RedSiege/WMIOps RedSiege/WMIOps

  • Stars
    star
    380
  • Rank 109,028 (Top 3 %)
  • Language
    PowerShell
  • License
    GNU General Publi...
  • Created over 8 years ago
  • Updated about 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
RedSiege/WMIOps
github

RedSiege

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.

#WMIOps

WMIOps is a powershell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment. It's designed primarily for use on penetration tests or red team engagements.

This is my first PowerShell script, so I am sure there's things that could have been done better. Please submit a request for anything that could be made more efficient and I'd be happy to look at it, and learn from it :).

Developed by @christruncer

Thanks to: @mattifestation for your major work in this area (Posh and WMI), @obscuresec, @enigma0x3, @424f424f, @xorrior, and @sixdub for having already solved a lot of PowerShell problems and publishing your code to let me, and others, learn from it @harmj0y - for helping to mentor me from the beginning @evan_Pena2003 - For your help with code reviews and teaching me what to look into and learn

WMIOps Functions:

Process Functions

Invoke-ExecCommandWMI               -   Executes a user specified command on the target machine
Invoke-KillProcessWMI               -   Kills a process (via process name or ID) on the target machine
Get-RunningProcessesWMI             -   Returns all running processes from the target machine

User Operations

Find-ActiveUsersWMI                 -   Checks if a user is active at the desktop on the target machine (or if away from their machine)
Get-ProcessOwnersWMI                -   Returns all accounts which have active processes on the target system

Host Enumeration

Get-SystemDrivesWMI                 -   Lists all local and network connected drives on target system
Get-ActiveNICSWMI                   -   Lists all NICs on target system with an IP address

System Manipulation Operations

Invoke-CreateShareandExecute        -   Creates a share, copies file into it, uses WMI to invoke the script on the target system, from the local system, via UNC path
Invoke-RemoteScriptWithOutput       -   Executes a powershell script in memory on the target host via WMI and returns the output
Invoke-SchedJobManipulation         -   Allows you to list, delete, or create jobs on a system over WMI
Invoke-ServiceManipulation          -   Allows you to start, stop, create, or delete services on a targeted system over WMI
Invoke-PowerOptionsWMI              -   Force logs off all users, reboots, or shuts down targeted system

File Operations

Invoke-DirectoryListing             -   Lists files/directories within a user specfied directory over WMI
Get-FileContentsWMI                 -   Reads the contents of a user specified file on a target system and displays the contents
Find-UserSpecifiedFileWMI           -   Search for a file (wildcard supported) on a target system
Invoke-FileTransferOverWMI          -   Uploads or Downloads files to/from the target machine over WMI

Original blog post documenting release - https://www.christophertruncer.com/introducing-wmi-ops/

More Repositories

1

EyeWitness

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
Python
4,664
star
2

C2concealer

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
Python
903
star
3

WMImplant

This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.
PowerShell
787
star
4

Just-Metadata

Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset.
Python
616
star
5

Egress-Assess

Egress-Assess is a tool used to test egress data detection capabilities
PowerShell
581
star
6

EXCELntDonut

Excel 4.0 (XLM) Macro Generator for injecting DLLs and EXEs into memory.
Python
488
star
7

GraphStrike

Cobalt Strike HTTPS beaconing over Microsoft Graph API
C
465
star
8

EDD

Enumerate Domain Data
C#
303
star
9

PersistAssist

Fully modular persistence framework
C#
246
star
10

CIMplant

C# port of WMImplant which uses either CIM or WMI to query remote systems
C#
193
star
11

AggressorAssessor

Aggressor scripts for phases of a pen test or red team assessment
Python
169
star
12

AutoFunkt

Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles
Python
163
star
13

hot-manchego

Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library.
C#
139
star
14

jargon

Python
105
star
15

Screenshooter

C# program to take a full size screenshot or a recording of the user's desktop. Takes in 0-3 flags
C#
80
star
16

What-The-F

This repo hosts a poc of how to execute F# code within an unmanaged process
C++
64
star
17

FunctionalC2

A small POC of using Azure Functions to relay communications. Feel free to add additional functionality beyond this POC!
Python
62
star
18

DigDug

Python
57
star
19

SqlClient

POC for .NET mssql client for accessing database data through beacon
C#
57
star
20

MiddleOut

A small .NET compression utility
C#
55
star
21

Hasher

Hasher is designed to be a tool that allows you to quickly hash plaintext strings, or compare hashed values with a plaintext locally. Not meant to crack passwords, but designed for local checks.
Python
48
star
22

Jigsaw

Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
Python
47
star
23

GPPDeception

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers
PowerShell
42
star
24

rstools

Python
36
star
25

RandomScripts

Scripts for public use that we've randomly written, or have updated from other people's work.
Shell
33
star
26

ProxmarkWrapper

A wrapper around the Proxmark3 client that will alert the user of specific events
Python
26
star
27

CLM-Base64

This project provides Base64 encoding and decoding functionality to PowerShell within Constrained Language Mode
PowerShell
20
star
28

CredCheck

.NET wrapper around LogonUserA to test creds
C#
10
star
29

SharpCollectionTemplate

PowerShell
9
star
30

RansomwareTalks

code for ransomware talks
C#
7
star
31

CUDA-Installation-Script

Quick and dirty installation script for CUDA drivers on Ubuntu 18.04 LTS to save a bit of time.
Shell
3
star