The PsExec module in Metasploit uses which protocol to perform remote code execution?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

The PsExec module in Metasploit uses which protocol to perform remote code execution?

Explanation:
Using the SMB protocol is what enables PsExec to perform remote code execution on Windows hosts. The Metasploit PsExec module authenticates to the target and copies the payload into an administrative share (ADMIN$) over SMB. It then leverages Windows remote service management (via RPC over SMB) to create or start a remote service that runs the payload, giving you code execution on the remote machine. Other protocols like SSH, HTTPS, or FTP don’t provide the same integrated Windows admin-share access and service-control mechanisms needed for this method, so they aren’t used here.

Using the SMB protocol is what enables PsExec to perform remote code execution on Windows hosts. The Metasploit PsExec module authenticates to the target and copies the payload into an administrative share (ADMIN$) over SMB. It then leverages Windows remote service management (via RPC over SMB) to create or start a remote service that runs the payload, giving you code execution on the remote machine. Other protocols like SSH, HTTPS, or FTP don’t provide the same integrated Windows admin-share access and service-control mechanisms needed for this method, so they aren’t used here.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy