Description
Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line.
This post explains how to install a wmic client on a Linux machine. The above installation procedure has been tested on a Ubuntu 12.04 LTS 32 bits host.
The client for Linux is not as powerful as the one for Windows because it is limited to "select" requests (i.e. not possible to request something like "process list brief") but will be helpful if you don't want to start your Windows virtual machine.
Installation
Pre-requisites
$ sudo aptitude install autoconf
Compilation
$ cd /data/tools/
$ wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2
$ bzip2 -cd wmi-1.3.14.tar.bz2 | tar xf -
$ cd wmi-1.3.14/
$ sudo make
$ sudo cp Samba/source/bin/wmic /usr/local/bin/
Usage
Usage
Usage: wmic -U user%password //host "query"
Options
- -?, --help
- Show this help message
- -A, --authentication-file=FILE
- Get the credentials from a file
- --delimiter=STRING
- delimiter to use when querying multiple values, default to '|'
- -d, --debuglevel=DEBUGLEVEL
- Set debug level
- --debug-stderr
- Send debug output to STDERR
- -i, --scope=SCOPE
- Use this Netbios scope
- -k, --kerberos=STRING
- Use Kerberos
- -l, --log-basename=LOGFILEBASE
- Basename for log/debug files
- --leak-report
- enable full talloc leak reporting on exit
- --leak-report-full
- enable talloc leak reporting on exit
- -m, --maxprotocol=MAXPROTOCOL
- Set max protocol level
- --namespace=STRING
- WMI namespace, default to root\cimv2
- -N, --no-pass
- Don't ask for a password
- -n, --netbiosname=NETBIOSNAME
- Primary netbios name
- --option=name=value
- Set smb.conf option from command line
- -O, --socket-options=SOCKETOPTIONS
- socket options to use
- --password=STRING
- Password
- -P, --machine-pass
- Use stored machine account password (implies -k)
- --realm=REALM
- Set the realm name
- -R, --name-resolve=NAME-RESOLVE-ORDER
- Use these name resolution services only
- --simple-bind-dn=STRING
- DN to use for a simple bind
- -S, --signing=on|off|required
- Set the client signing state
- -s, --configfile=CONFIGFILE
- Use alternative configuration file
- --usage
- Display brief usage message
- --use-security-mechanisms=STRING
- Restricted list of authentication mechanisms available for use with this authentication
- -U, --user=[DOMAIN\]USERNAME[%PASSWORD]
- Set the network username
- -V, --version
- Print version
- -W, --workgroup=WORKGROUP
- Set the workgroup name
Examples
Note: For a complete list of classes you can request, please refer to http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx
Get system information
$ wmic -U unknown //192.168.1.12 "select * from Win32_ComputerSystem"
Password for [WORKGROUP\unknown]:
CLASS: Win32_ComputerSystem
AdminPasswordStatus|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|
BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|Domain|DomainRole|
EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|
Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|
PartOfDomain|PauseAfterReset|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|
PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay|
SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup
3|True|True|0|0|True|Normal boot|UNKNOWN-7C76953|3|Win32_ComputerSystem|120|True|AT/AT COMPATIBLE|WORKGROUP|0|True|3|False|NULL|(null)|
3|(null)|innotek GmbH|VirtualBox|UNKNOWN-7C76953|(null)|True|1|1|NULL|(vboxVer_4.2.12,vboxRev_84980)|False|-1|NULL|False|3|0|3|(null)|
Unknown|1|-1|-1|(LM_Workstation,LM_Server,NT,Potential_Browser)|OK|NULL|30|("Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect)|
0|X86-based PC|3|1073201152|UNKNOWN-7C76953\unknown|6|(null)
Get list of running processes
$ wmic -U unknown%oopsoops //192.168.1.12 "select caption, name, parentprocessid, processid from win32_process"
CLASS: Win32_Process
Caption|Handle|Name|ParentProcessId|ProcessId
System Idle Process|0|System Idle Process|0|0
System|4|System|0|4
smss.exe|460|smss.exe|4|460
csrss.exe|924|csrss.exe|460|924
winlogon.exe|948|winlogon.exe|460|948
services.exe|992|services.exe|948|992
lsass.exe|1004|lsass.exe|948|1004
VBoxService.exe|1168|VBoxService.exe|992|1168
svchost.exe|1220|svchost.exe|992|1220
svchost.exe|1332|svchost.exe|992|1332
MsMpEng.exe|1576|MsMpEng.exe|992|1576
svchost.exe|1616|svchost.exe|992|1616
svchost.exe|1712|svchost.exe|992|1712
svchost.exe|1940|svchost.exe|992|1940
spoolsv.exe|244|spoolsv.exe|992|244
explorer.exe|916|explorer.exe|788|916
VBoxTray.exe|1288|VBoxTray.exe|916|1288
concentr.exe|1388|concentr.exe|916|1388
msseces.exe|1400|msseces.exe|916|1400
ctfmon.exe|1424|ctfmon.exe|916|1424
wfcrun32.exe|1472|wfcrun32.exe|1220|1472
svchost.exe|1812|svchost.exe|992|1812
dsNcService.exe|1908|dsNcService.exe|992|1908
jqs.exe|280|jqs.exe|992|280
TeamViewer_Service.exe|780|TeamViewer_Service.exe|992|780
alg.exe|3556|alg.exe|992|3556
wmiapsrv.exe|532|wmiapsrv.exe|992|532
wscntfy.exe|1640|wscntfy.exe|1616|1640
wmiprvse.exe|4000|wmiprvse.exe|1220|4000