Command Execution

Executing commands on a windows system requires Administrator credentials.

nxc automatically tells you if the credential set you're using has admin access to a host by appending "(Pwn3d!)" (or whatever value you've set in the config) to the output when authentication is successful.

Execution Methods

nxc has three different command execution methods:

• wmiexec executes commands via WMI

• atexec executes commands by scheduling a task with windows task scheduler

• smbexec executes commands by creating and running a service

By default nxc will fail over to a different execution method if one fails. It attempts to execute commands in the following order:

1. wmiexec

2. atexec

3. smbexec

If you want to force nxc to use only one execution method you can specify which one using the --exec-method flag.

Executing Commands

In the following example, we try to execute whoami on the target using the -x flag:

You can also directly execute PowerShell commands using the -X flag:

Bypass AMSI