CIMplant

CIMplant is a C# reimplementation and extension of WMImplant, designed to interact with remote systems via WMI or CIM.

CIM (Common Information Model) is a platform-independent standard for representing systems and services. Microsoft's implementation, MI (Management Infrastructure), is a modern alternative to legacy WMI. While CIM defines the schema, WMI and MI serve as interfaces to query it. Tools like CIMplant use CIM/MI over WinRM to gather information and manage remote systems.

It supports both credential-based and current-session authentication, and provides functionality for command execution, data collection, and exfiltration. Local administrator rights on the target are required. Some operations leverage PowerShell internally, indicated with ** in --show-commands.

# Using the basic_info module
CIMplant.exe "-s dcorp-adminsrv -u <user> -p <pass> -d dollarcorp.moneycorp.local -c basic_info"

# Enumerate the language mode
CIMplant.exe '-s dcorp-adminsrv -u <user> -p <pass> -d dollarcorp.moneycorp.local -c command_exec --execute "$ExecutionContext.SessionState.LanguageMode"'

PreviousADSearch NextDsquery

Last updated 15 hours ago

Was this helpful?