So as of now we have a lot of credentials lets now look at what we can do with those credentials .We can go to Metasploit and just search for psexec and use exploit/windows/smb/psexec one and then in there we set rhosts,rport,smbdomain.smbuser,smbpass with the IP of target machine its port we wanna connect to and also Domain Name of the AD and then sm username and smb password of the user we just found,then set a LHOST then we go to set a payload which is windows/x64/meterpreter/reverse_tcp and we run it it might not work on our first attempt but we can try again and if it doesnt work we can change our targets from Powershell or automatic to Native Upload.This might detect a virus on the machine btw.So if this is getting clocked lets try a new tool .

We can use a toold called psexec.py

and the syntax would be this :

psexec.py marvel.local/fcastle:[email protected]

SO the format is DomainName/username:password@<TargetIp>

and boom it should be working and we get a shelll.

If you wanna be even more quiter by using smbexec.py or wmiexec.py .

Pro Tip is to start with smbexec.py and wmiexec.py instead of going directly with psexec.py because psexec.py is super noisy and triggers antivirus many times.