Invoke-PsExec

While we don’t suggest using PsExec type functionality for lateral movement due to its large host footprint, there are still times when it might be useful or appropriate.

lateral_movement/invoke_psexec

This module will let you install Empire agents on additional domain machines by manipulating the remote service manager to create/configure/start/remove a service. From an agent menu, type usemodule lateral_movement/invoke_psexec. Set a listener name you want the new target to stage to with set Listener NAME. The listener names should be tab-completable. To find machines where you can PsExec to, try using the situational_awareness/network/find_localadmin_access module first.

empire_psexec