Windows Important Commands
what is WMIC ?
Windows management instrumentation command. The wmic command to me is one of the more powerful commands on windows.
This command is very useful for the anlyst who is performing analysis on windows OS as well as Forensics.
This commands helpful to gather information without 3rd party tools.
You can do multiple tasks with one command
List of running processes in brief
wmic process list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kill a process
wmic process where name="wordpad.exe" delete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine open shares
net share
wmic share list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine ip address
ipconfig
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get a new ip address
ipconfig /release
ipconfig /renew
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Disk drive information
wmic diskdrive list full
wmic partition list full
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List all patches
wmic qfe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List services
wmic service list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List user accounts
wmic useraccount list brief
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List number of times a user logged on
wmic netlogin where (name like "%adm%") get numberoflogons
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reboot
shutdown /r /t 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Shutdown
shutdown /s /t 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Spawn a new command prompt
start cmd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command line history
F7
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine the current user
echo %USERNAME%
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine who is apart of the administrators group
net localgroup administrators
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add a user where rocky is the username and password is redhat
net user rocky redhat /add
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Add user rocky to administrators group
net localgroup administrators rocky /add
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List user accounts
net user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
List network connections and the programs that make connection
netstat -an
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Display contents of file text.txt
type text.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edit contents of file text.txt
edit text.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine PC name
hostname
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Determine whether a system is 32 or 64 bit
wmic cpu get DataWidth /format:list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Startup applications
wmic startup get caption,command
No comments:
Post a Comment