Home
Welcome to the WMImplant wiki!
The first thing you will need to do is import the WMImpant.ps1 on the console that you are using (PowerShell, Beacon, Empire, Meterpreter, etc.). Importing the script is an exercise I feel comfortable leaving to the user.
After having imported WMImplant, you have two ways that you can use the tool, interactively or non-interactively. Using WMImplant in a non-interactive manner will allow you to script actions with WMImplant, and/or use it in a RAT of your choice.
WMImplant is a tool that's designed to completely use WMI. WMI is not only the mechanism for triggering actions on the targeted machine, but it is also the C2 channel itself. Where required, WMImplant stores data in WMI properties, but in one situation it stores data in the system registry. When interacting with WMI properties, WMImplant captures the original property value, modifies the value, and then restores the original value once it is complete. When interacting with the registry, WMImplant creates a new registry key, stores the data in the registry value, retrieves the data, and then removes the key. For specifics on where data storage is required, and how data is stored for each command, please review the respective commands in the Commands section.
This section will go over the different commands that WMImplant supports and how WMImplant performs each command.
The change_user command enables you to change the user context that you are currently running as. By default, WMImplant will run in the context of the user account that starts the tool. However, if you need to change the user account context you are running as, you can easily do it with the change_user command. WMImplant will prompt you to provide the new user account (DOMAIN\account) and password that you wish to authenticate with. From that point on, WMImplant will use the new account credentials (unless you use the change_user command again, or exit WMImplant).
This command exits WMImplant.
This is an incredibly useful command for when you want to use WMImplant in a non-interactive manner, but don't know the command line flags to use. If that is the case, use the gen_cli command. Once you run this command, the normal help menu will pop up. Select the command you want to use in a non-interactive manner. WMImplant will then prompt you to answer questions that it will require when running this command from the command line. After you've answered every question, WMImplant will produce the command line command you should run. At this point, just copy and paste the command, and run it!
This command shows the WMImplant menu.