Impacket Deep Dives Vol. 1: Command Execution

Shelling a lab machine with Impacket’s Psexec.py

Psexec.py

How it works

Using Psexec.py

Using psexec.py to get a SYSTEM shell on a Windows host with credentials

Other cool features

Uploading Invoke-Mimikatz.ps1 with Psexec.py

Dcomexec.py

How it works

Using Dcomexec.py

Smbexec.py

How it works

Using Smbexec.py

Getting a semi-interactive NT AUTHORITY/SYSTEM shell with Smbexec.py

Wmiexec.py

How it works

Using wmiexec.py

Running a command with Wmiexec.py

Atexec.py

How it works

Using atexec.py

Using Atexec.py to execute a command

Bonus: Mssqlclient.py and xp_cmdshell

The xp_cmdshell

sp_start_job

Using xp_cmdshell and sp_start_job

mssqlclient.py SQL_USER:SQL_PASS@RHOST
SQL> enable_xp_cmdshell
SQL> disable_xp_cmdshell
SQL> xp_cmdshell SOMECOMMAND
SQL> sp_start_job SOMECOMMAND

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kyle Mistele

Kyle Mistele

117 Followers

Student, hacker, OSCP. My other computer is your computer.