WMIExec - Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol

7 months ago 71

BOOK THIS SPACE FOR AD

ARTICLE AD

Set of python scripts which perform different ways of command execution via WMI protocol.

Blog Post

https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/

Usage

wmiexec_scheduledjob.py

Is a python script which authenticates to a remote WMI instance and execute commands via Scheduled Tasks.

To run the script:

python3 wmiexec_scheduledjob.py -i <ip_address> -u <username> -p <password> -c <command>

wmiexec_win32process.py

Is a python script which authenticates to a remote WMI instance and execute commands via Win32_Process.

To run the script:

python3 wmiexec_win32process.py -i <ip_address> -u <username> -p <password> -c <command>

webserver_ssl.py

Is a python script which creates a HTTPS server (with a self-signed SSL certificate). Used to exfiltrate the command's output.

Before running the HTTP server, make sure to generate the certificates by running:

RSA -out server.key openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt" dir="auto">

openssl genpkey -algorithm RSA -out server.key
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

If everything is done correctly, the server will be running without any error: