冒险村物语
英雄无敌3塔防
驾考家园手游

wmic自已在内网中的应用

2014-09-27

from：0day信息安全

wmic /node:ip /user:ip(hostname,domain)user /password:xxx 远程执行
wmic nicconfig where index=1 call enablestatic("192.168.1.2"), ("255.255.255.0") 配置ip,index=1为 DeviceID或index
wmic nicconfig where index=1 call setgateways("192.168.1.1"),(1) 配置网关
wmic computersystem where "name=abc" call rename 123 更改计算机名称
wmic computersystem where "caption=%ComputerName%" call rename newcomputername 更改计算机名称
wmic computersystem where "name=google" call joindomainorworkgroup "","","MyGroup",1 更改工作组名称
wmic qfe get HotFixID,InstalledOn,Description获取补丁
wmic ntdomain 获取所有和本主机相关的域，可以看到域控制器的位置
wmic process看进程
WMIC process where name="qq.exe" call terminate 结束进程
wmic process where name="qq.exe" delete 结束进程
wmic process where pid="123" delete
wmic process call create shutdown.exe 关机
wmic process call create "shutdown.exe -r -f -m" 重启
WMIC process call create c:kav2009.exe 上传并执行
wmic process call create cmd.exe 创建新cmdshell，很有用
wmic COMPUTERSYSTEM 可以看是否为虚拟设备 Manufacturer Model看这个
wmic DISKQUOTA get QuotaVolume 获取NTFS 卷磁盘空间使用情况
wmic LOGICALDISK get caption,description,deviceid 查看驱动盘的类型，这个比较全
wmic VOLUME get Caption,DriveLetter,FileSystem,name 看驱动盘
wmic DISKDRIVE get deviceid,Caption,size,InterfaceType 硬盘设备
wmic cpu get Description,DeviceID,Name CPU
wmic NTEVENT WHERE "logfile=Security"查看安全日志
wmic share get Name,path 获取共享,相当于在命令net share，但比net share 还要详细
WMIC SHARE where name="C$" call delete删除共享
WMIC SHARE CALL Create "","test","3","TestShareName","","c: est",0 创建共享目录
wmic netuse create remotepath=/obtuse/admin$,localname=z: 创建共享
wmic SERVICE where name="tlntsvr" set startmode="Auto" 更改服务启动方式
wmic SERVICE where name="tlntsvr" call startservice 启动服务
wmic SERVICE where name="Spooler" call PauseService 暂停服务
wmic SERVICE where name="tlntsvr" call stopservice 停止服务
wmic SERVICE where name="test" call delete 删除服务
wmic NIC 网卡
wmic MEMLOGICAL get TotalPageFileSpace,TotalPhysicalMemory,TotalVirtualMemory查看内存情况
wmic NETLOGIN 网络登录信息管理，比较好
WMIC JOB GET Command,RunRepeatedly,StartTime 查找任务
wmic os 操作系统版本
wmic STARTUP自启动管理
wmic ENVIRONMENT 系统环境
wmic datafile "c:/test.txt" call rename c:abc.txt 重命名
wmic datafile Where "drive=c: and extension=txt" get name 列出C盘下所有的的txt文件名
wmic datafile Where "drive=c: get FileSize,name 列出C盘下的所有文件
wmic datafile Where "drive=c:" get name >all.txt 列出C盘下的所有文件出错
wmic datafile where "name=f:/lxmxn/cn-dos/lxmxn.vbs" list查找文件
wmic datafile where "drive=e: and path=/test/ and FileName=cc and Extension=cmd" list 查找e盘下test目录(不包括子目录)下的cc.cmd文件
wmic datafile where "drive=e: and FileName=cc and Extension=cmd and FileSize>1000" list 查找e盘下所有目录和子目录下的cc.cmd文件,且文件大小大于1K
wmic datafile where "drive=e: and Extension=cmd and FileSize>10000000" call delete 删除e盘下文件大小大于10M的.cmd文件
wmic datafile where "drive=e: and Extension<>cmd and path=test" call delete 删除e盘下test目录(不包括子目录)下的非.cmd文件
wmic datafile where "drive=h: and extension=txt and path like %/test/% and filename like %perl%" get name 查找h盘下目录含有test,文件名含有perl,后缀为txt的文件
wmic datafile where "drive=e: and path=/test/ and FileName=cc and Extension=cmd" call copy "e:aa.bat" 复制e盘下test目录(不包括子目录)下的cc.cmd文件到e:,并改名为aa.bat

for /f "skip=1 tokens=1*" %i in (wmic datafile where "FileName=qq and extension=exe" get drive^,path) do (set "qPath=%i%j"&@echo %qPath:~0,-3%) 全盘搜索某文件并获取该文件所在目录

wmic FSDIR where "drive=c: and filename=test" list 列出C盘下所有windows目录
wmic FSDIR where "drive=e: and path=/test/ and filename<>abc" call delete 删除e: est目录下除目录abc的所有目录
wmic fsdir "c:/good" call delete 删除c:good文件夹
wmic fsdir "c:/good" rename "c:abb" 重命名c:good文件夹为abb
wmic LOGON 可以查看什么类型的登录，什么时间登录的
wmic group 在全局中查找
wmic group where "name=domain admins"
wmic useraccount 在全局中查找
wmic useraccount where "name=administrator" get Caption 如果在域上，上面的命令都是在域中查询，很慢。
wmic USERACCOUNT where "name=%UserName%" call rename newUserName 更改账户名
wmic /node:%pcname% /USER:%pcaccount% PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1 远程打开计算机远程桌面

（免责声明：文章内容如涉及作品内容、版权和其它问题，请及时与我们联系，我们将在第一时间删除内容，文章内容仅供参考）