Xx_Introduction
Windows Management Instrumentation,it is winodws manager tool.
Can be used as a powerful information collector for penetration testing.
note:Win10 has been deprecated!
link:https://blog.csdn.net/discover2210212455/article/details/82711930
link:https://www.hackingarticles.in/post-exploitation-using-wmic-system-command/
Ax_Frequently-used
cd C:windows\system32\wbem
# show software,version information
wmic product get name,version
# show service
wmic service list brief
# show The serial number
wmic bios get serialnumber
# show memory
wmic memorychip list brief
# show server type
wmic csproduct get name
# show cpu
wmic cpu
# show os
wmic os
# show bios
wmic bios
wmic bios, get serialNumber
Bx_Advanced application
# creat process
wmic process call create “[Process Name]”
wmic process call create “taskmgr.exe”
# Get the SIDs
wmic group get Caption, InstallDate, LocalAccount, Domain, SID, Status
# Change Priority of a Process
wmic process where name="explorer.exe" call setpriority 64
# Terminate a process
wmic process where name="explorer.exe" call terminate
# Get a list of Executable Files
wmic PROCESS WHERE "NOT ExecutablePath LIKE ‘%Windows%’" GET ExecutablePath
# Get Folder Properties
wmic FSDIR where "drive='c:' and filename='test" get /format:list
# Get File Properties
wmic datafile where name='c:\\windows\\system32\\demo\\demo.txt' get /format:list
# Locate System Files
wmic environment get Description, VariableValue
# Get a list of Running Services
wmic service where (state="running") get caption, name, startmode, state
# Get Startup Services
wmic startup get Caption, Command
# Get System Driver Details
wmic sysdriver get Caption, Name, PathName, ServiceType, State, Status /format:list
# Clear System Logs
wmic nteventlog where filename='system' call cleareventlog
# Detect If victim system is a host OS or installed via VMware
wmic onboarddevice get Desciption, DeviceType, Enabled, Status /format:list
Cx_User Account Management
# Lock a User Account
wmic useraccount where name='demo' set disabled=false
# Remove Password requirement for logging
wmic useraccount where name='demo' set PasswordRequired=false
# Rename a user account
wmic useraccount where name='demo' rename hacker
# Restrict user from changing a password
wmic useraccount where name='hacker' set passwordchangeable=false
# Get Antivirus Details
wmic /namespace:\\root\securitycenter2 path antivirusproduct GET displayName, productState, pathToSignedProductExe
Dx_Use Specification