WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload using a special WMI Class called Log File Event Consumer and finally executes the payload remotely.
Fileless Lateral Movement using WMI, can be used with Cobalt Strike’s Execute-Assembly
Note: This is still in experimental stage and no where near to be used in a real engagement.
Win32_Process Create
to call MSbuild remotelyThe MSBuild Payload fetches encoded shellcode from WMI Class Property, decodes and executes it.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…