Examples of WMIC a hidden secret

WMIC stands for windows management instrumentation command-line, a well kept secret which has been silently being featured in Windows based Operating system actively after windows 2000. The tool is not only robust, powerful and flexible, it can also be used over the network seamlessly.

To access this tool, you have to enter wmic in the command line of windows, which will end up in it’s own shell. Mostly, you should have wmic installed as it is the default in windows, you may also see a message saying wmic installing which happens for the first time only. It basically works after the WMI service starts to run. WMIC also has an easy API structure. To use the api you will have to use the WQL or Windows Query Language which is quite similar to SQL or Structed Query Language.

The format of WMIC is:

WMIC [Credentials] [area] [QueryString]

Some Examples and usage of WMIC:

1. To get the process list – wmic process list

2. To get the group list – wmic group list

3. To get the NIC Card Configuration – wmic nicconfig list

4. To get user account list – wmic useraccount list

5. To get the built in System account list – wmic sysaccount list

6. To get the Environment list – wmic environment list

7. To get the information of all shares (including hidden) – wmic share list

8. To get the list of services – wmic services list

9. To get the computer system details – wmic computersystem list

10. To get the volume information – wmic volume list

11. To get full startup list – wmic startup list full

12. To get Information of logical disks – wmic logicaldisk get description, filesystem, name, size

13. To get screensaver information – wmic desktop get screensaversecure, screensavertimeout

14. To get logon information – wmic logon get authenticationpackage

15. To get information about the OS – wmic os get name, servicepackmajorversion

16. To get information about QFE (Quick Fix Engineering) – wmic qfe get description,installedOn

17. To get information about the computer – wmic csproduct get name,vendor,identifyingNumber

18. To get the toal ram – wmic computersystem get TOTALPhysicalMemory,caption

19. To get the macaddress of nic card – wmic nic get macaddress,description

Note: In all the above you can use “brief” command to get a brief list of information and “full” to get the full list of information, for example use wmic process list brief, wmic process list full.

Doing some niche tasks from wmic:

1. Updage static ip address

wmic nicconfig where index=9 call enablestatic(“192.168.0.117”),(“255.255.255.0”)

2. To Change the network gateway

wmic nicconfig where index=9 call setgateways(“192.168.0.117″,”192.168.0.118”),(1,2)

3. To start an application

wmic process call create “paint.exe”

4. To enable dhcp

wmic nicconfig where index=9 call enabledhcp

5. To kill an application

wmic process where name=”paint.exe” call terminate

6. To change the process priority

wmic process where name=”iexplorer.exe” call setpriority 64

7. To get name and process id of a process

wmic process where (Name=’svchost.exe’) get name,processid