wmiexec: perform different ways of command execution via WMI protocol

WMI command execution

WMIexec

Set of Python scripts which perform different ways of command execution via WMI protocol.

Blog Post

https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/

Download

git clone https://github.com/WKL-Sec/WMIExec.git

Use

wmiexec_scheduledjob.py

Is a Python script which authenticates to a remote WMI instance and executes commands via Scheduled Tasks.

To run the script:

python3 wmiexec_scheduledjob.py -i <ip_address> -u <username> -p <password> -c <command>

wmiexec_win32process.py

Is a Python script which authenticates to a remote WMI instance and executes commands via Win32_Process.

To run the script:

python3 wmiexec_win32process.py -i <ip_address> -u <username> -p <password> -c <command>

webserver_ssl.py

Is a Python script which creates an HTTPS server (with a self-signed SSL certificate). Used to exfiltrate the command’s output.

Before running the HTTP server, make sure to generate the certificates by running:

openssl genpkey -algorithm RSA -out server.key

openssl req -new -key server.key -out server.csr

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

If everything is done correctly, the server will be running without any errors:

python3 webserver_ssl.py

Source: https://github.com/WKL-Sec/