• Stars
    star
    707
  • Rank 64,036 (Top 2 %)
  • Language
    C#
  • Created over 4 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

sharpwmi是一个基于rpc的横向移动工具,具有上传文件和执行命令功能。

SharpWmi

介绍:

这是一个基于135端口来进行横向移动的工具,具有执行命令和上传文件功能,通过wmi来执行命令,通过注册表来进行数据传输.

原理:

执行命令:

   通过wmi来执行命令,server将命令结果存在本机注册表,然后client连接注册表进行读取命令结果

上传文件:

   client将需要上传的文件放到server的注册表里面,然后server通过powershell来操作注册表方式来取文件然后释放到本地

优点:

  • 不依赖139和445端口

缺点:

  • 目前只支持上传512kb以下的文件,因为注册表每个值值长度不能超过512kb。
  • 执行命令和上传文件都依赖powershell

todo:

  • 用添加增加多个值的方式来实现上传任意大小文件
  • 去除powershell依赖

More Repositories

1

BrowserGhost

这是一个抓取浏览器密码的工具,后续会添加更多功能
C#
1,380
star
2

LuWu

红队基础设施自动化部署工具
Python
843
star
3

WeblogicEnvironment

Weblogic环境搭建工具
Shell
766
star
4

EventCleaner

A tool mainly to erase specified records from Windows event logs, with additional functionalities.
C++
584
star
5

CobaltStrike-Toolset

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
PowerShell
518
star
6

EventLogMaster

Cobalt Strike插件 - RDP日志取证&清除
PowerShell
358
star
7

ptrace

a PoC for Linux to get around agents that log commands being executed, without root privilege. Linux低权限模糊化执行的程序名和参数,避开基于execve系统调用监控的命令日志
C
236
star
8

PandaSniper

Linux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物
C#
219
star
9

HideShell

A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.
Java
213
star
10

redis_lua_exploit

Python
145
star
11

NtlmSocks

a pass-the-hash tool
Go
107
star
12

SerialWriter

SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
Java
101
star
13

ptyshell

A reverse PTY shell in C
C
100
star
14

openssh-7.6p1-patch

a patched sshd for red team activities
C
81
star
15

getpass

a mini tool to dump password and NTLM hash from WDigest & MSV1_0 & tspkg, as a result of study of mimikatz
C++
76
star
16

dcpwn

an impacket-dependent script exploiting CVE-2019-1040
Python
72
star
17

mscache

a tool to manipulate dcc(domain cached credentials) in windows registry, based mainly on the work of mimikatz and impacket
Python
67
star
18

KerberosUserEnum

Kerberos accounts enumeration taking advantage of AS-REQ
Python
43
star
19

Papers

Papers
34
star
20

CVE-2018-20250

010 Editor template for ACE archive format & CVE-2018-2025[0-3]
Python
25
star
21

sunburst_decoder

SUNBURST DGA decoder
C#
11
star
22

cisco_ppc_rsp

A debugger in Python for Cisco c3560
Python
10
star