0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] one page modified

This commit is contained in:
CPol 2021-01-20 23:53:30 +00:00 committed by gitbook-bot
parent f335269cbd
commit bd06b69afe
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
1 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
windows/ntlm/wmicexec.md
View File

@ -8,7 +8,9 @@ Wmi allows to open process in hosts where you know username/\(password/Hash\). T
## WMI Basics
**Namespace**: WMI is divided into a directory-style hierarchy, the \root container, with other directories under \root. These "directory paths" are called namespaces.
### Namespace
WMI is divided into a directory-style hierarchy, the \root container, with other directories under \root. These "directory paths" are called namespaces.
List namespaces:
```bash
@ -29,7 +31,9 @@ gwmwi -List -Recurse #If no namespace is specified, by default is used: "root\ci
gwmi -Namespace "root/microsoft" -List -Recurse
```
**Classes:** The WMI class name eg: win32\_process is a starting point for any WMI action. We always need to know a Class Name and the Namespace where it is located.
### **Classes**
The WMI class name eg: win32\_process is a starting point for any WMI action. We always need to know a Class Name and the Namespace where it is located.
List classes starting with `win32`:
```bash
@ -45,7 +49,25 @@ Get-WmiObject -Class win32_share
Get-WmiObject -Namespace "root/microsoft/windows/defender" -Class MSFT_MpComputerStatus
```
**Method:** WMI classes have one or more functions that can be executed. These functions are called methods
### Methods
WMI classes have one or more functions that can be executed. These functions are called methods.
```bash
#Load a class using [wmiclass], leist methods and call one
$c = [wmiclass]"win32_share"
$c.methods
#Find information about the class in https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-share
$c.Create("c:\share\path","name",0,$null,"My Description")
#If returned value is "0", then it was successfully executed
```
```bash
#List methods
Get-WmiObject -Query 'Select * From Meta_Class WHERE __Class LIKE "win32%"' | Where-Object { $_.PSBase.Methods } | Select-Object Name, Methods
#Call create method from win32_share class
Invoke-WmiMethod -Class win32_share -Name Create -ArgumentList @($null, "Description", $null, "Name", $null, "c:\share\path",0)
```
## WMI Enumeration