Skip to content

My Hacking Notes

Remote Execution Tools

My Hacking Notes

Home
General
General
OSINT
OSINT
- bbot
- File Scraping
Windows / AD
Windows / AD
- Methodology
- External Password Spraying
  External Password Spraying
- Remote Execution Tools Remote Execution Tools
  Table of contents
  - Kerberos usage
  - impacket-tool Basic Usage
- PowerShell Commands
- CMD Commands
- Relay & Coercion
  Relay & Coercion
- Discovery & Audit
  Discovery & Audit
- Privilege Escalation
  Privilege Escalation
- Credential Access
  Credential Access
- Delegation
  Delegation
- Kerberos
  Kerberos
  - Password / Hash / AES -> TGT
  - AS-REP Roast
  - Kerberoast
  - Ticket Forgery
    Ticket Forgery
    
    Golden Ticket
    
    Silver Ticket
  - Knowledge
    Knowledge
    
    Authentication Process
    
    S4U2self and S4U2Proxy
- File Transfer
  File Transfer
  - Download to Windows
  - Upload from Windows
WiFi
WiFi
- Security Testing Tools
- Security Types Overview
- WPA
- WPA2 (Personal)
- WPA2 (Enterprise)
- 802.1X Authentication Methods
- Attacks
  Attacks
  - WPA/WPA2 PSK/PMKID Captures
  - WPS (PIN) Weaknesses
Password Cracking
Password Cracking
- Hashcat
- Wordlists
Miscellaneous
Miscellaneous
- Tmux Configuration
- VLAN Configuration
CTF Walkthroughs
CTF Walkthroughs
- Proving Grounds
  Proving Grounds
  - Cassios
  - Cobweb
  - Muddy
  - Forward

Remote Execution Tools¶

Tool	SPN type	Note
`impacket-smbexec`	`cifs`	Medium noise; service exec; stable SMB shell.
`impacket-psexec`	`cifs`	High noise; drops service; use for reliability.
`impacket-atexec`	`cifs`	Low noise; scheduled task; one-offs.
`impacket-wmiexec`	`HOST`	Low noise; WMI; fileless; needs RPC.
`impacket-dcomexec`	`HOST`	Medium noise; DCOM activation; when WMI blocked.
`evil-winrm`	`HTTP`	Medium noise; PowerShell; use when WinRM enabled.

Kerberos usage¶

Add KRB5CCNAME=user.ccache directly before the command.

impacket-tool Basic Usage¶

Password Authentication

impacket-smbexec -k -no-pass <domain>/<username>:<password>@<host_fqdn>

NT Hash Authentication

impacket-smbexec <domain>/<username>@<host_fqdn> -H '<nt_hash>'

Kerberos Authentication

KRB5CCNAME=user.ccache impacket-smbexec -k -no-pass <domain>/<username>@<host_fqdn>