Issue with remote_posh,copy,upload commands

Question

Issue with remote_posh,copy,upload commands

Cyb3rGh0st786 opened this issue 6 years ago · 8 comments

Hello,
Thank you for a great tool
I am experimenting with some of the commands "remote_posh,copy,upload" on windows 7 system from windows 2008 R2 server with Local admin priv on windows 7 system.

I am getting following error when tried a script to run on remote system. I am getting following when I use remote_posh command and command prompt freezes

Remote_posh

"Set-WmiInstance : Generic failure
At C:\Users\Administrator\Downloads\WMImplant-master\WMImplant-master\WMImplant.ps1:145 char:40

            $null = Set-WmiInstance <<<<  -Class Win32_Environment -Argument @{Name=$VarName;VariableValue=$PSCommand;UserName=$Username} -ComputerName $ComputerName

CategoryInfo : InvalidOperation: (:) [Set-WmiInstance], ManagementException
FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance"

When I use Upload

Command >: upload
What system are you targeting? >: 172.16.117.180
What's the full path to the file you'd like to upload? >: C:\Users\Administrator\Desktop\test1.ps1
What is the full path to the location you would like the file uploaded to? >: C:\Windows\Temp
Set-WmiInstance : Generic failure
At C:\Users\Administrator\Downloads\WMImplant-master\WMImplant-master\WMImplant.ps1:145 char:40

            $null = Set-WmiInstance <<<<  -Class Win32_Environment -Argument @{Name=$VarName;VariableValue=$PSCommand;UserName=$Username} -ComputerName $ComputerName

CategoryInfo : InvalidOperation: (:) [Set-WmiInstance], ManagementException
FullyQualifiedErrorId : SetWMIManagementException,Microsoft.PowerShell.Commands.SetWmiInstance

Copy Command

But it did not copy the file

Answer 1 · 2018-07-31T17:54:21.000Z

Can you please help me to understand and resolve the issue. I am not sure what I am doing wrong

Answer 2 · 2018-07-31T19:50:56.000Z

Are you by chance using this on a non-english language instance of Windows?

Answer 3 · 2018-08-01T02:02:46.000Z

Hello Chris, Thank you for the reply. I am using English version of Windows. Regards, Kaleem

…

On Tue, 31 Jul 2018, 11:50 pm ChrisTruncer, ***@***.***> wrote: Are you by chance using this on a non-english language instance of Windows? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#23 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHViOZGjcYJ3NPrwMhXg2Gd-pmiTwsreks5uMLUigaJpZM4Voumi> .

Answer 4 · 2018-08-02T15:48:53.000Z

Can you provide any additional information? Is the file you're trying to copy, or upload, etc. containing non-english characters? That's the only known issue I know about with WMImplant. When I attempt to run the same commands in my lab, it is able to complete.

Answer 5 · 2018-08-03T17:31:26.000Z

Hello Chris,

No it does not contain any non-english characters. At first I tried to upload a test file with content "test" in that
test.txt

Answer 6 · 2018-08-03T19:28:57.000Z

Hi, I was able to successfully upload the file to the system I am targeting. Since that's the case, it leads me to think it is something with the system(s) you are testing with. Especially if using WMImplant locally on your own system, be sure to run with admin rights. When targeting a remote system, make sure you have permissions to write in the directory you are targeting.

If you can provide me with any additional information, I can look at it over the weekend or in the evening. Otherwise I unfortunately can't recreate this at the moment.

Answer 7 · 2018-08-04T06:04:50.000Z

Hi Chris,

Thank you so much for your time and looking into it. I will try the set up with other machine. If I still face any issues I will raise a new issue.

Closing this

Answer 8 · 2020-07-21T08:59:18.000Z

Hi Chris,

Thank you so much for your time and looking into it. I will try the set up with other machine. If I still face any issues I will raise a new issue.

Closing this

how to solve?