wmiexec: perform different ways of command execution via WMI protocol
WMIexec
Set of Python scripts which perform different ways of command execution via WMI protocol.
Blog Post
https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/
Download
git clone https://github.com/WKL-Sec/WMIExec.git
Use
wmiexec_scheduledjob.py
Is a Python script which authenticates to a remote WMI instance and executes commands via Scheduled Tasks.
To run the script:
python3 wmiexec_scheduledjob.py -i <ip_address> -u <username> -p <password> -c <command>
wmiexec_win32process.py
Is a Python script which authenticates to a remote WMI instance and executes commands via Win32_Process.
To run the script:
python3 wmiexec_win32process.py -i <ip_address> -u <username> -p <password> -c <command>
webserver_ssl.py
Is a Python script which creates an HTTPS server (with a self-signed SSL certificate). Used to exfiltrate the command’s output.
Before running the HTTP server, make sure to generate the certificates by running:
openssl genpkey -algorithm RSA -out server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
If everything is done correctly, the server will be running without any errors:
python3 webserver_ssl.py
Source: https://github.com/WKL-Sec/
