SANS Penetration Testing: Tag - nmap

SANS Penetration Testing:

A Penetration Tester's Pledge

by Ed Skoudis

Over the weekend, I was thinking about the wonderful psexec capabilities of tools like Metasploit, the Nmap Scripting engine smb-psexec script, and the psexec tool itself from Microsoft Sysinternals. It's my go-to exploit on Windows targets, once I have gained SMB access and admin credentials (username and password, or username and hash for pass-the-hash attacks). It works on a fully patched Windows environment, giving you code execution with local system privileges of a program or Metasploit payload of your choice. That's especially helpful in a penetration test once you gain access to an internal network that is relatively well patched. We talk a lot about how to leverage this capability creatively and effectively in my SANS 560 course on Network