In this text, the writer discusses using PsExec in a penetration testing (pentesting) context.
PsExec is a command-line tool that allows the execution of processes on a remote Windows system, using the credentials of any user.
It is a trustworthy Windows utility that is implemented in Python and can be used for ethical hacking or penetration testing.
An attacker would need to use the SMB protocol to authenticate using PsExec and execute commands on a remote system.
The first step in using this attack is to perform a port scan to see if the target system runs SMB and if message signing is required.
If message signing is not required the attacker can then attempt multiple attacks such as executing PsExec, Relay NTLM Attacks, and Pass-The-Hash via SMB.
The most common technique for obtaining credentials involved in this attack is performing an SMB login brute-force attack.
Metasploit has a module for this named auxiliary/scanner/smb/smb_login which can be used with the right options and settings.
Once credentials are obtained, an attacker can use PsExec to authenticate with the target system and run arbitrary commands on it.