- 1 year ago
python wmiexec.py(impacket) library to avoid writing files on ADMIN$ share folder
The wmiexec.py
script from the impacket
library is designed to execute commands on remote Windows machines using the WMI (Windows Management Instrumentation) service. By default, the script writes itself to the ADMIN$ share folder on the remote machine to establish a connection. However, if you want to avoid writing files to the ADMIN$ share folder, you can use a different method of execution.
One alternative method is to use the psexec.py
script from the impacket
library, which is specifically designed for executing commands on remote systems without writing files to the ADMIN$ share. Here's how you can use psexec.py
instead:
First, make sure you have the
impacket
library installed. You can install it using pip:pip install impacket
Use the
psexec.py
script with the desired command to execute on the remote machine. For example:bashpython psexec.py administrator@target_host 'net user newuser Password123 /add'
In this example, the script will remotely execute the command
net user newuser Password123 /add
on the target host using the credentials of theadministrator
user.Note that you need appropriate permissions and credentials to execute commands on the remote machine.
By using psexec.py
, you can avoid writing files to the ADMIN$ share folder while still executing commands remotely on Windows machines. Remember to use this method responsibly and ensure you have the necessary permissions to perform the remote operations.