Examples of WMIC a hidden secret


WMIC stands for windows management instrumentation command-line, a well kept secret which has been silently being featured in Windows based Operating system actively after windows 2000. The tool is not only robust, powerful and flexible, it can also be used over the network seamlessly.

To access this tool, you have to enter wmic in the command line of windows, which will end up in it’s own shell. Mostly, you should have wmic installed as it is the default in windows, you may also see a message saying wmic installing which happens for the first time only. It basically works after the WMI service starts to run. WMIC also has an easy API structure. To use the api you will have to use the WQL or Windows Query Language which is quite similar to SQL or Structed Query Language.

The format of WMIC is:

WMIC [Credentials] [area] [QueryString]

Some Examples and usage of WMIC:

1.  To get the process list – wmic process list
2.  To get the group list – wmic group list
3.  To get the NIC Card Configuration – wmic nicconfig list
4.  To get user account list – wmic useraccount list
5.  To get the built in System account list – wmic sysaccount list
6.  To get the Environment list – wmic environment list
7.  To get the information of all shares (including hidden) – wmic share list
8.  To get the list of services – wmic services list
9.  To get the computer system details – wmic computersystem list
10. To get the volume information – wmic volume list
11. To get full startup list – wmic startup list full
12. To get Information of logical disks – wmic logicaldisk get description, filesystem, name, size
13. To get screensaver information – wmic desktop get screensaversecure, screensavertimeout
14. To get logon information – wmic logon get authenticationpackage
15. To get information about the OS – wmic os get name, servicepackmajorversion
16. To get information about QFE (Quick Fix Engineering) – wmic qfe get description,installedOn
17. To get information about the computer – wmic csproduct get name,vendor,identifyingNumber
18. To get the toal ram – wmic computersystem get TOTALPhysicalMemory,caption
19. To get the macaddress of nic card – wmic nic get macaddress,description

Note: In all the above you can use “brief” command to get a brief list of information and “full” to get the full list of information, for example use wmic process list brief, wmic process list full.

Doing some niche tasks from wmic:

1. Updage static ip address
wmic nicconfig where index=9 call enablestatic(“192.168.0.117”),(“255.255.255.0”)

2. To Change the network gateway
wmic nicconfig where index=9 call setgateways(“192.168.0.117″,”192.168.0.118”),(1,2)

3. To start an application
wmic process call create “paint.exe”

4. To enable dhcp
wmic nicconfig where index=9 call enabledhcp

5. To kill an application
wmic process where name=”paint.exe” call terminate

6. To change the process priority
wmic process where name=”iexplorer.exe” call setpriority 64

7. To get name and process id of a process
wmic process where (Name=’svchost.exe’) get name,processid