename}} {{domain}}/{{username}}:{{password}}@{{target}} {{command}}

Execute a command from a specific path on a remote target

psexec.py -path {{path}} {{domain}}/{{username}}:{{password}}@{{target}} {{command}}

Authenticate using pass-the-hash authentication instead of a password

psexec.py -hashes {{LM_Hash}}:{{NT_Hash}} {{domain}}/{{username}}@{{target}}

Context

tldr-pages: common/psexec.py

Revisions (0)

No revisions yet.