Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

XiaoliChan / wmiexec-Pro Public

Notifications You must be signed in to change notification settings
Fork 132
Star 1.1k

Code
Issues 2
Pull requests
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

Releases: XiaoliChan/wmiexec-Pro

Releases · XiaoliChan/wmiexec-Pro

wmiexec-Pro v0.1.7-fixed

04 May 10:02

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.7-fixed

Changelog:

Fix single quotes issues.

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.7

04 May 09:50

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.7

Changelog:

Base64 encodes command in the exec-command module to avoid Latin-1 encoding error.
Base64 encodes filename in the filetransfer module to avoid Latin-1 encoding error.
exec-command: default is with output mode

Screenshots:

File transferring with Chinese filename.
Execute commands with Chinese characters.

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.6

29 Apr 08:51

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.6

Changelog:

More operation in RID-Hijack module: remove / backup / restore

Screenshot:

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.5

28 Apr 11:06

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.5

Changelog:

Bug fixed in filetransfer.py & service_mgr.py
Use DEFAULT namespace when using the class StdRegProv
New module: RID-Hijack (without using PowerShell or landing EXE file).

Special thanks: 九世 for rid-hijack module development.

Screenshot:

Target: windows server 2019 (non-domain join)
Help manual:
Query user rid: (as you can see, the guest user current was disabled)
Activate user:
At first, we don't have any permission to access subkeys in HKLM\SAM\SAM, so let we grant permission to access it.
Then we can modify the RID 501 profile, now is time to hijack to RID 500
Finally, we can enable blank password login playing with guest user
Attempt to login target with user guest without any password, before you login, you may need to modify your client GPO
Execute command

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.4

19 Apr 10:12

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.4

Changelog:

Firewall module: No more info replacement.
Winrm module: Hard-coding firewall rule id in order to speed up configuration.

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.3

17 Apr 04:40

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.3

Changelog:

Improve old system command execution in silent mode, no more VBScript, use win32_ScheduleJob directly.

Screenshots:

Execute command in server 2003 with silent mode.

Assets 2

Loading

r00tSe7en reacted with heart emoji

All reactions

❤️ 1 reaction

1 person reacted

wmiexec-Pro v0.1.2-fixed

16 Apr 10:08

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.2-fixed

Changelog:

Increase the delay time for command execution in the old style. (Win32_ScheduledJob)
For more details, check out this link: wmiexec-Pro v0.1.2

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.2

16 Apr 07:35

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.2

Changelog:

New module: Enum
RDP module: add support for old version system under NT6 (Server 2003).
Exec-command module: add support for old version system under NT6 (Server 2003).
Rename directory vbs-scripts to vbscripts

Screenshots:

Enumerate module:
Enable RDP in server 2003
Execute command in server 2003

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.1-fixed

14 Apr 08:43

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.1-fixed

Changelog:

Now you can execute commands including double quotes or single quotes.

Screenshots:

With double quotes:
With single quotes:

Assets 2

Loading

All reactions

wmiexec-Pro v0.1.1

13 Apr 09:00

XiaoliChan

Compare

Choose a tag to compare

Loading

wmiexec-Pro v0.1.1

Changelog:

Fix a bug in VBScript: Exec-Command-WithOutput.vbs

Assets 2

Loading

All reactions

Previous 1 2 3 Next

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.