🌋Lateral Movement and Pivoting

Lateral movement with Psexec

• Ports: 445/TCP (SMB)

• Required Group Memberships: Administrators

PsExec uses Windows administrative shares (like \\<RemoteComputer>\ADMIN$) to copy an executable file (PSEXESVC.exe) to the remote machine. This service handles the execution of the desired command.

Once the PSEXESVC.exe service is running on the remote system, PsExec executes the specified command or application. It then redirects the output back to the local machine, allowing you to see the results as if you were running the command locally.

• Basic syntax:

psexec \\<RemoteComputer> -u <Username> -p <Password> <Command>

• Example:

psexec \\RemotePC -u Admin -p Password123 ipconfig