Closed Patrick-DE closed 1 year ago
{ "name": "wmic", "phases": [ "03. Host Enumeration", "05. Privilege Escalation", "06. Domain Enumeration" ], "category": "", "stealthy": true, "platforms": [ "Windows" ], "source": "https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmic", "description": "The WMI command-line (WMIC) utility provides a command-line interface for Windows Management Instrumentation (WMI). WMIC is compatible with existing shells and utility commands.\n\n⚠️Important\nWMIC is deprecated as of Windows 10, version 21H1, and as of the 21H1 semi-annual channel release of Windows Server. This utility is superseded by Windows PowerShell for WMI;.", "undetected": [], "detected": [], "content": "", "commands": [ { "id": "7aae147f-1076-45f9-a638-38d2a6a224b4", "name": "Get all command aliases", "description": "", "tag": "", "results": [], "cmd": "wmic alias list brief" }, { "id": "1fcbc21a-e0cc-4723-a598-57cf53c32098", "name": "Get computer information", "description": "", "tag": "", "results": [ "CRED:USERNAME:EMAIL", "CRED:USERNAME:NAME", "INTEL:DOMAIN:DOMAINS" ], "cmd": "wmic computersystem list full" }, { "id": "37f46088-fdab-4061-8bae-714752a8bc2e", "name": "Get available volumes", "description": "", "tag": "", "results": [ "COMPUTER:DRIVES" ], "cmd": "wmic volume list brief" }, { "id": "cb5ab538-a054-4cc8-b15b-8d6312ca0bfa", "name": "Get domain controller", "description": "", "tag": "", "results": [ "INTEL:DOMAIN:DOMAINS" ], "cmd": "wmic NTDOMAIN GET DomainControllerAddress,DomainName,Roles" }, { "id": "6303390f-faa9-455b-b332-46f42dc86274", "name": "Get all domain users in domain via LDAP", "description": "", "tag": "", "results": [ "INTEL:DOMAIN:USERS" ], "cmd": "wmic /NAMESPACE:\\\\root\\directory ldap PATH ds_user GET ds_samaccountname", "requirements": { "tag": "SERVICE:SERVICE:LDAP" } }, { "id": "a192be90-3d90-4957-99e5-97e4a7e71c14", "name": "Get all domain groups in domain via LDAP", "description": "", "tag": "", "results": [ "INTEL:DOMAIN:GROUPS" ], "cmd": "wmic /NAMESPACE:\\\\root\\directory ldap PATH ds_group GET ds_samaccountname" }, { "id": "67576e28-96f5-4fcd-adbe-d5bcd4bc3e68", "name": "Members of Domain Admins Group", "description": "", "tag": "", "results": [ "INTEL:DOMAIN:DA" ], "cmd": "wmic path win32_groupuser where (groupcomponent=\"win32_group.name='domain admins',domain =='YOURDOMAINHERE'\")", "requirements": { "tag": "INTEL:DOMAIN:DOMAINS" } }, { "id": "f3095414-9baa-4cb5-9608-ccd7510f7ce9", "name": "Get all computers in domain via LDAP", "description": "", "tag": "", "results": [ "INTEL:DOMAIN:COMPUTERS" ], "cmd": "wmic /NAMESPACE: root directory ldap PATH ds_computer GET ds_samaccountname", "requirements": { "tag": "SERVICE:LDAP" } }, { "id": "51d74900-f0ab-4f02-bc26-a0207c3a5224", "name": "Get local user accounts", "description": "", "tag": "", "results": [ "COMPUTER:USERS" ], "cmd": "wmic useraccount list" }, { "id": "50dd3d1b-5dfd-4d07-80e3-9b2e8ea90355", "name": "Get Windows updates", "description": "", "tag": "", "results": [ "COMPUTER:WINUPDATE" ], "cmd": "wmic qfe list brief" }, { "id": "b6e526ff-1349-490d-97ee-fcb7a69d296e", "name": "Get Antivirus Solutions", "description": "", "tag": "", "results": [ "COMPUTER:SEC:AV" ], "cmd": "wmic /namespace:\\\\root\\securitycenter2 path antivirusproduct GET displayName, productState, pathToSignedProductExe" }, { "id": "4b3125e8-dd67-4d24-a123-2e4592b497e7", "name": "Get sensitive files ", "description": "Get files containing 'password' in the name", "tag": "", "results": [ "COMPUTER:FILE:SENSITIVE" ], "cmd": "wmic DATAFILE where \"drive='C:' AND Name like '%password%'\" GET Name,readable,size /VALUE" }, { "id": "ead973d1-8441-4e90-a8c2-9cd71ca7cbe8", "name": "Get services with path", "description": "", "tag": "", "results": [ "COMPUTER:SERVICES" ], "cmd": "wmic service get name, pathname" } ] }
Patrick-DE
commented
1 year ago Patrick-DE
commented
1 year ago