Skip to content

Commit

Permalink
Merge pull request #2 from FortyNorthSecurity/RemovePS
Browse files Browse the repository at this point in the history
Removed some PS, added --nops flag to force no PS, edr_query, process color
  • Loading branch information
mattgrandy authored Jul 13, 2021
2 parents 86176a5 + 8c24412 commit 227c01f
Show file tree
Hide file tree
Showing 7 changed files with 1,602 additions and 714 deletions.
11 changes: 8 additions & 3 deletions CIMplant/Commander.cs
100755 → 100644
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ public class Commander
{
public string Command, Execute, File, Cmdlet, FileTo, Directory, RegKey, RegSubKey,
RegVal, RegValType, Service, ServiceBin, Method, Process;
public bool Reset;
public bool Reset, NoPS;

private readonly string[] _shutdown = { "logoff", "reboot", "restart", "power_off", "shutdown" };
private readonly string[] _fileCommand = { "cat", "copy", "download", "ls", "search", "upload" };
Expand Down Expand Up @@ -38,6 +38,7 @@ public Commander()
this.Reset = Options.Instance.Reset;
this.Process = Options.Instance.Process;
this.Method = null;
this.NoPS = Options.Instance.NoPS;
}

public Commander(string command)
Expand Down Expand Up @@ -196,15 +197,15 @@ private void ParseCommands()
"restart", "power_off", "shutdown",
"vacant_system", "logon_events", "command_exec", "disable_wdigest", "enable_wdigest", "disable_winrm",
"enable_winrm",
"reg_mod", "reg_create", "reg_delete", "remote_posh", "sched_job", "service_mod"
"reg_mod", "reg_create", "reg_delete", "remote_posh", "sched_job", "service_mod", "edr_query"
};

public static void DisplayHelp<T>(ParserResult<T> result, IEnumerable<Error> errs)
{
HelpText helpText = HelpText.AutoBuild(result, h =>
{
h.AdditionalNewLineAfterOption = false;
h.Heading = "WMI C# Version 0.1"; //change header
h.Heading = "WMI C# Version 0.2"; //change header
h.Copyright = ""; //change copyright text
h.AutoVersion = false;
return HelpText.DefaultParsingErrorsHandler(result, h);
Expand Down Expand Up @@ -311,6 +312,10 @@ public class Options
[Option("provider", Required = false, HelpText = "Use InstallUtil to register a WMI provider (Not Currently Working)",
Default = false)]
public bool Provider { get; set; }

[Option("nops", Required = false, HelpText = "Do not allow any PowerShell execution (will die before)",
Default = false)]
public bool NoPS { get; set; }

[Option("show-commands", Group = "Command", Required = true,
HelpText = "Displays a list of available commands")]
Expand Down
9 changes: 8 additions & 1 deletion CIMplant/Connector.cs
100755 → 100644
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ private CimSession DoCimConnection(Planter planter)
sessionOptions.AddDestinationCredentials(credentials);
sessionOptions.MaxEnvelopeSize = 256000; // Not sure how else to get around this
connectedCimSession = CimSession.Create(SystemToConn, sessionOptions);

}

else
Expand All @@ -73,9 +74,15 @@ private CimSession DoCimConnection(Planter planter)
connectedCimSession = CimSession.Create(SystemToConn, options);
}

//connectedCimSession.TestConnection();

// Test connection to make sure we're connected
if (!connectedCimSession.TestConnection())
if (!connectedCimSession.TestConnection(out CimInstance instance, out CimException exception))
{
return null;
}



Messenger.GoodMessage("[+] Connected\n");
return connectedCimSession;
Expand Down
Loading

0 comments on commit 227c01f

Please sign in to comment.