Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for combining the management of devices and applications in a network from Windows computing systems.
The Researcher named Christopher Truncer released a WMI based Agentless Post-Exploitation Remote Accessing Tool Developed in PowerShell on 23 March 2017 as mentioned in his blog post.
Last year the same researcher has released WMIops which is a PowerShell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment.
you can download the tool here WMIops.
Coming back to the WMImplant the Researcher said “The WMImplant leverages WMI for the command and control channel, the means for executing actions (gathering data, issuing commands, etc.) on the targeted system, and data storage. It is designed to run both interactively and non-interactively. When using WMImplant interactively, it’s designed to have a menu of commands reminiscent of Meterpreter.”
here is the Main Menu of WMImplant
WMImplant allows a user almost the remote access of a computer as it now allows to start, select and terminate a process, Reading files, Downloading files remotely, Accessing different directories on the machine and also listing files and folders of a specific Directory.
Apart from that it can also be used for lateral movements in a remote machine offering command line commands and getting the output, adding, modifying or removing registry values, enabling or disabling WinRM on the targeted host, running a PowerShell script on a system and receiving output, manipulating scheduled jobs, and creating, modifying, or deleting services.
WMImplant can also be used for footprinting as it can be used for gathering data and information of the remote machine, logging off the user, shutting down the system, restarting and also can be used to know whether the user is away from the targeted system.
you can find the tool here WMImplant.