Description
Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line.
This post explains how to install a wmic client on a Linux machine. The above installation procedure has been tested on a Ubuntu 12.04 LTS 32 bits host.
The client for Linux is not as powerful as the one for Windows because it is limited to "select" requests (i.e. not possible to request something like "process list brief") but will be helpful if you don‘t want to start your Windows virtual machine.
Installation
Pre-requisites
$ sudo aptitude install autoconf
Compilation
$ cd /data/tools/ $ wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2 $ bzip2 -cd wmi-1.3.14.tar.bz2 | tar xf - $ cd wmi-1.3.14/ $ sudo make $ sudo cp Samba/source/bin/wmic /usr/local/bin/
Usage
Usage
Usage: wmic -U user%password //host "query"
Options
- -?, --help
- Show this help message
- -A, --authentication-file=FILE
- Get the credentials from a file
- --delimiter=STRING
- delimiter to use when querying multiple values, default to ‘|‘
- -d, --debuglevel=DEBUGLEVEL
- Set debug level
- --debug-stderr
- Send debug output to STDERR
- -i, --scope=SCOPE
- Use this Netbios scope
- -k, --kerberos=STRING
- Use Kerberos
- -l, --log-basename=LOGFILEBASE
- Basename for log/debug files
- --leak-report
- enable full talloc leak reporting on exit
- --leak-report-full
- enable talloc leak reporting on exit
- -m, --maxprotocol=MAXPROTOCOL
- Set max protocol level
- --namespace=STRING
- WMI namespace, default to root\cimv2
- -N, --no-pass
- Don‘t ask for a password
- -n, --netbiosname=NETBIOSNAME
- Primary netbios name
- --option=name=value
- Set smb.conf option from command line
- -O, --socket-options=SOCKETOPTIONS
- socket options to use
- --password=STRING
- Password
- -P, --machine-pass
- Use stored machine account password (implies -k)
- --realm=REALM
- Set the realm name
- -R, --name-resolve=NAME-RESOLVE-ORDER
- Use these name resolution services only
- --simple-bind-dn=STRING
- DN to use for a simple bind
- -S, --signing=on|off|required
- Set the client signing state
- -s, --configfile=CONFIGFILE
- Use alternative configuration file
- --usage
- Display brief usage message
- --use-security-mechanisms=STRING
- Restricted list of authentication mechanisms available for use with this authentication
- -U, --user=[DOMAIN\]USERNAME[%PASSWORD]
- Set the network username
- -V, --version
- Print version
- -W, --workgroup=WORKGROUP
- Set the workgroup name
Examples
Note: For a complete list of classes you can request, please refer to http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx
Get system information
$ wmic -U unknown //192.168.1.12 "select * from Win32_ComputerSystem" Password for [WORKGROUP\unknown]: CLASS: Win32_ComputerSystem AdminPasswordStatus|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported| BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|Domain|DomainRole| EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo| Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray| PartOfDomain|PauseAfterReset|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState| PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay| SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup 3|True|True|0|0|True|Normal boot|UNKNOWN-7C76953|3|Win32_ComputerSystem|120|True|AT/AT COMPATIBLE|WORKGROUP|0|True|3|False|NULL|(null)| 3|(null)|innotek GmbH|VirtualBox|UNKNOWN-7C76953|(null)|True|1|1|NULL|(vboxVer_4.2.12,vboxRev_84980)|False|-1|NULL|False|3|0|3|(null)| Unknown|1|-1|-1|(LM_Workstation,LM_Server,NT,Potential_Browser)|OK|NULL|30|("Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect)| 0|X86-based PC|3|1073201152|UNKNOWN-7C76953\unknown|6|(null)
Get list of running processes
$ wmic -U unknown%oopsoops //192.168.1.12 "select caption, name, parentprocessid, processid from win32_process" CLASS: Win32_Process Caption|Handle|Name|ParentProcessId|ProcessId System Idle Process|0|System Idle Process|0|0 System|4|System|0|4 smss.exe|460|smss.exe|4|460 csrss.exe|924|csrss.exe|460|924 winlogon.exe|948|winlogon.exe|460|948 services.exe|992|services.exe|948|992 lsass.exe|1004|lsass.exe|948|1004 VBoxService.exe|1168|VBoxService.exe|992|1168 svchost.exe|1220|svchost.exe|992|1220 svchost.exe|1332|svchost.exe|992|1332 MsMpEng.exe|1576|MsMpEng.exe|992|1576 svchost.exe|1616|svchost.exe|992|1616 svchost.exe|1712|svchost.exe|992|1712 svchost.exe|1940|svchost.exe|992|1940 spoolsv.exe|244|spoolsv.exe|992|244 explorer.exe|916|explorer.exe|788|916 VBoxTray.exe|1288|VBoxTray.exe|916|1288 concentr.exe|1388|concentr.exe|916|1388 msseces.exe|1400|msseces.exe|916|1400 ctfmon.exe|1424|ctfmon.exe|916|1424 wfcrun32.exe|1472|wfcrun32.exe|1220|1472 svchost.exe|1812|svchost.exe|992|1812 dsNcService.exe|1908|dsNcService.exe|992|1908 jqs.exe|280|jqs.exe|992|280 TeamViewer_Service.exe|780|TeamViewer_Service.exe|992|780 alg.exe|3556|alg.exe|992|3556 wmiapsrv.exe|532|wmiapsrv.exe|992|532 wscntfy.exe|1640|wscntfy.exe|1616|1640 wmiprvse.exe|4000|wmiprvse.exe|1220|4000