So as of now we have a lot of credentials lets now look at what we can do with those credentials .We can go to Metasploit and just search for psexec and use exploit/windows/smb/psexec one and then in there we set rhosts,rport,smbdomain.smbuser,smbpass with the IP of target machine its port we wanna connect to and also Domain Name of the AD and then sm username and smb password of the user we just found,then set a LHOST then we go to set a payload which is windows/x64/meterpreter/reverse_tcp and we run it it might not work on our first attempt but we can try again and if it doesnt work we can change our targets from Powershell or automatic to Native Upload.This might detect a virus on the machine btw.So if this is getting clocked lets try a new tool .

We can use a toold called

and the syntax would be this : marvel.local/fcastle:Password1@

SO the format is DomainName/username:password@<TargetIp>

and boom it should be working and we get a shelll.

If you wanna be even more quiter by using or .

Pro Tip is to start with and instead of going directly with because is super noisy and triggers antivirus many times.