Wmic-linux

时间:2023-03-08 15:22:20
Wmic-linux

Description

Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line.

This post explains how to install a wmic client on a Linux machine. The above installation procedure has been tested on a Ubuntu 12.04 LTS 32 bits host.

The client for Linux is not as powerful as the one for Windows because it is limited to "select" requests (i.e. not possible to request something like "process list brief") but will be helpful if you don't want to start your Windows virtual machine.

Installation

Pre-requisites

$ sudo aptitude install autoconf

Compilation

$ cd /data/tools/
$ wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2
$ bzip2 -cd wmi-1.3.14.tar.bz2 | tar xf -
$ cd wmi-1.3.14/
$ sudo make
$ sudo cp Samba/source/bin/wmic /usr/local/bin/

Usage

Usage

Usage: wmic -U user%password //host "query"

Options

-?, --help
Show this help message
-A, --authentication-file=FILE
Get the credentials from a file
--delimiter=STRING
delimiter to use when querying multiple values, default to '|'
-d, --debuglevel=DEBUGLEVEL
Set debug level
--debug-stderr
Send debug output to STDERR
-i, --scope=SCOPE
Use this Netbios scope
-k, --kerberos=STRING
Use Kerberos
-l, --log-basename=LOGFILEBASE
Basename for log/debug files
--leak-report
enable full talloc leak reporting on exit
--leak-report-full
enable talloc leak reporting on exit
-m, --maxprotocol=MAXPROTOCOL
Set max protocol level
--namespace=STRING
WMI namespace, default to root\cimv2
-N, --no-pass
Don't ask for a password
-n, --netbiosname=NETBIOSNAME
Primary netbios name
--option=name=value
Set smb.conf option from command line
-O, --socket-options=SOCKETOPTIONS
socket options to use
--password=STRING
Password
-P, --machine-pass
Use stored machine account password (implies -k)
--realm=REALM
Set the realm name
-R, --name-resolve=NAME-RESOLVE-ORDER
Use these name resolution services only
--simple-bind-dn=STRING
DN to use for a simple bind
-S, --signing=on|off|required
Set the client signing state
-s, --configfile=CONFIGFILE
Use alternative configuration file
--usage
Display brief usage message
--use-security-mechanisms=STRING
Restricted list of authentication mechanisms available for use with this authentication
-U, --user=[DOMAIN\]USERNAME[%PASSWORD]
Set the network username
-V, --version
Print version
-W, --workgroup=WORKGROUP
Set the workgroup name

Examples

Note: For a complete list of classes you can request, please refer to http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx

Get system information

$ wmic -U unknown //192.168.1.12 "select * from Win32_ComputerSystem"
Password for [WORKGROUP\unknown]:
CLASS: Win32_ComputerSystem
AdminPasswordStatus|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|
BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|Domain|DomainRole|
EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|
Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|
PartOfDomain|PauseAfterReset|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|
PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay|
SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup
3|True|True|0|0|True|Normal boot|UNKNOWN-7C76953|3|Win32_ComputerSystem|120|True|AT/AT COMPATIBLE|WORKGROUP|0|True|3|False|NULL|(null)|
3|(null)|innotek GmbH|VirtualBox|UNKNOWN-7C76953|(null)|True|1|1|NULL|(vboxVer_4.2.12,vboxRev_84980)|False|-1|NULL|False|3|0|3|(null)|
Unknown|1|-1|-1|(LM_Workstation,LM_Server,NT,Potential_Browser)|OK|NULL|30|("Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect)|
0|X86-based PC|3|1073201152|UNKNOWN-7C76953\unknown|6|(null)

Get list of running processes

$ wmic -U unknown%oopsoops //192.168.1.12 "select caption, name, parentprocessid, processid from win32_process"
CLASS: Win32_Process
Caption|Handle|Name|ParentProcessId|ProcessId
System Idle Process|0|System Idle Process|0|0
System|4|System|0|4
smss.exe|460|smss.exe|4|460
csrss.exe|924|csrss.exe|460|924
winlogon.exe|948|winlogon.exe|460|948
services.exe|992|services.exe|948|992
lsass.exe|1004|lsass.exe|948|1004
VBoxService.exe|1168|VBoxService.exe|992|1168
svchost.exe|1220|svchost.exe|992|1220
svchost.exe|1332|svchost.exe|992|1332
MsMpEng.exe|1576|MsMpEng.exe|992|1576
svchost.exe|1616|svchost.exe|992|1616
svchost.exe|1712|svchost.exe|992|1712
svchost.exe|1940|svchost.exe|992|1940
spoolsv.exe|244|spoolsv.exe|992|244
explorer.exe|916|explorer.exe|788|916
VBoxTray.exe|1288|VBoxTray.exe|916|1288
concentr.exe|1388|concentr.exe|916|1388
msseces.exe|1400|msseces.exe|916|1400
ctfmon.exe|1424|ctfmon.exe|916|1424
wfcrun32.exe|1472|wfcrun32.exe|1220|1472
svchost.exe|1812|svchost.exe|992|1812
dsNcService.exe|1908|dsNcService.exe|992|1908
jqs.exe|280|jqs.exe|992|280
TeamViewer_Service.exe|780|TeamViewer_Service.exe|992|780
alg.exe|3556|alg.exe|992|3556
wmiapsrv.exe|532|wmiapsrv.exe|992|532
wscntfy.exe|1640|wscntfy.exe|1616|1640
wmiprvse.exe|4000|wmiprvse.exe|1220|4000