Added basic dcom execution module

4 files changed, 314 insertions, 227 deletions

diff --git a/cmd/dcom.go b/cmd/dcom.go
new file mode 100644
index 0000000..d105b0c
--- /dev/null
+++ b/cmd/dcom.go
@@ -0,0 +1,75 @@
+package cmd
+
+import (
+	"github.com/FalconOpsLLC/goexec/internal/exec"
+	dcomexec "github.com/FalconOpsLLC/goexec/internal/exec/dcom"
+	"github.com/spf13/cobra"
+)
+
+func dcomCmdInit() {
+	registerRpcFlags(dcomCmd)
+	dcomMmcCmdInit()
+	dcomCmd.AddCommand(dcomMmcCmd)
+}
+
+func dcomMmcCmdInit() {
+	dcomMmcCmd.Flags().StringVarP(&executable, "executable", "e", "", "Remote Windows executable to invoke")
+	dcomMmcCmd.Flags().StringVarP(&workingDirectory, "directory", "d", `C:\`, "Working directory")
+	dcomMmcCmd.Flags().StringVarP(&executableArgs, "args", "a", "", "Process command line")
+	dcomMmcCmd.Flags().StringVar(&windowState, "window", "Minimized", "Window state")
+	dcomMmcCmd.Flags().StringVarP(&command, "command", "c", ``, "Windows executable & arguments to run")
+
+	dcomMmcCmd.MarkFlagsOneRequired("executable", "command")
+	dcomMmcCmd.MarkFlagsMutuallyExclusive("executable", "command")
+}
+
+var (
+	dcomCmd = &cobra.Command{
+		Use:   "dcom",
+		Short: "Establish execution via DCOM",
+		Args:  cobra.NoArgs,
+	}
+	dcomMmcCmd = &cobra.Command{
+		Use:   "mmc [target]",
+		Short: "Establish execution via the DCOM MMC20.Application object",
+		Long: `Description:
+  The mmc method uses the exposed MMC20.Application object to call Document.ActiveView.ShellExec,
+  and ultimately execute system commands.
+
+References:
+  https://www.scorpiones.io/articles/lateral-movement-using-dcom-objects
+  https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
+  https://github.com/fortra/impacket/blob/master/examples/dcomexec.py
+  https://learn.microsoft.com/en-us/previous-versions/windows/desktop/mmc/view-executeshellcommand
+`,
+		Args: needsRpcTarget("host"),
+		Run: func(cmd *cobra.Command, args []string) {
+
+			ctx = log.With().
+				Str("module", "dcom").
+				Str("method", "mmc").
+				Logger().WithContext(ctx)
+
+			module := dcomexec.Module{}
+			connCfg := &exec.ConnectionConfig{
+				ConnectionMethod:       exec.ConnectionMethodDCE,
+				ConnectionMethodConfig: dceConfig,
+			}
+			execCfg := &exec.ExecutionConfig{
+				ExecutableName:  executable,
+				ExecutableArgs:  executableArgs,
+				ExecutionMethod: dcomexec.MethodMmc,
+
+				ExecutionMethodConfig: dcomexec.MethodMmcConfig{
+					WorkingDirectory: workingDirectory,
+					WindowState:      windowState,
+				},
+			}
+			if err := module.Connect(ctx, creds, target, connCfg); err != nil {
+				log.Fatal().Err(err).Msg("Connection failed")
+			} else if err = module.Exec(ctx, execCfg); err != nil {
+				log.Fatal().Err(err).Msg("Execution failed")
+			}
+		},
+	}
+)
diff --git a/cmd/root.go b/cmd/root.go
index f083063..3f17253 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,83 +1,94 @@
 package cmd
 
 import (
-  "context"
-  "fmt"
-  "github.com/RedTeamPentesting/adauth"
-  "github.com/rs/zerolog"
-  "github.com/spf13/cobra"
-  "os"
-  "regexp"
+	"context"
+	"fmt"
+	"github.com/RedTeamPentesting/adauth"
+	"github.com/rs/zerolog"
+	"github.com/spf13/cobra"
+	"os"
+	"regexp"
+	"strings"
 )
 
 var (
-  //logFile string
-  log      zerolog.Logger
-  ctx      context.Context
-  authOpts *adauth.Options
+	//logFile string
+	log      zerolog.Logger
+	ctx      context.Context
+	authOpts *adauth.Options
 
-  debug            bool
-  command          string
-  executable       string
-  executablePath   string
-  executableArgs   string
-  workingDirectory string
+	debug            bool
+	command          string
+	executable       string
+	executablePath   string
+	executableArgs   string
+	workingDirectory string
+	windowState      string
 
-  rootCmd = &cobra.Command{
-    Use: "goexec",
-    PersistentPreRunE: func(cmd *cobra.Command, args []string) (err error) {
-      // For modules that require a full executable path
-      if executablePath != "" && !regexp.MustCompile(`^([a-zA-Z]:)?\\`).MatchString(executablePath) {
-        return fmt.Errorf("executable path (-e) must be an absolute Windows path, i.e. C:\\Windows\\System32\\cmd.exe")
-      }
-      log = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).Level(zerolog.InfoLevel).With().Timestamp().Logger()
-      if debug {
-        log = log.Level(zerolog.DebugLevel)
-      }
-      return
-    },
-  }
+	rootCmd = &cobra.Command{
+		Use: "goexec",
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) (err error) {
+			// For modules that require a full executable path
+			if executablePath != "" && !regexp.MustCompile(`^([a-zA-Z]:)?\\`).MatchString(executablePath) {
+				return fmt.Errorf("executable path (-e) must be an absolute Windows path, i.e. C:\\Windows\\System32\\cmd.exe")
+			}
+			if command != "" {
+				p := strings.SplitN(command, " ", 2)
+				executable = p[0]
+				if len(p) > 1 {
+					executableArgs = p[1]
+				}
+			}
+			log = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).Level(zerolog.InfoLevel).With().Timestamp().Logger()
+			if debug {
+				log = log.Level(zerolog.DebugLevel)
+			}
+			return
+		},
+	}
 )
 
 func needsTarget(proto string) func(cmd *cobra.Command, args []string) error {
-  return func(cmd *cobra.Command, args []string) (err error) {
-    if len(args) != 1 {
-      return fmt.Errorf("command require exactly one positional argument: [target]")
-    }
-    if creds, target, err = authOpts.WithTarget(ctx, proto, args[0]); err != nil {
-      return fmt.Errorf("failed to parse target: %w", err)
-    }
-    if creds == nil {
-      return fmt.Errorf("no credentials supplied")
-    }
-    if target == nil {
-      return fmt.Errorf("no target supplied")
-    }
-    return
-  }
+	return func(cmd *cobra.Command, args []string) (err error) {
+		if len(args) != 1 {
+			return fmt.Errorf("command require exactly one positional argument: [target]")
+		}
+		if creds, target, err = authOpts.WithTarget(ctx, proto, args[0]); err != nil {
+			return fmt.Errorf("failed to parse target: %w", err)
+		}
+		if creds == nil {
+			return fmt.Errorf("no credentials supplied")
+		}
+		if target == nil {
+			return fmt.Errorf("no target supplied")
+		}
+		return
+	}
 }
 
 func init() {
-  ctx = context.Background()
+	ctx = context.Background()
 
-  rootCmd.InitDefaultVersionFlag()
-  rootCmd.InitDefaultHelpCmd()
-  rootCmd.PersistentFlags().BoolVar(&debug, "debug", false, "Enable debug logging")
+	rootCmd.InitDefaultVersionFlag()
+	rootCmd.InitDefaultHelpCmd()
+	rootCmd.PersistentFlags().BoolVar(&debug, "debug", false, "Enable debug logging")
 
-  authOpts = &adauth.Options{Debug: log.Debug().Msgf}
-  authOpts.RegisterFlags(rootCmd.PersistentFlags())
+	authOpts = &adauth.Options{Debug: log.Debug().Msgf}
+	authOpts.RegisterFlags(rootCmd.PersistentFlags())
 
-  scmrCmdInit()
-  rootCmd.AddCommand(scmrCmd)
-  tschCmdInit()
-  rootCmd.AddCommand(tschCmd)
-  wmiCmdInit()
-  rootCmd.AddCommand(wmiCmd)
+	scmrCmdInit()
+	rootCmd.AddCommand(scmrCmd)
+	tschCmdInit()
+	rootCmd.AddCommand(tschCmd)
+	wmiCmdInit()
+	rootCmd.AddCommand(wmiCmd)
+	dcomCmdInit()
+	rootCmd.AddCommand(dcomCmd)
 }
 
 func Execute() {
-  if err := rootCmd.Execute(); err != nil {
-    fmt.Println(err)
-    os.Exit(1)
-  }
+	if err := rootCmd.Execute(); err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
 }
diff --git a/cmd/rpc.go b/cmd/rpc.go
index 7b5b214..816e17f 100644
--- a/cmd/rpc.go
+++ b/cmd/rpc.go
@@ -1,67 +1,70 @@
 package cmd
 
 import (
-  "fmt"
-  "github.com/FalconOpsLLC/goexec/internal/client/dce"
-  "github.com/oiweiwei/go-msrpc/dcerpc"
-  "github.com/spf13/cobra"
-  "regexp"
+	"fmt"
+	"github.com/FalconOpsLLC/goexec/internal/client/dce"
+	"github.com/oiweiwei/go-msrpc/dcerpc"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"regexp"
 )
 
 func needsRpcTarget(proto string) func(cmd *cobra.Command, args []string) error {
-  return func(cmd *cobra.Command, args []string) (err error) {
+	return func(cmd *cobra.Command, args []string) (err error) {
 
-    if argDceStringBinding != "" {
-      dceConfig.Endpoint, err = dcerpc.ParseStringBinding(argDceStringBinding)
-      if err != nil {
-        return fmt.Errorf("failed to parse RPC endpoint: %w", err)
-      }
-      dceConfig.NoEpm = true // If an explicit endpoint is set, don't use EPM
+		if argDceStringBinding != "" {
+			dceConfig.Endpoint, err = dcerpc.ParseStringBinding(argDceStringBinding)
+			if err != nil {
+				return fmt.Errorf("failed to parse RPC endpoint: %w", err)
+			}
+			dceConfig.NoEpm = true // If an explicit endpoint is set, don't use EPM
 
-    } else if argDceEpmFilter != "" {
-      // This ensures that filters like "ncacn_ip_tcp" will be made into a valid binding (i.e. "ncacn_ip_tcp:")
-      if ok, err := regexp.MatchString(`^\w+$`, argDceEpmFilter); err == nil && ok {
-        argDceEpmFilter += ":"
-      }
-      dceConfig.EpmFilter, err = dcerpc.ParseStringBinding(argDceEpmFilter)
-      if err != nil {
-        return fmt.Errorf("failed to parse EPM filter: %w", err)
-      }
-    }
-    if !argDceNoSign {
-      dceConfig.DceOptions = append(dceConfig.DceOptions, dcerpc.WithSign())
-      dceConfig.EpmOptions = append(dceConfig.EpmOptions, dcerpc.WithSign())
-    }
-    if argDceNoSeal {
-      dceConfig.DceOptions = append(dceConfig.DceOptions, dcerpc.WithInsecure())
-    } else {
-      dceConfig.DceOptions = append(dceConfig.DceOptions, dcerpc.WithSeal(), dcerpc.WithSecurityLevel(dcerpc.AuthLevelPktPrivacy))
-      dceConfig.EpmOptions = append(dceConfig.EpmOptions, dcerpc.WithSeal(), dcerpc.WithSecurityLevel(dcerpc.AuthLevelPktPrivacy))
-    }
-    return needsTarget(proto)(cmd, args)
-  }
+		} else if argDceEpmFilter != "" {
+			// This ensures that filters like "ncacn_ip_tcp" will be made into a valid binding (i.e. "ncacn_ip_tcp:")
+			if ok, err := regexp.MatchString(`^\w+$`, argDceEpmFilter); err == nil && ok {
+				argDceEpmFilter += ":"
+			}
+			dceConfig.EpmFilter, err = dcerpc.ParseStringBinding(argDceEpmFilter)
+			if err != nil {
+				return fmt.Errorf("failed to parse EPM filter: %w", err)
+			}
+		}
+		if !argDceNoSign {
+			dceConfig.DceOptions = append(dceConfig.DceOptions, dcerpc.WithSign())
+			dceConfig.EpmOptions = append(dceConfig.EpmOptions, dcerpc.WithSign())
+		}
+		if argDceNoSeal {
+			dceConfig.DceOptions = append(dceConfig.DceOptions, dcerpc.WithInsecure())
+		} else {
+			dceConfig.DceOptions = append(dceConfig.DceOptions, dcerpc.WithSeal(), dcerpc.WithSecurityLevel(dcerpc.AuthLevelPktPrivacy))
+			dceConfig.EpmOptions = append(dceConfig.EpmOptions, dcerpc.WithSeal(), dcerpc.WithSecurityLevel(dcerpc.AuthLevelPktPrivacy))
+		}
+		return needsTarget(proto)(cmd, args)
+	}
 }
 
 var (
-  // DCE arguments
-  argDceStringBinding string
-  argDceEpmFilter     string
-  argDceNoSeal        bool
-  argDceNoSign        bool
+	// DCE arguments
+	argDceStringBinding string
+	argDceEpmFilter     string
+	argDceNoSeal        bool
+	argDceNoSign        bool
 
-  // DCE options
-  dceStringBinding *dcerpc.StringBinding
-  dceConfig        dce.ConnectionMethodDCEConfig
+	// DCE options
+	dceStringBinding *dcerpc.StringBinding
+	dceConfig        dce.ConnectionMethodDCEConfig
 )
 
 func registerRpcFlags(cmd *cobra.Command) {
-  cmd.PersistentFlags().BoolVar(&dceConfig.NoEpm, "no-epm", false, "Do not use EPM to automatically detect endpoints")
-  cmd.PersistentFlags().BoolVar(&dceConfig.EpmAuto, "epm-auto", false, "Automatically detect endpoints instead of using the module defaults")
-  cmd.PersistentFlags().BoolVar(&argDceNoSign, "no-sign", false, "Disable signing on DCE messages")
-  cmd.PersistentFlags().BoolVar(&argDceNoSeal, "no-seal", false, "Disable packet stub encryption on DCE messages")
-  cmd.PersistentFlags().StringVarP(&argDceEpmFilter, "epm-filter", "F", "", "String binding to filter endpoints returned by EPM")
-  cmd.PersistentFlags().StringVar(&argDceStringBinding, "endpoint", "", "Explicit RPC endpoint definition")
+	rpcFlags := pflag.NewFlagSet("RPC", pflag.ExitOnError)
+	rpcFlags.BoolVar(&dceConfig.NoEpm, "no-epm", false, "Do not use EPM to automatically detect endpoints")
+	rpcFlags.BoolVar(&dceConfig.EpmAuto, "epm-auto", false, "Automatically detect endpoints instead of using the module defaults")
+	rpcFlags.BoolVar(&argDceNoSign, "no-sign", false, "Disable signing on DCE messages")
+	rpcFlags.BoolVar(&argDceNoSeal, "no-seal", false, "Disable packet stub encryption on DCE messages")
+	rpcFlags.StringVarP(&argDceEpmFilter, "epm-filter", "F", "", "String binding to filter endpoints returned by EPM")
+	rpcFlags.StringVar(&argDceStringBinding, "endpoint", "", "Explicit RPC endpoint definition")
+	cmd.PersistentFlags().AddFlagSet(rpcFlags)
 
-  cmd.MarkFlagsMutuallyExclusive("endpoint", "epm-filter")
-  cmd.MarkFlagsMutuallyExclusive("no-epm", "epm-filter")
+	cmd.MarkFlagsMutuallyExclusive("endpoint", "epm-filter")
+	cmd.MarkFlagsMutuallyExclusive("no-epm", "epm-filter")
 }
diff --git a/cmd/wmi.go b/cmd/wmi.go
index cba2473..df047a2 100644
--- a/cmd/wmi.go
+++ b/cmd/wmi.go
@@ -1,142 +1,140 @@
 package cmd
 
 import (
-  "encoding/json"
-  "fmt"
-  "github.com/FalconOpsLLC/goexec/internal/exec"
-  wmiexec "github.com/FalconOpsLLC/goexec/internal/exec/wmi"
-  "github.com/spf13/cobra"
-  "regexp"
-  "strings"
+	"encoding/json"
+	"fmt"
+	"github.com/FalconOpsLLC/goexec/internal/exec"
+	wmiexec "github.com/FalconOpsLLC/goexec/internal/exec/wmi"
+	"github.com/spf13/cobra"
+	"regexp"
+	"strings"
 )
 
 func wmiCmdInit() {
-  wmiCustomCmdInit()
-  wmiCmd.AddCommand(wmiCustomCmd)
-  wmiProcessCmdInit()
-  wmiCmd.AddCommand(wmiProcessCmd)
+	wmiCustomCmdInit()
+	wmiCmd.AddCommand(wmiCustomCmd)
+	wmiProcessCmdInit()
+	wmiCmd.AddCommand(wmiProcessCmd)
 }
 
 func wmiCustomCmdInit() {
-  wmiCustomCmd.Flags().StringVarP(&wmiArgMethod, "method", "m", "", `WMI Method to use in the format CLASS.METHOD (i.e. "Win32_Process.Create")`)
-  wmiCustomCmd.Flags().StringVarP(&wmiArgMethodArgs, "args", "A", "{}", `WMI Method argument(s) in JSON dictionary format (i.e. {"CommandLine":"calc.exe"})`)
-  if err := wmiCustomCmd.MarkFlagRequired("method"); err != nil {
-    panic(err)
-  }
+	wmiCustomCmd.Flags().StringVarP(&wmiArgMethod, "method", "m", "", `WMI Method to use in the format CLASS.METHOD (i.e. "Win32_Process.Create")`)
+	wmiCustomCmd.Flags().StringVarP(&wmiArgMethodArgs, "args", "A", "{}", `WMI Method argument(s) in JSON dictionary format (i.e. {"CommandLine":"calc.exe"})`)
+	if err := wmiCustomCmd.MarkFlagRequired("method"); err != nil {
+		panic(err)
+	}
 }
 
 func wmiProcessCmdInit() {
-  wmiProcessCmd.Flags().StringVarP(&command, "command", "c", "", "Process command line")
-  wmiProcessCmd.Flags().StringVarP(&workingDirectory, "directory", "d", `C:\`, "Working directory")
-  if err := wmiProcessCmd.MarkFlagRequired("command"); err != nil {
-    panic(err)
-  }
+	wmiProcessCmd.Flags().StringVarP(&command, "command", "c", "", "Process command line")
+	wmiProcessCmd.Flags().StringVarP(&workingDirectory, "directory", "d", `C:\`, "Working directory")
+	if err := wmiProcessCmd.MarkFlagRequired("command"); err != nil {
+		panic(err)
+	}
 }
 
 var (
-  // for custom method
-  wmiArgMethod     string
-  wmiArgMethodArgs string
-
-  wmiClass         string
-  wmiMethod        string
-  wmiMethodArgsMap map[string]any
-  methodRegex      = regexp.MustCompile(`^\w+\.\w+$`)
-
-  wmiCmd = &cobra.Command{
-    Use:   "wmi",
-    Short: "Establish execution via WMI",
-    Args:  cobra.NoArgs,
-  }
-  wmiCustomCmd = &cobra.Command{
-    Use:   "custom",
-    Short: "Execute specified WMI method",
-    Long: `Description:
+	// for custom method
+	wmiArgMethod     string
+	wmiArgMethodArgs string
+
+	wmiClass         string
+	wmiMethod        string
+	wmiMethodArgsMap map[string]any
+	methodRegex      = regexp.MustCompile(`^\w+\.\w+$`)
+
+	wmiCmd = &cobra.Command{
+		Use:   "wmi",
+		Short: "Establish execution via WMI",
+		Args:  cobra.NoArgs,
+	}
+	wmiCustomCmd = &cobra.Command{
+		Use:   "custom",
+		Short: "Execute specified WMI method",
+		Long: `Description:
   The custom method creates an instance of the specified WMI class (-c),
   then calls the provided method (-m) with the provided arguments (-A).
 
 References:
   https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-classes
   `,
-    Args: func(cmd *cobra.Command, args []string) (err error) {
-      if err = needsTarget("cifs")(cmd, args); err == nil {
-        if wmiArgMethod != "" && !methodRegex.MatchString(wmiArgMethod) {
-          return fmt.Errorf("invalid CLASS.METHOD syntax: %s", wmiArgMethod)
-        }
-        if err = json.Unmarshal([]byte(wmiArgMethodArgs), &wmiMethodArgsMap); err != nil {
-          err = fmt.Errorf("failed to parse JSON arguments: %w", err)
-        }
-      }
-      return
-    },
-    Run: func(cmd *cobra.Command, args []string) {
-      module := wmiexec.Module{}
-
-      connCfg := &exec.ConnectionConfig{}
-      cleanCfg := &exec.CleanupConfig{}
-
-      parts := strings.SplitN(wmiArgMethod, ".", 2)
-      wmiClass = parts[0]
-      wmiMethod = parts[1]
-
-      execCfg := &exec.ExecutionConfig{
-        ExecutableName:  executable,
-        ExecutableArgs:  executableArgs,
-        ExecutionMethod: wmiexec.MethodCustom,
-        ExecutionMethodConfig: wmiexec.MethodCustomConfig{
-          Class:     wmiClass,
-          Method:    wmiMethod,
-          Arguments: wmiMethodArgsMap,
-        },
-      }
-      if err := module.Connect(log.WithContext(ctx), creds, target, connCfg); err != nil {
-        log.Fatal().Err(err).Msg("Connection failed")
-
-      } else if err := module.Exec(log.WithContext(ctx), execCfg); err != nil {
-        log.Fatal().Err(err).Msg("Execution failed")
-
-      } else if err := module.Cleanup(log.WithContext(ctx), cleanCfg); err != nil {
-        log.Error().Err(err).Msg("Cleanup failed")
-      }
-    },
-  }
-
-  wmiProcessCmd = &cobra.Command{
-    Use:   "process",
-    Short: "Create a Windows process",
-    Long: `Description:
-  The process method creates an instance of the Win32_Process WMI class,
-  then calls the Win32_Process.Create method with the provided command (-c),
+		Args: func(cmd *cobra.Command, args []string) (err error) {
+			if err = needsTarget("cifs")(cmd, args); err == nil {
+				if wmiArgMethod != "" && !methodRegex.MatchString(wmiArgMethod) {
+					return fmt.Errorf("invalid CLASS.METHOD syntax: %s", wmiArgMethod)
+				}
+				if err = json.Unmarshal([]byte(wmiArgMethodArgs), &wmiMethodArgsMap); err != nil {
+					err = fmt.Errorf("failed to parse JSON arguments: %w", err)
+				}
+			}
+			return
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			module := wmiexec.Module{}
+
+			connCfg := &exec.ConnectionConfig{}
+			cleanCfg := &exec.CleanupConfig{}
+
+			parts := strings.SplitN(wmiArgMethod, ".", 2)
+			wmiClass = parts[0]
+			wmiMethod = parts[1]
+
+			execCfg := &exec.ExecutionConfig{
+				ExecutableName:  executable,
+				ExecutableArgs:  executableArgs,
+				ExecutionMethod: wmiexec.MethodCustom,
+				ExecutionMethodConfig: wmiexec.MethodCustomConfig{
+					Class:     wmiClass,
+					Method:    wmiMethod,
+					Arguments: wmiMethodArgsMap,
+				},
+			}
+			if err := module.Connect(log.WithContext(ctx), creds, target, connCfg); err != nil {
+				log.Fatal().Err(err).Msg("Connection failed")
+			} else if err := module.Exec(log.WithContext(ctx), execCfg); err != nil {
+				log.Fatal().Err(err).Msg("Execution failed")
+			} else if err := module.Cleanup(log.WithContext(ctx), cleanCfg); err != nil {
+				log.Error().Err(err).Msg("Cleanup failed")
+			}
+		},
+	}
+
+	wmiProcessCmd = &cobra.Command{
+		Use:   "proc",
+		Short: "Start a Windows process",
+		Long: `Description:
+  The proc method creates an instance of the Win32_Process WMI class, then
+  calls the Win32_Process.Create method with the provided command (-c),
   and optional working directory (-d).
 
 References:
   https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/create-method-in-class-win32-process
 `,
-    Args: needsTarget("cifs"),
-    Run: func(cmd *cobra.Command, args []string) {
-      log = log.With().Str("module", "wmi").Logger()
-
-      module := wmiexec.Module{}
-      connCfg := &exec.ConnectionConfig{}
-      cleanCfg := &exec.CleanupConfig{}
-
-      execCfg := &exec.ExecutionConfig{
-        ExecutableName:  executable,
-        ExecutableArgs:  executableArgs,
-        ExecutionMethod: wmiexec.MethodProcess,
-
-        ExecutionMethodConfig: wmiexec.MethodProcessConfig{
-          Command:          command,
-          WorkingDirectory: workingDirectory,
-        },
-      }
-      if err := module.Connect(log.WithContext(ctx), creds, target, connCfg); err != nil {
-        log.Fatal().Err(err).Msg("Connection failed")
-      } else if err := module.Exec(log.WithContext(ctx), execCfg); err != nil {
-        log.Fatal().Err(err).Msg("Execution failed")
-      } else if err := module.Cleanup(log.WithContext(ctx), cleanCfg); err != nil {
-        log.Error().Err(err).Msg("Cleanup failed")
-      }
-    },
-  }
+		Args: needsTarget("cifs"),
+		Run: func(cmd *cobra.Command, args []string) {
+			log = log.With().Str("module", "wmi").Logger()
+
+			module := wmiexec.Module{}
+			connCfg := &exec.ConnectionConfig{}
+			cleanCfg := &exec.CleanupConfig{}
+
+			execCfg := &exec.ExecutionConfig{
+				ExecutableName:  executable,
+				ExecutableArgs:  executableArgs,
+				ExecutionMethod: wmiexec.MethodProcess,
+
+				ExecutionMethodConfig: wmiexec.MethodProcessConfig{
+					Command:          command,
+					WorkingDirectory: workingDirectory,
+				},
+			}
+			if err := module.Connect(log.WithContext(ctx), creds, target, connCfg); err != nil {
+				log.Fatal().Err(err).Msg("Connection failed")
+			} else if err := module.Exec(log.WithContext(ctx), execCfg); err != nil {
+				log.Fatal().Err(err).Msg("Execution failed")
+			} else if err := module.Cleanup(log.WithContext(ctx), cleanCfg); err != nil {
+				log.Error().Err(err).Msg("Cleanup failed")
+			}
+		},
+	}
 )