CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/smb/impacket/dcomexec.md
Views: 1904
Description
A similar approach to psexec but executing commands through DCOM. You can select different objects to be used to execute the commands. Currently supported objects are:
MMC20.Application (
49B2791A-B1AE-4C90-9B8E-E860BA07F889
)
Tested Windows 7, Windows 10, Server 2012R2
ShellWindows (
9BA05972-F6A8-11CF-A442-00A0C90A8F39
)
Tested Windows 7, Windows 10, Server 2012R2
ShellBrowserWindow (
C08AFD90-F2A1-11D1-8455-00A0C91F3880
)
Tested Windows 10, Server 2012R2
Verification Steps
Install Impacket v0.9.17 from GitHub. The
impacket
package must be in Python's module path, soimport impacket
works from any directory.Install pycrypto v2.7 (the experimental release). Impacket requires this specific version.
Start msfconsole
Do:
use auxiliary/scanner/smb/impacket/dcomexec
Set:
COMMAND
,RHOSTS
,SMBUser
,SMBPass
Do:
run
, see the command result (ifOUTPUT
is enabled)
Options
OUTPUT
When the OUTPUT
option is enabled, the result of the command will be written to a temporary file on the remote host and then retrieved. This allows the module user to view the output but also causes it to be written to disk before it is retrieved and deleted.