all InfoSec news
wmiexec-RegOut - Modify Version Of Impacket Wmiexec.Py, Get Output(Data,Response) From Registry, Don'T Need SMB Connection, Also Bypassing Antivirus-Software In Lateral Movement Like WMIHACKER
Feb. 3, 2022, 8:30 p.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
Modify version of impacket wmiexec.py,wmipersist.py. Got output(data,response) from registry, don't need SMB connection, but I'm in the bad code :(
Specially Thanks to:
-
@rootclay, wechat: _xiangshan
Overview
In original wmiexec.py, it get response from smb connection (port 445,139). Unfortunately, some antivirus software are monitoring these ports as high risk.
In this case, I drop smb connection function and use others method to execute command.
- wmiexec-reg-sch-UnderNT6-wip.py: Executed command by using win32-scheduledjob class. According to xiangshan, win32-scheduledjob class only works under …
antivirus data don impacket registry response smb software version windows
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
Red Team Operator
@ JPMorgan Chase & Co. | LONDON, United Kingdom
SOC Analyst
@ Resillion | Bengaluru, India
Director of Cyber Security
@ Revinate | San Francisco Bay Area
Jr. Security Incident Response Analyst
@ Kaseya | Miami, Florida, United States
Infrastructure Vulnerability Consultant - (Cloud Security , CSPM)
@ Blue Yonder | Hyderabad
Product Security Lead
@ Lely | Maassluis, Netherlands