WmiExec
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Mchakato unaweza kufunguliwa kwenye mwenyeji ambapo jina la mtumiaji na ama nenosiri au hash zinajulikana kupitia matumizi ya WMI. Amri zinafanywa kwa kutumia WMI na Wmiexec, ikitoa uzoefu wa shell wa nusu-interactive.
dcomexec.py: Kutumia mwisho tofauti wa DCOM, skripti hii inatoa shell ya nusu-interactive inayofanana na wmiexec.py, ikitumia hasa kitu cha DCOM cha ShellBrowserWindow. Hivi sasa inasaidia MMC20. Maombi, Shell Windows, na Shell Browser Window objects. (chanzo: Hacking Articles)
Imeundwa katika muundo wa hierarchi ya directory, kontena la juu la WMI ni \root, chini ambayo directories za ziada, zinazojulikana kama namespaces, zimepangwa. Amri za kuorodhesha namespaces:
Darasa ndani ya namespace linaweza kuorodheshwa kwa kutumia:
Kujua jina la darasa la WMI, kama win32_process, na eneo ambalo linaishi ni muhimu kwa operesheni yoyote ya WMI. Amri za kuorodhesha madarasa yanayoanza na win32
:
Mwaliko wa darasa:
Mbinu, ambazo ni moja au zaidi ya kazi zinazotekelezeka za madarasa ya WMI, zinaweza kutekelezwa.
Amri za kuthibitisha ikiwa huduma ya WMI inafanya kazi:
Kukusanya taarifa za mfumo na mchakato kupitia WMI:
Kwa washambuliaji, WMI ni chombo chenye nguvu cha kuorodhesha data nyeti kuhusu mifumo au maeneo.
Remote querying of WMI for specific information, such as local admins or logged-on users, is feasible with careful command construction.
Stealthy identification of local admins on a remote machine and logged-on users can be achieved through specific WMI queries. wmic
piafanya kazi pia kusoma kutoka kwa faili la maandiko ili kutekeleza amri kwenye nodi nyingi kwa wakati mmoja.
To remotely execute a process over WMI, such as deploying an Empire agent, the following command structure is employed, with successful execution indicated by a return value of "0":
Hii mchakato inaonyesha uwezo wa WMI wa utekelezaji wa mbali na uainishaji wa mfumo, ikisisitiza matumizi yake kwa usimamizi wa mfumo na pentesting.
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)