System.Management.ManagementScope.Connect()

Here are the examples of the csharp api System.Management.ManagementScope.Connect() taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

1717 Examples 7

19 View Source File : AspNetPipelineModuleLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPipelineModuleLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : AspNetRoleManagerIsUserInRole.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetRoleManagerIsUserInRole> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : WMI.cs
License : GNU General Public License v3.0
Project Creator : irusanov

public static ManagementScope Connect(string scope)
        {
            try
            {
                var sc = new ServiceController("Winmgmt");
                if (sc.Status != ServiceControllerStatus.Running)
                    throw new ManagementException(@"Windows Management Instrumentation service is not running");

                ManagementScope mScope = new ManagementScope([email protected]"{scope}");
                mScope.Connect();

                if (mScope.IsConnected)
                    return mScope;
                else
                    throw new ManagementException([email protected]"Failed to connect to {scope}");
            }
            catch (ManagementException ex)
            {
                Console.WriteLine(@"WMI: {0}", ex.Message);
                throw;
            }
        }

19 View Source File : AspNetPagePreInitEnter.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPagePreInitEnter> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : AspNetHttpHandlerLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetHttpHandlerLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : WMIHelper.cs
License : Apache License 2.0
Project Creator : HanJunJun

public static bool RemoteConnectValidate(string host, string userName, string preplacedword)
        {
            ConnectionOptions connectionOptions = new ConnectionOptions();
            connectionOptions.Username = userName;
            connectionOptions.Preplacedword = preplacedword;
            ManagementScope managementScope = new ManagementScope("\\\\" + host + "\\root\\cimv2", connectionOptions);
            try
            {
                managementScope.Connect();
            }
            catch (ManagementException ex)
            {
                Console.WriteLine(ex.ToString());
            }
            return managementScope.IsConnected;
        }

19 View Source File : AspNetRequestQueued.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetRequestQueued> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : SysmonService.cs
License : MIT License
Project Creator : CompassSecurity

public bool IsSysmonRunning(string serviceName, string user, string computerName, string domain)
        {
            var op = new ConnectionOptions();
            var scope = new ManagementScope(@"\\" + computerName +"."+ domain + "\\root\\cimv2", op);
            scope.Connect();
            var path = new ManagementPath("Win32_Service");
            var services = new ManagementClreplaced(scope, path, null);

            foreach (var service in services.GetInstances())
            { 
                if (service.GetPropertyValue("Name").ToString().Equals(serviceName) && service.GetPropertyValue("State").ToString().ToLower().Equals("running"))
                { 
                    return true;
                }
            }
            return false;
        }

19 View Source File : AspNetStartHandler.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetStartHandler> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Utils.cs
License : MIT License
Project Creator : dvingerh

public static async Task<bool> IsAudioServiceRunning()
        {
            return await Task.Run(() =>
            {
                try
                {
                    bool isRunning = false;
                    ManagementScope scope = new ManagementScope();
                    scope.Connect();
                    ManagementPath path = new ManagementPath("Win32_Service");
                    ManagementClreplaced services = new ManagementClreplaced(scope, path, null);
                    foreach (ManagementObject service in services.GetInstances())
                    {
                        if (service.GetPropertyValue("Name").ToString().ToLower().Equals("audiosrv"))
                        {
                            string state = service.GetPropertyValue("State").ToString();
                            if (state.Equals("Running"))
                                isRunning = true;
                            else
                                isRunning = false;
                        }
                    }
                    Globals.IsAudioServiceRunning = isRunning;
                    return isRunning;
                }
                catch (Exception ex) { Console.WriteLine(ex.Message); Globals.IsAudioServiceRunning = false; return false; }
            });


        }

19 View Source File : AspNetPageLoadViewstateLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPageLoadViewstateLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : AspNetMapHandlerLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetMapHandlerLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Program.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : GhostPack

private static int GetRestrictedAdminRegistryValue(string computerName)
        {
            /* 
             * Returns the DisableRestrictedAdmin registry setting for a remote "computerName" using WMI's StdRegProv
             * 
             *      Return value == 0  -> RestrictedAdmin is enabled
             *      Return value == 1  -> RestrictedAdmin is disabled
             *      Return value == -1 -> RestrictedAdmin value is cleared, so disabled behavior
             * 
             * Note: adapted from https://web.archive.org/web/20200212015446/http://softvernow.com/2018/09/02/using-wmi-and-c-registry-values/
             * 
             */

            int result = 0;
            ManagementScope scope = null;

            try
            {
                ConnectionOptions connection = new ConnectionOptions();
                connection.Impersonation = System.Management.ImpersonationLevel.Impersonate;

                // optional: explicit credentials
                //connection.Username = "userName";
                //connection.Preplacedword = "preplacedword";
                //connection.Authority = "NTLMDOMAIN:MY_DOMAIN";

                // connect to the remote management scope
                scope = new ManagementScope($"\\\\{computerName}\\root\\default", connection);
                scope.Connect();

                // instantiate the StdRegProv clreplaced for remote registry interaction
                ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);

                // grab the DisableRestrictedAdmin value, if it exists
                ManagementBaseObject inParams = registry.GetMethodParameters("GetDWORDValue");
                inParams["sSubKeyName"] = @"SYSTEM\CurrentControlSet\Control\Lsa";
                inParams["sValueName"] = "DisableRestrictedAdmin";
                ManagementBaseObject outParams = registry.InvokeMethod("GetDWORDValue", inParams, null);
                result = (int)(UInt32)outParams["uValue"];
            }
            catch (Exception e)
            {
                if (e.Message.Contains("Object reference not set to an instance of an object"))
                {
                    result = -1;
                }
                else
                {
                    Console.WriteLine($"\n[X] Error: {e.Message}\n");
                    result = -2;
                }
            }
            return result;
        }

19 View Source File : AspNetPagePreRenderEnter.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPagePreRenderEnter> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Program.cs
License : MIT License
Project Creator : chdav

static void Main(string[] args)
        {
            Banner();
            
            BlockingCollection<String> hosts = new BlockingCollection<String>();

            List<String> unprotectedHost = new List<String>();
            List<String> configuredHost = new List<String>();
            List<String> protectedHost = new List<String>();

            foreach (var arg in args)
            {
                if (arg.StartsWith("--host"))
                {
                    string[] components = arg.Split(new string[] { "--host=" }, StringSplitOptions.None);
                    
                    components[1] = Sanitize(components[1]); 
                    hosts = GenerateList(components[1]);
                }
                else if (arg.StartsWith("--domain"))
                {
                    string[] components = arg.Split(new string[] { "--domain=" }, StringSplitOptions.None);

                    var domain = Sanitize(components[1]);
                    hosts = EnumerateDomain(domain);
                }
                else if (arg.StartsWith("--help"))
                {
                    Help();
                    return;
                }
            }
            if (args.Length == 0)
            {
                hosts.Add(".");
            }

            var options = new ParallelOptions { MaxDegreeOfParallelism = 1000 };

            Parallel.ForEach(hosts, options, host =>
            {
                string Namespace = "\\\\" + host + "\\root\\Microsoft\\Windows\\DeviceGuard";
                var scope = new ManagementScope(Namespace);

                var outputHost = host;
                if (host == ".")
                {
                    outputHost = "localhost";
                }

                try
                {
                    scope.Connect();
                    var query = new ObjectQuery("SELECT * FROM Win32_DeviceGuard");
                    ManagementObjectCollection info;

                    ManagementObjectSearcher oSearch = new ManagementObjectSearcher(@scope, query);
                    info = oSearch.Get();

                    foreach (var result in info)
                    {
                        var config = (int[])result.GetPropertyValue("SecurityServicesConfigured");
                        var running = (int[])result.GetPropertyValue("SecurityServicesRunning");
                        uint? vbs = (uint)result.GetPropertyValue("VirtualizationBasedSecurityStatus");

                        if (config[0] == 1 && running[0] == 1)
                        {
                            Console.WriteLine("[-] {0} : Credential Guard is running.", outputHost);
                            protectedHost.Add(outputHost + "." + vbs.ToString());
                        }
                        else if (config[0] == 1 && running[0] != 1)
                        {
                            Console.WriteLine("[+] {0} : Credential Guard has been configured, but is not running.", outputHost);
                            configuredHost.Add(outputHost + "." + vbs.ToString());
                        }
                        else
                        {
                            Console.WriteLine("[+] {0} : Credential Guard is not configured or running.", outputHost);
                            unprotectedHost.Add(outputHost + "." + vbs.ToString());
                        }
                    }
                }
                catch (Exception)
                {
                    Console.WriteLine("[-] {0} : Error connecting.", outputHost);
                } 
            });

            Console.WriteLine("\n\n-SharpCGHunter Results Summary-\n");

            Console.WriteLine("Unprotected Hosts:\n");

            if (unprotectedHost.Count == 0)
            {
                Console.WriteLine("[-] None found.\n");
            }
            else
            {
                try
                {
                    unprotectedHost.Sort(CompareIPs);
                }
                catch (Exception) { }

                foreach (var i in unprotectedHost)
                {
                    var status = VbsStatus(i[i.Length - 1]);
                    Console.WriteLine("[+] {0} :\n\tCredential Guard is not configured or running.\n\tVirtualization-based Security Status : {1}\n", i.Remove(i.Length - 2), status);
                }
            }
            
            Console.WriteLine("\nConfigured Hosts:\n");

            if (configuredHost.Count == 0)
            {
                Console.WriteLine("[-] None found.\n");
            }
            else
            {
                try
                {
                    configuredHost.Sort(CompareIPs);
                }
                catch (Exception) { }
                
                foreach (var i in configuredHost)
                {
                    var status = VbsStatus(i[i.Length - 1]);
                    Console.WriteLine("[+] {0} :\n\tCredential Guard has been configured, but is not running.\n\tVirtualization-based Security Status : {1}\n", i.Remove(i.Length - 2), status);
                }
            }
           
            Console.WriteLine("\nProtected Hosts:\n");

            if (protectedHost.Count == 0)
            {
                Console.WriteLine("[-] None found.\n");
            }
            else
            {
                try
                {
                    protectedHost.Sort(CompareIPs);
                }
                catch (Exception) { }

                foreach (var i in protectedHost)
                {
                    var status = VbsStatus(i[i.Length - 1]);
                    Console.WriteLine("[-] {0} :\n\tCredential Guard is running.\n\tVirtualization-based Security Status : {1}\n", i.Remove(i.Length - 2), status);
                }
            }
            Console.WriteLine("");
        }

19 View Source File : AspNetProfileEnd.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetProfileEnd> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : NexonApi.cs
License : GNU General Public License v3.0
Project Creator : Hyddwn

public static string GetDeviceUuid(string tag = "")
        {
            var deviceId = "";

            try
            {
                var scope = new ManagementScope([email protected]"\\{Environment.MachineName}\root\CIMV2", null);
                scope.Connect();
                var query = new ObjectQuery("SELECT UUID FROM Win32_ComputerSystemProduct");
                var searcher = new ManagementObjectSearcher(scope, query);

                foreach (var o in searcher.Get())
                {
                    var wmiObject = (ManagementObject) o;
                    deviceId += wmiObject["UUID"].ToString();
                    break;
                }
            }
            catch (Exception ex)
            {
                Log.Exception(ex, Properties.Resources.FailedToAcquireWMIC);
            }

            try
            {
                using (var key = Environment.Is64BitOperatingSystem
                    ? RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64)
                    : RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry32))
                {
                    var regKey = key.OpenSubKey("SOFTWARE\\Microsoft\\Cryptography");

                    if (regKey != null)
                    {
                        deviceId += regKey.GetValue("MachineGuid").ToString();
                        regKey.Close();
                    }
                }
            }
            catch (Exception ex)
            {
                Log.Exception(ex, Properties.Resources.FailedToAcquireMachineGUID);
            }

            if (string.IsNullOrWhiteSpace(deviceId)) return null;
            if (!string.IsNullOrWhiteSpace(tag)) deviceId += tag;
            deviceId = BitConverter.ToString(Sha256.ComputeHash(Encoding.UTF8.GetBytes(deviceId))).Replace("-", "")
                .ToLower();

            return deviceId;
        }

19 View Source File : AspNetRoleManagerEnd.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetRoleManagerEnd> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : DNSChallengeWinDnsValidator.cs
License : GNU General Public License v3.0
Project Creator : aloopkin

public bool PrepareChallengeForValidation(string dnsKeyName, string dnsKeyValue)
        {
            ManagementScope mgmtScope = new ManagementScope(@"\\" + DNSServerHost + @"\Root\MicrosoftDNS");
            if (DNSServerUser != null) mgmtScope.Options = LoginOptions();
            mgmtScope.Connect();

            ManagementObjectSearcher mgmtSearch = new ManagementObjectSearcher(mgmtScope, new ObjectQuery(string.Format("SELECT * FROM MicrosoftDNS_TXTType WHERE OwnerName = '{0}'", dnsKeyName)));
            ManagementObjectCollection mgmtDNSRecords = mgmtSearch.Get();

            if (mgmtDNSRecords.Count >= 1) {
                foreach (ManagementObject mgmtDNSRecord in mgmtDNSRecords) {
                    ManagementBaseObject mgmtParams = mgmtDNSRecord.GetMethodParameters("Modify");
                    mgmtParams["DescriptiveText"] = dnsKeyValue;
                    mgmtDNSRecord.InvokeMethod("Modify", mgmtParams, null);
                    break;
                }
                logger.Debug($"Updated DNS record of type [TXT] with name [{dnsKeyName}]");
                return true;
            } else if (mgmtDNSRecords.Count == 0) {
                ManagementClreplaced mgmtClreplaced = new ManagementClreplaced(mgmtScope, new ManagementPath("MicrosoftDNS_TXTType"), null);
                ManagementBaseObject mgmtParams = mgmtClreplaced.GetMethodParameters("CreateInstanceFromPropertyData");
                mgmtParams["DnsServerName"] = Environment.MachineName;
                if (DNSServerZone == null) DNSServerZone = dnsKeyName.Split('.')[dnsKeyName.Split('.').Count() - 2] + "." + dnsKeyName.Split('.')[dnsKeyName.Split('.').Count() - 1];
                mgmtParams["ContainerName"] = DNSServerZone;
                mgmtParams["OwnerName"] = dnsKeyName;
                mgmtParams["DescriptiveText"] = dnsKeyValue;
                mgmtClreplaced.InvokeMethod("CreateInstanceFromPropertyData", mgmtParams, null);
                logger.Debug($"Created DNS record of type [TXT] with name [{dnsKeyName}]");
                return true;
            }
            return false;
        }

19 View Source File : AspNetSessionStatePartitionStart.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetSessionStateParreplacedionStart> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : ConnectWindow.xaml.cs
License : Apache License 2.0
Project Creator : karpach

private void ConnectOnClick(object sender, RoutedEventArgs e)
        {
            if (string.IsNullOrEmpty(txtServerName.Text))
            {
                MessageBox.Show("Server name is required.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
                return;
            }
            if (PortNumber == -1)
            {
                MessageBox.Show("Invalid port number.", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
                return;
            }
            Debugger2 db = (Debugger2)DebugAttachManagerPackage.DTE.Debugger;
            Transport trans = db.Transports.Item("Default");

            try
            {
                db.GetProcesses(trans, PortNumber == null ? txtServerName.Text : $"{txtServerName.Text}:{_portNumber}");
            }
            catch
            {
                MessageBox.Show($"Unable to connect to {txtServerName.Text}", "Error", MessageBoxButton.OK, MessageBoxImage.Error);
                return;
            }

            ConnectionOptions options;
            if (string.IsNullOrEmpty(txtUserName.Text) && string.IsNullOrEmpty(txtPreplacedword.Text))
            {
	            options = new ConnectionOptions
	            {
		            Impersonation = ImpersonationLevel.Default,
		            EnablePrivileges = true,
		            Authentication = AuthenticationLevel.PacketPrivacy
	            };
            }
            else
            {
	            options = new ConnectionOptions
	            {
		            Impersonation = ImpersonationLevel.Identify,
		            EnablePrivileges = true,
		            Authentication = AuthenticationLevel.PacketPrivacy,
		            Username = txtUserName.Text,
		            Preplacedword = txtPreplacedword.Text
	            };
            }

            var scope = new ManagementScope([email protected]"\\{txtServerName.Text}\root\cimv2", options);
            SuccessWmiConnection = true;
            try
            {
                scope.Connect();
            }
            catch
            {
                MessageBoxResult result = MessageBox.Show($"Unable to connect to {txtServerName.Text} WMI service. Please check permissions. You can use WBEMTest.exe to test your WMI access. If you are not in a Domain, UAC on remote machine will prevent remote access.", "Warning", MessageBoxButton.OKCancel, MessageBoxImage.Warning);
                if (result == MessageBoxResult.Cancel)
                {
                    return;
                }
                SuccessWmiConnection = false;
            }

            DialogResult = true;
            _settingsProvider.RemoteServer = txtServerName.Text;
            if (string.IsNullOrEmpty(txtPortNumber.Text))
            {
	            _settingsProvider.RemotePort = txtPortNumber.Text;
            }

            if (SuccessWmiConnection)
            {
	            if (string.IsNullOrEmpty(txtUserName.Text))
	            {
		            _settingsProvider.RemoteUserName = txtUserName.Text;
	            }
            }
            else
            {
	            txtUserName.Text = string.Empty;
	            txtPreplacedword.Text = string.Empty;
            }
            _settingsProvider.Save();
            Close();
        }

19 View Source File : AspNetHttpHandlerEnter.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetHttpHandlerEnter> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : WMI.cs
License : GNU General Public License v3.0
Project Creator : belowaverage-org

public static Task<ManagementObjectCollection> Query(string Query, string Host)
        {
            return Task.Run(() =>
            {
                try
                {
                    ManagementScope scope = new ManagementScope(GetBestManagementScope(Host));
                    scope.Connect();
                    ObjectQuery query = new ObjectQuery(Query);
                    ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
                    ManagementObjectCollection collection = searcher.Get();
                    searcher.Dispose();
                    return collection;
                }
                catch (Exception e)
                {
                    Logger.Exception(e, "Failed to query via WMI.");
                    return null;
                }
            });
        }

19 View Source File : AspNetMapHandlerEnter.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetMapHandlerEnter> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Ribbon.cs
License : MIT License
Project Creator : Excel-projects

public void ShowServerStatus()
        {
            string FullComputerName = "<Name of Remote Computer>";
            ConnectionOptions options = new ConnectionOptions();
            ManagementScope scope = new ManagementScope("\\\\" + FullComputerName + "\\root\\cimv2", options);
            scope.Connect();
            ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_TerminalService");
            ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
            ManagementObjectCollection queryCollection = searcher.Get();
            foreach (ManagementObject queryObj in queryCollection)
            {
                Console.WriteLine("-----------------------------------");
                Console.WriteLine("Win32_TerminalService instance");
                Console.WriteLine("-----------------------------------");
                Console.WriteLine("Started: {0}", queryObj["Started"]);
                Console.WriteLine("State: {0}", queryObj["State"]);
                Console.WriteLine("Status: {0}", queryObj["Status"]);
            }

        }

19 View Source File : AspNetPageLoadPostDataLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPageLoadPostDataLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : AspNetModuleDiagCriticalEvent.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetModuleDiagCriticalEvent> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Connector.cs
License : GNU General Public License v3.0
Project Creator : FortyNorthSecurity

private ManagementScope DoWmiConnection(Planter planter)
        {
            //Block for connecting to the remote system and returning a ManagementScope object
            SystemToConn = planter.System;
            Domain = planter.Domain;
            Username = planter.User;
            Preplacedword = planter.Preplacedword;

            ConnectionOptions options = new ConnectionOptions();

            if (SystemToConn == null)
                SystemToConn = "localhost";
            if (Username == null)
                Username = Environment.UserName;

            switch (SystemToConn)
            {
                case "127.0.0.1":
                case "localhost":
                    Messenger.GoodMessage("[+] Connecting to local WMI instance using " + Username + "...");
                    break;
                default:
                    Messenger.GoodMessage("[+] Connecting to remote WMI instance using " + Username + "...");
                    break;
            }

            if (!string.IsNullOrEmpty(Preplacedword?.ToString()))
            {
                options.Username = Username;
                options.SecurePreplacedword = Preplacedword;
                options.Authority = "ntlmdomain:" + Domain;
                options.Impersonation = ImpersonationLevel.Impersonate;
                options.EnablePrivileges = true; // This may be ok for all or may not, need to verify

            }
            else 
            {
                options.Impersonation = ImpersonationLevel.Impersonate;
                options.EnablePrivileges = true;
            }

            ManagementScope scope = new ManagementScope(@"\\" + SystemToConn + @"\root\cimv2", options);
            //ManagementScope deviceguard = new ManagementScope(@"\\" + System + @"\root\Microsoft\Windows\DeviceGuard", options);
            // Need to create a second MS object since we use a separate namespace. 
            //! Need to find a more elegant solution to this!

            scope.Connect();
            //deviceguard.Connect();

            // We'll need this when we get the provider going so we can check for DG
            //ManagementScope deviceScope = scope.Clone();
            //deviceScope.Path = new ManagementPath(@"\\" + System + @"\root\Microsoft\Windows\DeviceGuard");
            //if (GetDeviceGuard.CheckDgWmi(scope, planter.System))
            //    Console.WriteLine("deviceguard enabled");

            Messenger.GoodMessage("[+] Connected\n");
            //return Tuple.Create(scope, deviceguard);
            return scope;
        }

19 View Source File : AspNetPagePostDataChangedLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPagePostDataChangedLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : ComputerInfo.cs
License : MIT License
Project Creator : Cankirism

public List<string> GetCpuInfo()
        {
            string computerDomain = System.Configuration.ConfigurationManager.AppSettings["computerDomain"];
            ConnectionOptions oConn = new ConnectionOptions();
            oConn.Username =computerDomain+"\\"+Giris.UserName;
            oConn.Preplacedword = Giris.UserPreplacedword;
            List<string> cpuList = new List<string>();

            try
            {
                var oScope = new ManagementScope($"\\\\{_ipAddress}\\root\\CIMV2", oConn);
                oScope.Options.EnablePrivileges = true;
                oScope.Connect();
                var query = new ObjectQuery(" Select * from Win32_Processor");
                var  ObjSearcher = new ManagementObjectSearcher(oScope, query);

                foreach (var obj in ObjSearcher.Get())
                {
                    cpuList.Add(obj["Name"].ToString());

                }
            }
           
            catch (System.Runtime.InteropServices.COMException comEx)
            {
                _errState = true;
                InfoErr = comEx.Message;
            }

            catch (Exception err)

            {
                _errState = true;
                InfoErr = err.Message;
            }

            return cpuList;
        }

19 View Source File : AspNetPagePreInitLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPagePreInitLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Program.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : GhostPack

private static void SetRestrictedAdminRegistryValue(string computerName, int value)
        {
            /* 
             * Sets (or clears) the DisableRestrictedAdmin registry setting on a remote "computerName" using WMI's StdRegProv
             * 
             *      value == 0  -> enable RestrictedAdmin (set DisableRestrictedAdmin set to 0)
             *      value == 1  -> enable RestrictedAdmin (set DisableRestrictedAdmin set to 1)
             *      value == -1 -> clear DisableRestrictedAdmin value (so disabled behavior)
             * 
             * Note: adapted from https://web.archive.org/web/20200212015446/http://softvernow.com/2018/09/02/using-wmi-and-c-registry-values/
             * 
             */

            ManagementScope scope = null;

            try
            {
                ConnectionOptions connection = new ConnectionOptions();
                connection.Impersonation = System.Management.ImpersonationLevel.Impersonate;

                // optional: explicit credentials
                //connection.Username = "userName";
                //connection.Preplacedword = "preplacedword";
                //connection.Authority = "NTLMDOMAIN:MY_DOMAIN";

                // connect to the remote management scope
                scope = new ManagementScope($"\\\\{computerName}\\root\\default", connection);
                scope.Connect();

                // instantiate the StdRegProv clreplaced for remote registry interaction
                ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
                
                if(value == -1)
                {
                    // if we're clearing the value
                    ManagementBaseObject inParams = registry.GetMethodParameters("DeleteValue");
                    inParams["sSubKeyName"] = @"SYSTEM\CurrentControlSet\Control\Lsa";
                    inParams["sValueName"] = @"DisableRestrictedAdmin";
                    ManagementBaseObject outParams = registry.InvokeMethod("DeleteValue", inParams, null);
                }
                else
                {
                    // otherwise set the DisableRestrictedAdmin value to what's specified
                    ManagementBaseObject inParams = registry.GetMethodParameters("SetDWORDValue");
                    inParams["sSubKeyName"] = @"SYSTEM\CurrentControlSet\Control\Lsa";
                    inParams["sValueName"] = @"DisableRestrictedAdmin";
                    inParams["uValue"] = (UInt32)value;
                    ManagementBaseObject outParams = registry.InvokeMethod("SetDWORDValue", inParams, null);
                }
            }
            catch (Exception e)
            {
                Console.WriteLine($"[X] Error: {e.Message}");
            }
        }

19 View Source File : AspNetPageRenderEnter.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPageRenderEnter> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : FileWrite.cs
License : GNU General Public License v3.0
Project Creator : 0xthirteen

static void WriteToWMIClreplaced(string host, string username, string preplacedword, string wnamespace, string clreplacedname)
        {
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wnamespace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+] WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connecto to WMI    : {0}", ex.Message);
                return;
            }
            try
            {
                var nclreplaced = new ManagementClreplaced(scope, new ManagementPath(string.Empty), new ObjectGetOptions());
                nclreplaced["__CLreplaced"] = clreplacedname;
                nclreplaced.Qualifiers.Add("Static", true);
                nclreplaced.Properties.Add("WinVal", CimType.String, false);
                nclreplaced.Properties["WinVal"].Qualifiers.Add("read", true);
                nclreplaced["WinVal"] = datavals;
                //nclreplaced.Properties.Add("Sizeof", CimType.String, false);
                //nclreplaced.Properties["Sizeof"].Qualifiers.Add("read", true);
                //nclreplaced.Properties["Sizeof"].Qualifiers.Add("Description", "Value needed for Windows");
                nclreplaced.Put();

                Console.WriteLine("[+] Create WMI Clreplaced     :   {0} {1}", wnamespace, clreplacedname);
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[X] Error     :  {0}", ex.Message));
                return;
            }
        }

19 View Source File : AspNetProfileBegin.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetProfileBegin> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Printer.cs
License : MIT License
Project Creator : huali20040714

private string GetDefaultPrintName(string printName)
        {
            var ms = new ManagementScope(ManagementPath.DefaultPath);
            ms.Connect();

            var sq = new SelectQuery();
            sq.QueryString = @"SELECT Name FROM Win32_Printer";

            var mos = new ManagementObjectSearcher(ms, sq);
            var oObjectCollection = mos.Get();

            foreach (var mo in oObjectCollection)
            {
                if (string.IsNullOrEmpty(printName))
                {
                    if (bool.Parse(mo["Default"].ToString()))
                        return mo["Name"].ToString();
                }
                else if (mo["Name"].ToString().IndexOf(printName, StringComparison.OrdinalIgnoreCase) >= 0)
                {
                    return mo["Name"].ToString();
                }
            }

            return "";
        }

19 View Source File : AspNetRequestDequeued.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetRequestDequeued> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Utils.cs
License : GNU General Public License v3.0
Project Creator : CodeDead

internal static List<RamStick> GetRamSticks()
        {
            List<RamStick> ramSticks = new List<RamStick>();

            ConnectionOptions connection = new ConnectionOptions { Impersonation = ImpersonationLevel.Impersonate };

            ManagementScope scope = new ManagementScope("\\root\\CIMV2", connection);
            scope.Connect();

            ObjectQuery query = new ObjectQuery(@"SELECT * FROM Win32_PhysicalMemory");

            ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);

            // ReSharper disable once PossibleInvalidCastExceptionInForeachLoop
            foreach (ManagementObject queryObj in searcher.Get())
            {
                RamStick stick = new RamStick();
                foreach (PropertyData data in queryObj.Properties)
                {
                    if (data.Value != null)
                    {
                        stick.AddRamData(new RamData(data.Name.Trim(), data.Value.ToString().Trim()));
                    }
                }

                ramSticks.Add(stick);
            }

            return ramSticks;
        }

19 View Source File : AspNetRoleManagerBegin.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetRoleManagerBegin> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Connector.cs
License : GNU General Public License v3.0
Project Creator : iomoath

private ManagementScope DoWmiConnection(Planter planter)
        {
            //Block for connecting to the remote system and returning a ManagementScope object
            SystemToConn = planter.System;
            Domain = planter.Domain;
            Username = planter.User;
            Preplacedword = planter.Preplacedword;


            ConnectionOptions options = new ConnectionOptions();

            if (string.IsNullOrEmpty(SystemToConn))
                SystemToConn = "localhost";

            if (string.IsNullOrEmpty(Username))
                Username = Environment.UserName;


            switch (SystemToConn)
            {
                case "127.0.0.1":
                case "localhost":
                    Messenger.GoodMessage($"[+] Connecting to local WMI instance using {Username} ...");
                    break;
                default:
                    Messenger.GoodMessage($"[+] Connecting to remote WMI instance using {Username} ...");
                    break;
            }

            if (!string.IsNullOrEmpty(Preplacedword?.ToString()))
            {
                options.Username = Username;
                options.SecurePreplacedword = Preplacedword;
                options.Authority = "ntlmdomain:" + Domain;
                options.Impersonation = ImpersonationLevel.Impersonate;
                options.EnablePrivileges = true; // This may be ok for all or may not, need to verify

            }
            else
            {
                options.Impersonation = ImpersonationLevel.Impersonate;
                options.EnablePrivileges = true;
            }

            ManagementScope scope = new ManagementScope(@"\\" + SystemToConn + [email protected]"\{planter.NameSpace}", options);
            //ManagementScope deviceguard = new ManagementScope(@"\\" + System + @"\root\Microsoft\Windows\DeviceGuard", options);
            // Need to create a second MS object since we use a separate namespace. 
            //! Need to find a more elegant solution to this!

            scope.Connect();
            //deviceguard.Connect();

            // We'll need this when we get the provider going so we can check for DG
            //ManagementScope deviceScope = scope.Clone();
            //deviceScope.Path = new ManagementPath(@"\\" + System + @"\root\Microsoft\Windows\DeviceGuard");
            //if (GetDeviceGuard.CheckDgWmi(scope, planter.System))
            //    Console.WriteLine("deviceguard enabled");


            Messenger.GoodMessage("[+] Connected");
            
            //return Tuple.Create(scope, deviceguard);
            return scope;
        }

19 View Source File : AspNetRoleManagerGetUserRoles.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetRoleManagerGetUserRoles> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : Program.cs
License : GNU General Public License v3.0
Project Creator : 0xthirteen

static void WriteToRegKey(string host, string username, string preplacedword, string keypath, string valuename)
        {
            if (!keypath.Contains(":"))
            {
                Console.WriteLine("[-] Please put ':' inbetween hive and path: HKCU:Location\\Of\\Key");
                return;
            }
            string[] reginfo = keypath.Split(':');
            string reghive = reginfo[0];
            string wmiNameSpace = "root\\CIMv2";
            UInt32 hive = 0;
            switch (reghive.ToUpper())
            {
                case "HKCR":
                    hive = 0x80000000;
                    break;
                case "HKCU":
                    hive = 0x80000001;
                    break;
                case "HKLM":
                    hive = 0x80000002;
                    break;
                case "HKU":
                    hive = 0x80000003;
                    break;
                case "HKCC":
                    hive = 0x80000005;
                    break;
                default:
                    Console.WriteLine("[X] Error     :  Could not get the right reg hive");
                    return;
            }
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wmiNameSpace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+] WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connect to to WMI    : {0}", ex.Message);
                return;
            }

            try
            {
                //Probably stay with string value only
                ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
                ManagementBaseObject inParams = registry.GetMethodParameters("SetStringValue");
                inParams["hDefKey"] = hive;
                inParams["sSubKeyName"] = reginfo[1];
                inParams["sValueName"] = valuename;
                inParams["sValue"] = datavals;
                ManagementBaseObject outParams = registry.InvokeMethod("SetStringValue", inParams, null);
                if(Convert.ToInt32(outParams["ReturnValue"]) == 0)
                {
                    Console.WriteLine("[+] Created {0} {1} and put content inside", keypath, valuename);
                }
                else
                {
                    Console.WriteLine("[-] An error occured, please check values");
                    return;
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[X] Error      :  {0}", ex.Message));
                return;
            }
        }

19 View Source File : AspNetSessionStatePartitionEnd.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetSessionStateParreplacedionEnd> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

19 View Source File : ProcessExt.cs
License : Apache License 2.0
Project Creator : karpach

private static IEnumerable<WmiProcess> GetWmiProcesses(string serverName, string userName, string preplacedword)
        {
            string key = serverName ?? "localhost";
            if (Cache.Contains(key))
            {
                return Cache[key] as IEnumerable<WmiProcess>;
            }            

            ManagementScope scope = null;

            if (serverName != null)
            {
                ConnectionOptions options;
                if (string.IsNullOrEmpty(userName) && string.IsNullOrEmpty(preplacedword))
                {
                    options = new ConnectionOptions
                    {
                        Impersonation = ImpersonationLevel.Impersonate,
                        EnablePrivileges = true,
                        Authentication = AuthenticationLevel.PacketPrivacy
                    };
                }
                else
                {
                    options = new ConnectionOptions
                    {
                        Impersonation = ImpersonationLevel.Identify,
                        EnablePrivileges = true,
                        Username = userName,
                        Preplacedword = preplacedword,
                        Authentication = AuthenticationLevel.PacketPrivacy
                    };
                }

                scope = new ManagementScope($"\\\\{serverName}\\root\\cimv2", options);
                try
                {
                    scope.Connect();
                }
                catch
                {
	                if (Cache.Contains(key))
	                {
		                Cache[key] = null;
                    }
	                return null;
                }
            }

            ObjectQuery sq = new ObjectQuery("Select CommandLine, ProcessID from Win32_Process");

            var result = new List<WmiProcess>();

            using (ManagementObjectSearcher searcher = serverName == null ? new ManagementObjectSearcher(sq) : new ManagementObjectSearcher(scope, sq))
            {
                ManagementObjectCollection objectCollection = searcher.Get();
                foreach (ManagementBaseObject obj in objectCollection)
                {
                    IQueryable<PropertyData> properties = obj.Properties.Cast<PropertyData>().AsQueryable();
                    PropertyData data = properties.FirstOrDefault(p => string.Equals(p.Name, "ProcessId", StringComparison.InvariantCultureIgnoreCase));                    
                    if (data == null)
                    {
                        continue;
                    }
                    result.Add(new WmiProcess
                    {
                      ProcessId  = (uint)data?.Value,
                      CommandLine = properties.FirstOrDefault(p => string.Equals(p.Name, "CommandLine"))?.Value?.ToString()
                    });                    
                }

            }
            Cache.Add(key, result, DateTime.Now.AddSeconds(5));
            return result;
        }

19 View Source File : WppComputerServices.cs
License : MIT License
Project Creator : DCourtel

public void SendCommand(string hostname, string command, Credential credential)
        {
                ConnectionOptions connectoptions = GetConnectionOptions(hostname, credential);
                connectoptions.Impersonation = System.Management.ImpersonationLevel.Impersonate;

                System.Management.ManagementScope mgmtScope = new System.Management.ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2", hostname), connectoptions);
                mgmtScope.Connect();
                System.Management.ObjectGetOptions objectGetOptions = new System.Management.ObjectGetOptions();
                System.Management.ManagementPath mgmtPath = new System.Management.ManagementPath("Win32_Process");
                System.Management.ManagementClreplaced processClreplaced = new System.Management.ManagementClreplaced(mgmtScope, mgmtPath, objectGetOptions);
                System.Management.ManagementBaseObject inParams = processClreplaced.GetMethodParameters("Create");
                ManagementClreplaced startupInfo = new ManagementClreplaced("Win32_ProcessStartup");
                startupInfo.Properties["ShowWindow"].Value = 0;

                inParams["CommandLine"] = command;
                inParams["ProcessStartupInformation"] = startupInfo;

                processClreplaced.InvokeMethod("Create", inParams, null);
        }

19 View Source File : Program.cs
License : GNU General Public License v3.0
Project Creator : 0xthirteen

static void RemoveRegValue(string host, string username, string preplacedword, string keypath, string keyname)
        {
            if (!keypath.Contains(":"))
            {
                Console.WriteLine("[-] Please put ':' inbetween hive and path: HKCU:Location\\Of\\Key");
                return;
            }
            if (!String.IsNullOrEmpty(host))
            {
                host = "127.0.0.1";
            }
            string[] reginfo = keypath.Split(':');
            string reghive = reginfo[0];
            string wmiNameSpace = "root\\CIMv2";
            UInt32 hive = 0;
            switch (reghive.ToUpper())
            {
                case "HKCR":
                    hive = 0x80000000;
                    break;
                case "HKCU":
                    hive = 0x80000001;
                    break;
                case "HKLM":
                    hive = 0x80000002;
                    break;
                case "HKU":
                    hive = 0x80000003;
                    break;
                case "HKCC":
                    hive = 0x80000005;
                    break;
                default:
                    Console.WriteLine("[X] Error     :  Could not get the right reg hive");
                    return;
            }
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wmiNameSpace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+]  WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connecto to WMI    : {0}", ex.Message);
                return;
            }

            try
            {
                //Probably stay with string value only
                ManagementClreplaced registry = new ManagementClreplaced(scope, new ManagementPath("StdRegProv"), null);
                ManagementBaseObject inParams = registry.GetMethodParameters("DeleteValue");
                inParams["hDefKey"] = hive;
                inParams["sSubKeyName"] = keypath;
                inParams["sValueName"] = keyname;
                ManagementBaseObject outParams1 = registry.InvokeMethod("DeleteValue", inParams, null);
                Console.WriteLine("[+] Deleted value at {0} {1}", keypath, keyname);
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[-] {0}", ex.Message));
                return;
            }
        }

19 View Source File : Program.cs
License : GNU General Public License v3.0
Project Creator : 0xthirteen

static void RemoveWMIClreplaced(string host, string username, string preplacedword, string wnamespace, string clreplacedname)
        {
            if (!String.IsNullOrEmpty(wnamespace))
            {
                wnamespace = "root\\CIMv2";
            }
            if (!String.IsNullOrEmpty(host))
            {
                host = "127.0.0.1";
            }
            ConnectionOptions options = new ConnectionOptions();
            Console.WriteLine("[+] Target             : {0}", host);
            if (!String.IsNullOrEmpty(username))
            {
                Console.WriteLine("[+] User               : {0}", username);
                options.Username = username;
                options.Preplacedword = preplacedword;
            }
            Console.WriteLine();
            ManagementScope scope = new ManagementScope(String.Format("\\\\{0}\\{1}", host, wnamespace), options);
            try
            {
                scope.Connect();
                Console.WriteLine("[+]  WMI connection established");
            }
            catch (Exception ex)
            {
                Console.WriteLine("[X] Failed to connecto to WMI    : {0}", ex.Message);
                return;
            }
            try
            {
                var rmclreplaced = new ManagementClreplaced(scope, new ManagementPath(clreplacedname), new ObjectGetOptions());
                rmclreplaced.Delete();
            }
            catch (Exception ex)
            {
                Console.WriteLine(String.Format("[-] {0}", ex.Message));
                return;
            }
        }

19 View Source File : WmiHelper.cs
License : BSD 3-Clause "New" or "Revised" License
Project Creator : bitsadmin

private static ManagementScope GetScope(string wmiNamespace, string computerName, string username, string preplacedword)
        {
            // User credentials cannot be used for local connections
            if (computerName == ".")
                username = preplacedword = null;

            ConnectionOptions options = new ConnectionOptions()
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };
            ManagementScope scope = new ManagementScope(string.Format(@"\\{0}\{1}", computerName, wmiNamespace), options);
            scope.Connect();

            return scope;
        }

19 View Source File : Util.cs
License : GNU General Public License v3.0
Project Creator : fakoua

public static OsModel GetInfo()
        {
            var rtnVal = new OsModel();
            rtnVal.Memory = GetMemory();

            var manScope = new ManagementScope(@"\\.\root\cimv2");
            manScope.Options.EnablePrivileges = true;
            manScope.Connect();
            var query = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");
            using (ManagementObjectSearcher mos   = new ManagementObjectSearcher(manScope, query))
            {
                ManagementObjectCollection queryCollection = mos.Get();
                foreach (ManagementObject mo in queryCollection)
                {
                    rtnVal.MachineName = mo["CSName"].ToString();
                    rtnVal.OsName = mo["Caption"].ToString();
                    rtnVal.Architecture = mo["OSArchitecture"].ToString();
                    rtnVal.InstallDate = mo["InstallDate"].ToString();
                    rtnVal.LastBootupTime = mo["LastBootupTime"].ToString();
                }

            }

            query = new ObjectQuery("SELECT * FROM Win32_Processor");
            using (ManagementObjectSearcher mp = new ManagementObjectSearcher(manScope, query))
            {
                ManagementObjectCollection queryCollection = mp.Get();
                foreach (ManagementObject mo in queryCollection)
                {
                    rtnVal.Processor = mo["Name"].ToString();
                }
            }
            return rtnVal;
        }

19 View Source File : AspNetPageInitLeave.cs
License : MIT License
Project Creator : matteofabbri

public static IEnumerable<AspNetPageInitLeave> Retrieve(string remote, string username, string preplacedword)
        {
            var options = new ConnectionOptions
            {
                Impersonation = ImpersonationLevel.Impersonate,
                Username = username,
                Preplacedword = preplacedword
            };

            var managementScope = new ManagementScope(new ManagementPath($"\\\\{remote}\\root\\wmi"), options);
            managementScope.Connect();

            return Retrieve(managementScope);
        }

See More Examples