internal void AddRegistryRemote(String[] keys, UInt32 hive) { using (WMI wmi = new WMI()) { if (!wmi.Connect()) { Console.WriteLine("[-] Connection failed"); return; } foreach (String key in keys) { wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, key }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, key, "", registryDefault }); String keyValue2 = String.Format(@"{0}\InprocServer32", key); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "", registryDefault }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "Assembly", registryAssembly }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "Class", registryClass }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "RuntimeVersion", registryRuntimeVersion }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue2, "ThreadingModel", "Both" }); String keyValue3 = String.Format(@"{0}\InprocServer32\{1}", key, "3.5.0.0"); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue3, "Assembly", registryAssembly }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue3, "Class", registryClass }); wmi.ExecuteMethod("StdRegProv", "CreateKey", new Object[] { hive, keyValue3, "RuntimeVersion", registryRuntimeVersion }); } } }
public static void WMIMethod(String system, String username, String password, String wmiClass, String wmiMethod, String args, String deliminator) { using (WMI wmi = new WMI(system)) { if (!String.IsNullOrEmpty(username) && String.IsNullOrEmpty(password)) { wmi.Connect(username, password); } else { wmi.Connect(); } wmi.ExecuteMethod(wmiClass, wmiMethod, (Object[])args.Split(new String[] { deliminator }, StringSplitOptions.None)); } }
internal void SetPermissions(String sid) { WMI wmi = new WMI(); ManagementObject trusteeInstance = wmi.CreateInstance("Win32_Trustee"); trusteeInstance["SidString"] = sid; ManagementObject aceInstance = wmi.CreateInstance("Win32_ACE"); aceInstance["AceFlags"] = (uint)WMI.AceFlags.CONTAINER_INHERIT_ACE_FLAG + (uint)WMI.AceFlags.OBJECT_INHERIT_ACE_FLAG; aceInstance["AccessMask"] = WMI.AccessMask.WBEM_METHOD_EXECUTE; aceInstance["AceType"] = WMI.AceType.ACCESS_ALLOWED_ACE_TYPE; aceInstance["Trustee"] = trusteeInstance; ManagementBaseObject aclInstance = (ManagementBaseObject)wmi.ExecuteMethod2("__SystemSecurity", "GetSecurityDescriptor", new Object[] { }); ManagementBaseObject descriptor = aclInstance.Properties["Descriptor"].Value as ManagementBaseObject; ManagementBaseObject[] dacl = descriptor["DACL"] as ManagementBaseObject[]; Array.Resize(ref dacl, dacl.Length + 1); dacl[dacl.Length - 1] = aceInstance; descriptor["DACL"] = dacl; wmi.ExecuteMethod("__SystemSecurity", "SetSecurityDescriptor", new Object[] { descriptor }); }