Powershell * WMI

Red Team WMI

PS C:\> Get-WmiObject -Class win32_IP4RouteTable PS C:\> Get-WmiObject -Class win32_useraccount PS C:\> Get-WmiObject -Class win32_group PS C:\> Get-WmiObject -Class win32_shadowcopy PS C:\> (Get-WmiObject -Class win32_shadowcopy -List).create(“c:\”,”clientaccesible”) PS C:\> $link = (Get-WmiObject -Class win32_shadowcopy).deviceobject + “\” PS C:\> cmd /c mklink /d c:\shadowcopy “$link” Gather information from the local box: Invoke-sessiongopher.ps1 : PS C:\Users\victim6\Downloads\new\new\tool\tool\nishang-master\nishang-master\Gather> . .\Invoke-SessionGopher.ps1 […]