Goexec - Remote Execution Multitool

goexec

Goexec is a new take on some of the methods used to gain remote execution on Windows devices. Goexec implements a number of largely unrealized execution methods and provides significant OPSEC improvements overall.

The original post about Goexec v0.1.0 can be found here

Usage

Usage:
  goexec [command] [flags]

Execution Commands:
  dcom        Execute with Distributed Component Object Model (MS-DCOM)
  wmi         Execute with Windows Management Instrumentation (MS-WMI)
  scmr        Execute with Service Control Manager Remote (MS-SCMR)
  tsch        Execute with Windows Task Scheduler (MS-TSCH)

Additional Commands:
  help        Help about any command
  completion  Generate the autocompletion script for the specified shell

Logging:
  -D, --debug           Enable debug logging
  -O, --log-file file   Write JSON logging output to file
  -j, --json            Write logging output in JSON lines
  -q, --quiet           Disable info logging

Authentication:
  -u, --user user@domain      Username ('user@domain', 'domain\user', 'domain/user' or 'user')
  -p, --password string       Password
  -H, --nt-hash hash          NT hash ('NT', ':NT' or 'LM:NT')
      --aes-key hex key       Kerberos AES hex key
      --pfx file              Client certificate and private key as PFX file
      --pfx-password string   Password for PFX file
      --ccache file           Kerberos CCache file name (defaults to $KRB5CCNAME, currently unset)
      --dc string             Domain controller
  -k, --kerberos              Use Kerberos authentication

Use "goexec [command] --help" for more information about a command.

Acknowledgements

@oiweiwei for the wonderful go-msrpc module
@RedTeamPentesting and Erik Geiser for the adauth module
The developers and contributors of Impacket for the inspiration and technical reference