WMI [135]

Overview

Windows Management Instrumentation (WMI) - Notes

Overview
- Microsoft's implementation and extension of the Common Information Model (CIM).
- Core functionality of Web-Based Enterprise Management (WBEM) for Windows.
- Provides read and write access to almost all Windows settings.
Importance
- Crucial for Windows administration and remote maintenance.
- Works on both PCs and servers.
Access Methods
- Typically accessed via:
  - PowerShell
  - VBScript
  - Windows Management Instrumentation Console (WMIC)
Architecture
- Not a single program but a collection of programs and databases (repositories).

Footprinting the Service

WMIexec.py

the program wmiexec.py from the Impacket toolkit can be used for this.

z3tssu@htb[/htb]$ /usr/share/doc/python3-impacket/examples/wmiexec.py Cry0l1t3:"P455w0rD!"@10.129.201.248 "hostname"

Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

[*] SMBv3.0 dialect used
ILF-SQL-01

PreviousWinRM [5985, 5986]NextIntroduction

Last updated 11 months ago

hashtagWindows Management Instrumentation (WMI) - Notes

hashtagFootprinting the Service

hashtagWMIexec.py

Windows Management Instrumentation (WMI) - Notes

Footprinting the Service

WMIexec.py