PsExec is a SysInternals tool for remotely accessing a Windows host.

Requirements

  • Port/Service: 445 (SMB)
  • Required Access: remote Administrator (for SMB ADMIN$)

From TryHackMe:

How it works

  • Connect to Admin$ share and upload a service binary. PsExec uses psexesvc.exe as the name.
  • Connect to the service control manager to create and run a service named PSEXESVC and associate the service binary with C:\Windows\psexesvc.exe.
  • Create some named pipes to handle stdin/stdout/stderr.