public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-05-10 23:33:17 +02:00
Code Issues Projects Releases Wiki Activity

Added wbemtest.exe (#430)

Browse Source 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
This commit is contained in:
saulpanders 2025-04-26 15:27:13 -04:00 committed by GitHub
parent e15a9c3e27
commit 18b1648e97
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
yml/OSBinaries/Wbemtest.yml Normal file
View File

@ -0,0 +1,25 @@
---
Name: wbemtest.exe
Description: WMI/WBEM Test Binary
Author: saulpanders
Created: 2025-04-22
Commands:
- Command: wbemtest.exe
Description: Execute arbitary commands through WMI through a GUI managment interface for Web Based Enterprise Management testing (WBEM). Uses WMI to Create and instance of a Win32_Process WMI class with a commandline argument of the target command to spawn. Spawns a GUI so it requires interactive access. For a demo, see link to blog in resources.
Usecase: Execute arbitrary commands through WMI classes
Category: Execute
Privileges: Any
MitreID: T1047
OperatingSystem: Windows 10, Windows 11
Tags:
- Application: GUI
- Execute: CMD
Full_Path:
- Path: c:\windows\system32\wbem\wbemtest.exe
Detection:
- IOC: wbemtest.exe binary spawned
Resources:
- Link: https://saulpanders.github.io/2025/01/20/lolbas-wbemtest.html
Acknowledgement:
- Person: Paul Sanders
Handle: '@saulpanders'