← 返回命令列表

Linux command

impacket-psexec 命令

文件

复制后可按需替换文件名、目录或参数。

常用示例

Execute command on remote host

impacket-psexec [domain]/[user]:[password]@[target] [command]

Get interactive shell

impacket-psexec [domain]/[user]:[password]@[target]

Use NTLM hash instead of password

impacket-psexec -hashes :[hash] [domain]/[user]@[target]

Specify service name

impacket-psexec -service-name [name] [domain]/[user]:[password]@[target]

说明

impacket-psexec executes commands on remote Windows systems via SMB. Part of the Impacket toolkit. Works by uploading a service executable to ADMIN$ share and using Service Control Manager to start it. Requires administrator credentials. Used for authorized penetration testing and system administration.

参数

-hashes _LMHASH:NTHASH_
Use NTLM hashes for authentication (LM hash may be empty).
-k
Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME).
-no-pass
Don't ask for password (useful with -k).
-aesKey _HEX_
AES key for Kerberos authentication (128 or 256 bits).
-dc-ip _IP_
IP of the domain controller.
-target-ip _IP_
Target IP (overrides target hostname resolution).
-service-name _NAME_
Name for the SMB server share.
-remote-binary-name _NAME_
Custom remote binary name on target (default: random).
-codec _CODEC_
Output codec used to decode remote stdout (default: locale-aware).
-debug
Enable verbose debug output.

FAQ

What is the impacket-psexec command used for?

impacket-psexec executes commands on remote Windows systems via SMB. Part of the Impacket toolkit. Works by uploading a service executable to ADMIN$ share and using Service Control Manager to start it. Requires administrator credentials. Used for authorized penetration testing and system administration.

How do I run a basic impacket-psexec example?

Run `impacket-psexec [domain]/[user]:[password]@[target] [command]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -hashes _LMHASH:NTHASH_ do in impacket-psexec?

Use NTLM hashes for authentication (LM hash may be empty).