-
Notifications
You must be signed in to change notification settings - Fork 780
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
49cd5c0
commit 77697ea
Showing
2 changed files
with
44 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: "WMI Exploiter" | ||
draft: false | ||
description: "Exploits WMI" | ||
tags: ["exploiter", "wmi", "brute force"] | ||
pre: "<i class='fa fa-toolbox'></i> " | ||
--- | ||
|
||
## WMI | ||
|
||
[WMI (Windows Management Instrumentation)]( | ||
https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page) is a set | ||
of tools and extensions in Windows for managing and querying system information, | ||
configurations, and operations. Administrators use WMI to manage local and | ||
remote environments by monitoring system health, automating administrative | ||
functions, managing network resources, etc. | ||
|
||
## Exploitation | ||
|
||
Machines with WMI enabled may be accessible to attackers if | ||
they come across the correct credentials. | ||
|
||
Infection Monkey's WMI exploiter uses brute-force to attempt to | ||
propagate to a victim via WMI. | ||
|
||
![WMI Configuration]( | ||
/images/island/configuration-page/wmi-exploiter-configuration.png | ||
"WMI Configuration") | ||
|
||
### Credentials used | ||
|
||
The WMI exploiter will use [user-configured credentials]( | ||
/usage/configuration/credentials) as well as credentials collected from other | ||
victims for brute-forcing. All possible combinations of usernames, passwords, | ||
LM hashes, and NT hashes are used, prioritizing pairs provided by the user in | ||
the configuration. | ||
|
||
## Mitigation | ||
|
||
1. Change user passwords to complex passwords that are not shared with other | ||
computers on the network. | ||
|
||
## See also | ||
- [WMI exploiter reference documentation](/reference/exploiters/wmi) |
Binary file added
BIN
+279 KB
docs/static/images/island/configuration-page/wmi-exploiter-configuration.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.