Understanding smb and DCERPC for remote command execution capabilities
问题 I'm trying to understand all the methods available to execute remote commands on Windows through the impacket scripts: https://www.coresecurity.com/corelabs-research/open-source-tools/impacket https://github.com/CoreSecurity/impacket I understand the high level explanation of psexec.py and smbexec.py, how they create a service on the remote end and run commands through cmd.exe -c but I can't understand how can you create a service on a remote windows host through SMB. Wasn't smb supposed to