内网渗透中有诸多的渗透利器,wmic 绝对排的上号,这里记录一下,备忘 C:\Windows\System32\wbem

    ★★连接远程的电脑,不过好象对要开 RPC 服务

    1. wmic /node:"192.168.203.131" /password:"password" /user:"administrator"

    ★★查看bios版本型号

    1. wmic bios get Manufacturer,Name

    ★★查看工作组/域

    1. wmic computersystem get domain

    ★★更改计算机名abc为123

    1. wmic computersystem where "name='abc'" call rename 123

    ★★查看cpu型号

    1. wmic cpu get name

    DATAFILE - DataFile 管理
    ★★查找e盘下test目录(不包括子目录)下的cc.cmd文件

    1. wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" list

    ★★查找e盘下所有目录和子目录下的cc.cmd文件,且文件大小大于1K

    1. wmic datafile where "drive='e:' and FileName='cc' and Extension='cmd' and FileSize>'1000'" list

    ★★删除e盘下文件大小大于10M的.cmd文件

    1. wmic datafile where "drive='e:' and Extension='cmd' and FileSize>'10000000'" call delete

    ★★删除e盘下test目录(不包括子目录)下的非.cmd文件

    1. wmic datafile where "drive='e:' and Extension<>'cmd' and path='test'" call delete

    ★★复制e盘下test目录(不包括子目录)下的cc.cmd文件到e:,并改名为aa.bat

    1. wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" call copy "e:\aa.bat"

    ★★改名c:\hello.txt为c:\test.txt

    1. wmic datafile "c:\\hello.txt" call rename c:\test.txt

    ★★查找h盘下目录含有test,文件名含有perl,后缀为txt的文件

    1. wmic datafile where "drive='h:' and extension='txt' and path like '%\\test\\%' and filename like '%perl%'" get name

    ★★获取temp环境变量

    1. wmic ENVIRONMENT where "name='temp'" get UserName,VariableValue

    ★★更改path环境变量值,新增e:\tools

    1. wmic ENVIRONMENT where "name='path' and username='<system>'" set VariableValue="%path%;e:\tools"

    ★★新增系统环境变量home,值为%HOMEDRIVE%%HOMEPATH%

    1. wmic ENVIRONMENT create name="home",username="<system>",VariableValue="%HOMEDRIVE%%HOMEPATH%"

    ★★删除home环境变量

    1. wmic ENVIRONMENT where "name='home'" delete

    FSDIR - 文件目录系统项目管理
    ★★查找e盘下名为test的目录

    1. wmic FSDIR where "drive='e:' and filename='test'" list

    ★★删除e:\test目录下除过目录abc的所有目录

    1. wmic FSDIR where "drive='e:' and path='\\test\\' and filename<>'abc'" call delete

    ★★删除c:\good文件夹

    1. wmic fsdir "c:\\good" call delete

    ★★重命名c:\good文件夹为abb

    1. wmic fsdir "c:\\good" rename "c:\abb"

    LOGICALDISK - 本地储存设备管理
    ★★获取硬盘系统格式、总大小、可用空间等

    1. wmic LOGICALDISK get name,Description,filesystem,size,freespace

    PROCESS - 进程管理
    ★★列出进程的核心信息,类似任务管理器

    1. wmic process list brief
    2. (wmic startup list brief插播一条)

    ★★结束svchost.exe进程,路径为非C:\WINDOWS\system32\svchost.exe的

    1. wmic process where "name='svchost.exe' and ExecutablePath<>'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate

    ★★新建notepad进程

    1. wmic process call create notepad

    ★★wmic 获取进程名称以及可执行路径:

    1. wmic process get name,executablepath

    ★★wmic 删除指定进程(根据进程名称):

    1. wmic process where name="qq.exe" call terminate 或者用 wmic process where name="qq.exe" delete

    ★★wmic 删除指定进程(根据进程PID):

    1. wmic process where pid="123" delete

    SERVICE - 服务程序管理
    ★★查看服务列表

    1. wmic service list brief

    ★★运行spooler服务

    1. wmic SERVICE where name="Spooler" call startservice

    ★★停止spooler服务

    1. wmic SERVICE where name="Spooler" call stopservice

    ★★暂停spooler服务

    1. wmic SERVICE where name="Spooler" call PauseService

    ★★更改spooler服务启动类型[auto|Disabled|Manual] 释[自动|禁用|手动]

    1. wmic SERVICE where name="Spooler" set StartMode="auto"

    ★★删除服务

    1. wmic SERVICE where name="test123" call delete

    SHARE - 共享资源管理
    ★★删除共享

    1. wmic SHARE where name="e$" call delete

    ★★添加共享

    1. WMIC SHARE CALL Create "","test","3","TestShareName","","c:\test",0

    STARTUP - 用户登录到计算机系统时自动运行命令的管理
    ★★查看msconfig中的启动选项

    1. wmic STARTUP list

    SYSDRIVER - 基本服务的系统驱动程序管理

    1. wmic SYSDRIVER list

    ★★关闭本地计算机

    1. wmic process call create shutdown.exe

    ★★重启远程计算机

    1. wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"

    ★★查看系统中开启的日志

    1. wmic nteventlog get path,filename,writeable

    ★★清除相关的日志(这里是全部清除)

    1. wevtutil cl "windows powershell"
    2. wevtutil cl "security"
    3. wevtutil cl "system"

    ★★查看系统中安装的软件以及版本

    1. wmic product get name,version
    2. wmic product list brief

    ★★查看某个进程的详细信息

    1. wmic process where name="chrome.exe" list full

    ★★获取存储在注册表中所有包含密码的键值:

    1. REG query HKCU /v "pwd" /s

    ★★显示系统中的曾经连接过的无线密码

    1. netsh wlan show profiles
    2. netsh wlan show profiles name="profiles的名字" key=clear

    ★★查看当前系统是否是VMWARE

    1. wmic bios list full | find /i "vmware"

    参考 http://www.jb51.net/article/49987.htm https://blog.csdn.net/qq_20307987/article/details/73222038 ```