WMIOps

Thiru T
Dec 23, 2024
1 min read

WMIOps is a powershell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment.

Developed by @christruncer.

Original blog post documenting release.

Install: (PowerShell)

git clone https://github.com/FortyNorthSecurity/WMIOps
Import-Module WMIOps.ps1

Usage:

# Executes a user specified command on the target machine
Invoke-ExecCommandWMI

# Returns all running processes from the target machine
Get-RunningProcessesWMI

# Checks if a user is active at the desktop on the target machine (or if away from their machine)
Find-ActiveUsersWMI

# Lists all local and network connected drives on target system
Get-SystemDrivesWMI

# Executes a powershell script in memory on the target host via WMI and returns the output
Invoke-RemoteScriptWithOutput

Images used from https://pentestlab.blog/2017/11/20/command-and-control-wmi/ — *Images used from* *https://pentestlab.blog/2017/11/20/command-and-control-wmi/*

IT news & Information Technology Comparison

WMIOps

Recent Posts

Comments