Skip to content

Impacket PsExec

The PSExec service then creates a named pipe that can send commands to the system. Psexec.py is a clone of the Sysinternals psexec executable, but works slightly differently from the original. The tool creates a remote service by uploading a randomly-named executable to the ADMIN$ share on the target host. It then registers the service via RPC and the Windows Service Control Manager. Once established, communication happens over a named pipe, providing an interactive remote shell as SYSTEM on the victim host.

Installation

Donwload from: Impacket PsExec -

Basic commands

# Get help 
impacket-psexec -h

# Connect to a remote machine with a local administrator account
impacket-psexec administrator:'<password>'@$ip

# Connect to a remote machine with a local administrator account
psexec.py $domain/$user:$password@$ip
Last update: 2024-12-16
Created: November 28, 2023 21:35:42