Modified based on atexec.py (ATSVC example for some functions implemented, creates, enums, runs and deletes jobs. This example executes a command on the target machine through the Task Scheduler service. Returns the output of such command.)
The TSCH service is used by default(need port 135 a dynamic high port), port 445 is no longer required. The technology is mainly based on this article by zcgonvh.
positional arguments: target [[domain/]username[:password]@]<targetName or address>
options: -h, --help show this help message and exit -i {TSCH,ATSVC}, --interface {TSCH,ATSVC} Interface to use. -session-id SESSION_ID an existed logon session to use (no output, no cmd.exe) -ts adds timestamp to every logging output -debug Turn DEBUG output ON -codec CODEC Sets encoding used (codec) from the target's output (default "utf-8"). If errors are detected, run chcp.com at the target, map the result with https://docs.python.org/3/library/codecs.html#standard-encodings and then execute wmiexec.py again with -codec and the corresponding codec
authentication: -hashes LMHASH:NTHASH NTLM hashes, format is LMHASH:NTHASH -no-pass don't ask for password (useful for -k) -k Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the ones specified in the command line -aesKey hex key AES key to use for Kerberos Authentication (128 or 256 bits) -dc-ip ip address IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter -keytab KEYTAB Read keys for SPN from keytab file
