IS: WMIC command use

Xx_Introduction

Windows Management Instrumentation，it is winodws manager tool.
Can be used as a powerful information collector for penetration testing.
note:Win10 has been deprecated!
link:https://blog.csdn.net/discover2210212455/article/details/82711930
link:https://www.hackingarticles.in/post-exploitation-using-wmic-system-command/

Ax_Frequently-used

cd C:windowssystem32wbem
# show software,version information
wmic product get name,version
# show service 
wmic service list brief
# show The serial number
wmic bios get serialnumber
# show memory
wmic memorychip list brief
# show server type
wmic csproduct get name
# show cpu
wmic cpu
# show os
wmic os
# show bios
wmic bios
wmic bios, get serialNumber

Bx_Advanced application

# creat process
wmic process call create “[Process Name]”
wmic process call create “taskmgr.exe”
# Get the SIDs
wmic group get Caption, InstallDate, LocalAccount, Domain, SID, Status
# Change Priority of a Process
wmic process where name="explorer.exe" call setpriority 64
# Terminate a process
wmic process where name="explorer.exe" call terminate
# Get a list of Executable Files
wmic PROCESS WHERE "NOT ExecutablePath LIKE ‘%Windows%’" GET ExecutablePath
# Get Folder Properties
wmic FSDIR where "drive='c:' and filename='test" get /format:list
# Get File Properties
wmic datafile where name='c:\windows\system32\demo\demo.txt' get /format:list
# Locate System Files
wmic environment get Description, VariableValue
# Get a list of Running Services
wmic service where (state="running") get caption, name, startmode, state
# Get Startup Services
wmic startup get Caption, Command
# Get System Driver Details
wmic sysdriver get Caption, Name, PathName, ServiceType, State, Status /format:list
# Clear System Logs
wmic nteventlog where filename='system' call cleareventlog
# Detect If victim system is a host OS or installed via VMware
wmic onboarddevice get Desciption, DeviceType, Enabled, Status /format:list

Cx_User Account Management

# Lock a User Account
wmic useraccount where name='demo' set disabled=false
# Remove Password requirement for logging
wmic useraccount where name='demo' set PasswordRequired=false
# Rename a user account
wmic useraccount where name='demo' rename hacker
# Restrict user from changing a password
wmic useraccount where name='hacker' set passwordchangeable=false
# Get Antivirus Details
wmic /namespace:\rootsecuritycenter2 path antivirusproduct GET displayName, productState, pathToSignedProductExe

Dx_Use Specification