Command Execution

Command Execution Methods

The following methods support command execution and running modules on target systems:

MSSQL (Need SYSADMIN on Instance)
SMB
SessionHunter (WMI)
WinRM
WMI

All currently supported command execution methods support the -Command parameter. The command parameter can be appended to the above Authentication Types to execute given commands as a specified or current user.

PsMapExec -Targets All -Method [Method] -Command [Command]

Module Execution

All currently supported command execution methods support the -Module parameter. The module parameter can be appended to the Authentication Types to execute given modules as a specified or current user.

Authentication Types

When -Command and -Module are omitted, PsMapExec will simply check the provided or current user credentials against the specified target systems for administrative access over the specified method.

Current user

PsMapExec -Targets All -Method [Method]

With Password

PsMapExec -Targets All -Method [Method] -Username [Username] -Password [Password]

With Hash

PsMapExec -Targets All -Method [Method] -Username [Username] -Hash [RC4/AES256]

With Ticket

PsMapExec -Targets All -Method [Method] -Ticket [doI.. OR Path to ticket file]

Local Authentication (WMI and MSSQL only)

PsMapExec -Targets All -Method WMI -Username Administrator -Password Password -LocalAuth

PreviousMethods NextDCSync

Last updated 8 months ago

hashtagCommand Execution Methods

hashtagModule Execution

hashtagAuthentication Types

hashtagCurrent user

hashtagWith Password

hashtagWith Hash

hashtagWith Ticket

hashtagLocal Authentication (WMI and MSSQL only)