Microsoft Windows Authenticated Administration Utility
This module uses a valid administrator username and password to execute an arbitrary command on one or more hosts, using a similar technique than the "psexec" utility provided by SysInternals. Daisy chaining commands with '&' does not work and users shouldn't try it. This module is useful because it doesn't need to upload any binaries to the target machine.
Module Name
auxiliary/admin/smb/psexec_command
Authors
- Royce Davis [at] R3dy__ <rdavis [at] accuvant.com>
References
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/admin/smb/psexec_command
msf auxiliary(psexec_command) > show actions
...actions...
msf auxiliary(psexec_command) > set ACTION <action-name>
msf auxiliary(psexec_command) > show options
...show and set options...
msf auxiliary(psexec_command) > run
Related Vulnerabilities
Related Modules
- PsExec via Current User Token
- Microsoft Windows Authenticated Logged In Users Enumeration
- Microsoft Windows Authenticated User Code Execution
- Powershell Remoting Remote Command Execution
- Microsoft Windows Authenticated Powershell Command Execution
- Windows Management Instrumentation (WMI) Remote Command Execution