GithubHelp home page GithubHelp logo

hartl3y94 / wmimplant Goto Github PK

View Code? Open in Web Editor NEW

This project forked from redsiege/wmimplant

0.0 0.0 0.0 1.65 MB

This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/remote machine. WMImplant is WMI based.

License: GNU General Public License v3.0

PowerShell 100.00%

wmimplant's Introduction

WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine.

Developed by @christruncer

WMImplant Functions:

Meta Functions

change_user                         -   Change the context of the user you will execute WMI commands as
exit                                -   Exits WMImplant
gen_cli                             -   Generate the command line command to use WMImplant non-interactively
set_default                         -   Sets the targeted system's WMI property back to its default value
help                                -   View the list of commands and descriptions

File Operations

cat                                 -   Reads the contents of a file
copy                                -   Copies a file from one location to another
download                            -   Download a file from the targeted machine
ls                                  -   File/Directory listing of a specific directory
search                              -   Search for a file on a user-specified drive
upload                              -   Upload a file to the targeted machine

Lateral Movement Facilitation

command_exec                        -   Run a command line command and receive the output
disable_wdigest                     -   Removes registry value UseLogonCredential
disable_winrm                       -   Disables WinRM on the targeted system
enable_wdigest                      -   Adds registry value UseLogonCredential
enable_winrm                        -   Enables WinRM on the targeted system
registry_mod                        -   Modify the registry on the targeted machine
remote_posh                         -   Run a PowerShell script on a remote machine and receive the output
sched_job                           -   Manipulate scheduled jobs
service_mod                         -   Create, delete, or modify system services

Process Operations

process_kill                        -   Kill a process via name or process id on the targeted machine
process_start                       -   Start a process on the targeted machine
ps                                  -   Process listing

System Operations

active_users                        -   List domain users with active processes on the targeted system
basic_info                          -   Used to enumerate basic metadata about the targeted system
drive_list                          -   List local and network drives
ifconfig                            -   Receive IP info from NICs with active network connections
installed_programs                  -   Receive a list of the installed programs on the targeted machine
logoff                              -   Log users off the targeted machine
reboot                              -   Reboot the targeted machine
power_off                           -   Power off the targeted machine
vacant_system                       -   Determine if a user is away from the system

Log Operations

logon_events                        -   Identify users that have logged onto a system

Usage

The easiest way to get up and running with WMImplant is to import the script and run Invoke-WMImplant. This will present you with the main menu and you can instantly start choosing a command to run. Within the main menu, you can also choose to have WMImplant output the command line command you would need to use in order to run WMImplant in a non-interactive manner.

Thanks to: @evan_Pena2003 - For your help with code reviews and adding functionality into the tool @danielbohannon - For your help with code obfuscation

wmimplant's People

Contributors

christruncer avatar r-smith avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.