{"id":13107,"date":"2021-05-28T20:49:37","date_gmt":"2021-05-28T15:19:37","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=13107"},"modified":"2021-05-28T20:49:37","modified_gmt":"2021-05-28T15:19:37","slug":"cimplant","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/cimplant\/","title":{"rendered":"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems"},"content":{"rendered":"\n<p>C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user&#8217;s session.<\/p>\n\n\n\n<p class=\"has-luminous-vivid-amber-background-color has-background\"><strong>Note:<\/strong> Some commands will use PowerShell in combination with WMI, denoted with ** in the&nbsp;<code>--show-commands<\/code>&nbsp;command.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Introduction<\/strong><\/p>\n\n\n\n<p>CIMplant is a C# rewrite and expansion on&nbsp;<a href=\"https:\/\/twitter.com\/christruncer\">@christruncer<\/a>&#8216;s&nbsp;<a href=\"https:\/\/github.com\/FortyNorthSecurity\/WMImplant\">WMImplant<\/a>. It allows you to gather data about a remote system, execute commands, exfil data, and more. The tool allows connections using Windows Management Instrumentation,&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/wmisdk\/about-wmi\">WMI<\/a>, or Common Interface Model,&nbsp;<a href=\"https:\/\/www.dmtf.org\/standards\/cim\">CIM<\/a>&nbsp;; well more accurately Windows Management Infrastructure,&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/previous-versions\/windows\/desktop\/wmi_v2\/windows-management-infrastructure\">MI<\/a>. CIMplant requires local administrator permissions on the target system.<\/p>\n\n\n\n<h5 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><strong>Setup<\/strong><\/h5>\n\n\n\n<p>It&#8217;s probably easiest to use the built version under Releases, just note that it is compiled in Debug mode. If you want to build the solution yourself, follow the steps below.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Load CIMplant.sln into Visual Studio<\/li><li>Go to Build at the top and then Build Solution if no modifications are wanted<\/li><\/ol>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>CIMplant.exe &#8211;help<br>CIMplant.exe &#8211;show-commands<br>CIMplant.exe &#8211;show-examples<br>CIMplant.exe -s [remote IP address] -c cat -f c:\\users\\user\\desktop\\file.txt<br>CIMplant.exe -s [remote IP address] -u [username] -d [domain] -p [password] -c cat -f c:\\users\\test\\desktop\\file.txt<br>CIMplant.exe -s [remote IP address] -u [username] -d [domain] -p [password] -c command_exec &#8211;execute &#8220;dir c:\\&#8221;<\/strong><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Some Helpful Commands<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-p6swtWEgXbY\/YKzHbkQv8eI\/AAAAAAAAJNo\/niaZXoXPQLkN_kHeVIWCiOaMOruMy_qNwCLcBGAsYHQ\/s1280\/CIMplant-Help.gif\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Some Example Usage Commands<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-p6swtWEgXbY\/YKzHbkQv8eI\/AAAAAAAAJNo\/niaZXoXPQLkN_kHeVIWCiOaMOruMy_qNwCLcBGAsYHQ\/s1280\/CIMplant-Help.gif\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Cobalt Strike Execute-Assembly<\/strong><\/p>\n\n\n\n<p>I wanted to code CIMplant in a way that would allow usage through execute-assembly so everything is packed into one executable and loaded reflectively. You should be able to run all commands through beacon without issue. Enjoy!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-Ogrfw_0Q8hQ\/YKzJb9cx8SI\/AAAAAAAAJN0\/UD13PuaPbvs_cYXnFRbpZVpFuQ4ij3ElwCLcBGAsYHQ\/s1920\/CIMplant-CS-Usage.gif\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Important Files<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Program.cs<\/li><\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>This is the brains of the operation, the driver for the program.<\/p><\/blockquote>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><li>Connector.cs<\/li><\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>This is where the initial CIM\/WMI connections are made and passed to the rest of the application<\/p><\/blockquote>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><li>ExecuteWMI.cs<\/li><\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>All function code for the WMI commands<\/p><\/blockquote>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\"><li>ExecuteCIM.cs<\/li><\/ol>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>All function code for the CIM (MI) commands<\/p><\/blockquote>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Detection<\/strong><\/p>\n\n\n\n<p>Of course, the first thing we&#8217;ll want to be aware of is the initial WMI or CIM connection. In general, WMI uses DCOM as a communication protocol whereas CIM uses WSMan (or, WinRM). This can be modified for CIM, and is in CIMplant, but let&#8217;s just go over the default values for now. For DCOM, the first thing we can do is look for initial TCP connections over&nbsp;<strong>port 135<\/strong>. The connecting and receiving systems will then decide on a new, very high port to use so that will vary drastically. For WSMan, the initial TCP connection is over&nbsp;<strong>port 5985<\/strong>.<\/p>\n\n\n\n<p>Next, you&#8217;ll want to look at the Microsoft-Windows-WMI-Activity\/Trace event log in the Event Viewer. Search for&nbsp;<strong>Event ID 11<\/strong>&nbsp;and filter on the IsLocal property if possible. You can also look for&nbsp;<strong>Event ID 1295<\/strong>&nbsp;within the Microsoft-Windows-WinRM\/Analytic log.<\/p>\n\n\n\n<p>Finally, you&#8217;ll want to look for any modifications to the&nbsp;<strong>DebugFilePath<\/strong>&nbsp;property with the&nbsp;<strong>Win32_OSRecoveryConfiguration<\/strong>&nbsp;class. More detailed information about detection can be found at Part 1 of our blog series here:&nbsp;<a href=\"https:\/\/fortynorthsecurity.com\/blog\/cimplant-part-1-detections\/\">CIMplant Part 1: Detection of a C# Implementation of WMImplant<\/a><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user&#8217;s session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the&nbsp;&#8211;show-commands&nbsp;command. Introduction CIMplant is a C# rewrite and expansion on&nbsp;@christruncer&#8216;s&nbsp;WMImplant. It allows you to gather data about [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16841,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","fifu_image_alt":"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[511,572,573,3762,3763],"class_list":["post-13107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-c-3","tag-cim","tag-cimplant","tag-wmi","tag-wmimplant"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI<\/title>\n<meta name=\"description\" content=\"C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user&#039;s session.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/cimplant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI\" \/>\n<meta property=\"og:description\" content=\"C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user&#039;s session.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/cimplant\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-28T15:19:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems\",\"datePublished\":\"2021-05-28T15:19:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/\"},\"wordCount\":532,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png\",\"keywords\":[\"C\",\"CIM\",\"cimplant\",\"WMI\",\"WMImplant\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/\",\"name\":\"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png\",\"datePublished\":\"2021-05-28T15:19:37+00:00\",\"description\":\"C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/cimplant\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI","description":"C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/cimplant\/","og_locale":"en_US","og_type":"article","og_title":"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI","og_description":"C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session.","og_url":"https:\/\/kalilinuxtutorials.com\/cimplant\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-05-28T15:19:37+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI To Query Remote Systems","datePublished":"2021-05-28T15:19:37+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/"},"wordCount":532,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","keywords":["C","CIM","cimplant","WMI","WMImplant"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/","url":"https:\/\/kalilinuxtutorials.com\/cimplant\/","name":"CIMplant : C# Port Of WMImplant Which Uses Either CIM Or WMI","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","datePublished":"2021-05-28T15:19:37+00:00","description":"C# port of WMImplant which uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/cimplant\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/cimplant\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-gvQFAAGJIfk\/YKzQ317AUxI\/AAAAAAAAJN4\/06rzvNfEu1wKZXIpGGQaXCO1BMV3fbzCgCLcBGAsYHQ\/s728\/CIMplant_1_cimplant_logo_letters%2B%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":18219,"url":"https:\/\/kalilinuxtutorials.com\/sharpstrike\/","url_meta":{"origin":13107,"position":0},"title":"SharpStrike : A Post Exploitation Tool Written In C# Uses Either CIM Or WMI To Query Remote Systems","author":"R K","date":"September 22, 2021","format":false,"excerpt":"SharpStrike is a post-exploitation tool written in C# that uses either CIM or WMI to query remote systems. It can use provided credentials or the current user's session. Note: Some commands will use PowerShell in combination with WMI, denoted with ** in the\u00a0--show-commands\u00a0command. Introduction SharpStrike is a C# rewrite and\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-OQPnxnI2zxo\/YTnbXD87p4I\/AAAAAAAAKxM\/97q0ahE6QgUJ3ihcNW9n9P3n2-PDxfRogCLcBGAsYHQ\/s728\/download.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/1.bp.blogspot.com\/-OQPnxnI2zxo\/YTnbXD87p4I\/AAAAAAAAKxM\/97q0ahE6QgUJ3ihcNW9n9P3n2-PDxfRogCLcBGAsYHQ\/s728\/download.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-OQPnxnI2zxo\/YTnbXD87p4I\/AAAAAAAAKxM\/97q0ahE6QgUJ3ihcNW9n9P3n2-PDxfRogCLcBGAsYHQ\/s728\/download.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/1.bp.blogspot.com\/-OQPnxnI2zxo\/YTnbXD87p4I\/AAAAAAAAKxM\/97q0ahE6QgUJ3ihcNW9n9P3n2-PDxfRogCLcBGAsYHQ\/s728\/download.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":8576,"url":"https:\/\/kalilinuxtutorials.com\/sharpstat\/","url_meta":{"origin":13107,"position":1},"title":"SharpStat : C# Utility That Uses WMI To Run CMD","author":"R K","date":"January 27, 2020","format":false,"excerpt":"SharpStat is a C# utility that uses WMI to run \"cmd.exe \/c netstat -n\", save the output to a file, then use SMB to read and delete the file remotely. This script will attempt to connect to all the supplied computers and use WMI to execute\u00a0cmd.exe \/c netstat -n >\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":12536,"url":"https:\/\/kalilinuxtutorials.com\/movekit\/","url_meta":{"origin":13107,"position":2},"title":"MoveKit : Cobalt Strike Kit For Lateral Movement","author":"R K","date":"April 23, 2021","format":false,"excerpt":"Movekit is an extension of built in Cobalt Strike lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":24080,"url":"https:\/\/kalilinuxtutorials.com\/wmeye\/","url_meta":{"origin":13107,"position":3},"title":"WMEye : A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement","author":"R K","date":"April 21, 2022","format":false,"excerpt":"WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded\/encrypted shellcode into remote targets WMI Class Property, create an event filter that when triggered writes an MSBuild based Payload\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjh1kiSBrLJnr69VfzwpO_XUYfdACO0famqEAqn6yGictD6fGSKodnzOLYc4Sqpyf3W3bhRM2fRgCUssHkjf4D21whLKvCrptywzyFAeJQPb1lDkWczFKm43r8dPJtrT0ZCV1_BKkebURMRdf_Mx3zoGWNBsWI9ZXn5RtvucTDce3rBmS1XdV7JWTN0\/s728\/communityIcon_a802mqqj9t551.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjh1kiSBrLJnr69VfzwpO_XUYfdACO0famqEAqn6yGictD6fGSKodnzOLYc4Sqpyf3W3bhRM2fRgCUssHkjf4D21whLKvCrptywzyFAeJQPb1lDkWczFKm43r8dPJtrT0ZCV1_BKkebURMRdf_Mx3zoGWNBsWI9ZXn5RtvucTDce3rBmS1XdV7JWTN0\/s728\/communityIcon_a802mqqj9t551.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjh1kiSBrLJnr69VfzwpO_XUYfdACO0famqEAqn6yGictD6fGSKodnzOLYc4Sqpyf3W3bhRM2fRgCUssHkjf4D21whLKvCrptywzyFAeJQPb1lDkWczFKm43r8dPJtrT0ZCV1_BKkebURMRdf_Mx3zoGWNBsWI9ZXn5RtvucTDce3rBmS1XdV7JWTN0\/s728\/communityIcon_a802mqqj9t551.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjh1kiSBrLJnr69VfzwpO_XUYfdACO0famqEAqn6yGictD6fGSKodnzOLYc4Sqpyf3W3bhRM2fRgCUssHkjf4D21whLKvCrptywzyFAeJQPb1lDkWczFKm43r8dPJtrT0ZCV1_BKkebURMRdf_Mx3zoGWNBsWI9ZXn5RtvucTDce3rBmS1XdV7JWTN0\/s728\/communityIcon_a802mqqj9t551.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36256,"url":"https:\/\/kalilinuxtutorials.com\/stuxnet\/","url_meta":{"origin":13107,"position":4},"title":"Stuxnet : The Blueprint Of Modern WMI-Based Cyber Threats","author":"Varshini","date":"February 10, 2025","format":false,"excerpt":"Stuxnet, a groundbreaking cyberweapon first discovered in 2010, targeted Iran's nuclear facilities, marking a significant evolution in cyber warfare. It exploited four zero-day vulnerabilities to infiltrate Windows systems and Siemens PLCs, executing highly specific sabotage while remaining stealthy. Its modular design allowed it to propagate through USB drives and networks,\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Stuxnet.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Stuxnet.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Stuxnet.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Stuxnet.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Stuxnet.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/Stuxnet.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11965,"url":"https:\/\/kalilinuxtutorials.com\/wsman-winrm\/","url_meta":{"origin":13107,"position":5},"title":"WSMan-WinRM : Scripts For Executing Remote Commands Over WinRM Using The WSMan.Automation COM Object","author":"R K","date":"December 21, 2020","format":false,"excerpt":"WSMan-WinRM is a collection of proof-of-concept source code and scripts for executing remote commands over WinRM using the WSMan.Automation COM object. Background For background information, please refer to the following blog post: WS-Management COM: Another Approach for WinRM Lateral Movement Notes SharpWSManWinRM.cs and CppWsManWinRM.cpp compile in Visual Studio 2019. Refer\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/13107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=13107"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/13107\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16841"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=13107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=13107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=13107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}