# WMIcmd **Repository Path**: csharphpython/WMIcmd ## Basic Information - **Project Name**: WMIcmd - **Description**: A command shell wrapper using only WMI for Microsoft Windows - **Primary Language**: Unknown - **License**: AGPL-3.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2020-10-21 - **Last Updated**: 2020-12-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # The problem When doing low impact investigations and other similar activities you may want to minimize what is written to disk / obvious. This tool allows us to execute commands via WMI and get information not otherwise available via this channel. # Purpose A small utility which only uses WMI to * execute command shell commands * capture stdout from these commands and write to the registry * read and then delete from the registry * print to local stdout # Design The tool us comprised of: - a very small subset of the NCC Group internal core library (WMICore) - command execution (WMIcmd) # Usage ``` C:\Data\NCC\!Code\Git.Public\WMIcmd\WMIcmd\bin\Debug>WMIcmd.exe --help NCC Group WMIcmd 1.0.0.0 Released under AGPL -h, --host Host (IP address or hostname - default: localhost) -u, --username Username to authenticate with -p, --password Password to authenticate with -d, --domain Domain to authenticate with -v, --Verbose (Default: False) Prints all messages to standard output. -c, --Command (Default: ) Command to run e.g. "nestat-ano" -s, --CommandSleep (Default: 10000) Command sleep in milliseconds - increase if getting truncated output --help Display this help screen. ``` ## Example - a non domain joined machine Note: use administrative credentials ``` WMIcmd.exe -h 192.168.1.165 -d hostname -u localadmin -p theirpassword -c "netstat -an" ``` ## Example - domain joined machine Note: use administrative credentials ``` WMIcmd.exe -h 192.168.1.165 -d domain -u domainadmin -p theirpassword -c "netstat -an" ``` ## Example expected output Note: use administrative credentials ``` C:\Data\NCC\!Code\Git.Public\WMIcmd\WMIcmd\bin\Debug>WMIcmd.exe -d win10host -h win10host -u superuser -p password -c "netstat -an" [!] Connecting with superuser [i] Connecting to win10host [i] Connected [i] Command: netstat -an [i] Running command... [i] Getting stdout from registry from SOFTWARE\ [i] Full command output received Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING TCP 0.0.0.0:18800 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING TCP 0.0.0.0:49713 0.0.0.0:0 LISTENING .. snip .. ```