Using DLL hijacking (
source
)
User has SMB access to another host
Upload EXE + DLL to target host
Use
wmiexec.py
to execute EXE
Receive beacon via the DLL execution