This repository was archived by the owner on Jan 21, 2021. It is now read-only.
This repository was archived by the owner on Jan 21, 2021. It is now read-only.
Invoke-WmiCommand: Remote command execution assumes powershell.exe in %PATH% #95
Description
When executing the payload on the remote system, powershell.exe is executed without an explicit path. Invoke-WmiCommand will fail to execute on the remote system if the path to powershell.exe is not in %PATH%. I should assume that it won't be and obtain the full path from HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\Path (REG_SZ).