PsExec is a SysInternals tool for remotely accessing a Windows host.
Requirements
- Port/Service: 445 (SMB)
- Required Access: remote Administrator (for SMB
ADMIN$
)
From TryHackMe:
How it works
- Connect to Admin$ share and upload a service binary. PsExec uses psexesvc.exe as the name.
- Connect to the service control manager to create and run a service named PSEXESVC and associate the service binary with C:\Windows\psexesvc.exe.
- Create some named pipes to handle stdin/stdout/stderr.