Description
Run a PowerShell cradle on a remote system using wmic.exe.
Overview
This script leverages Windows Management Instrumentation (WMI) commandline tool, wmic.exe, to start a process on the operator specified system using username and password or impersonation. An obfuscated PowerShell cradle is executed as either the specified user. The $Target parameter can be either hostname, FQDN, or IP.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Target | string | The IP address or hostname of the system to run the cradle. |
| Username | string | The local or domain username to authenticate with. |
| Password | string | The password for the specified user. |
| Build | string | The Specter build identifier. |
Dependencies
- None
Operating Systems
- Windows
Pre-Requisites
- Valid administrator credentials for the target systems.
- WMI service must be running on the remote system.
- WMI must be allowed through the firewall.
Example Output
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 1904;
ReturnValue = 0;
};