Wmic-linux

Description

Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line.

This post explains how to install a wmic client on a Linux machine. The above installation procedure has been tested on a Ubuntu 12.04 LTS 32 bits host.

The client for Linux is not as powerful as the one for Windows because it is limited to "select" requests (i.e. not possible to request something like "process list brief") but will be helpful if you don't want to start your Windows virtual machine.

Installation

Pre-requisites

$ sudo aptitude install autoconf

Compilation

$ cd /data/tools/

$ wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2

$ bzip2 -cd wmi-1.3.14.tar.bz2 | tar xf -

$ cd wmi-1.3.14/

$ sudo make

$ sudo cp Samba/source/bin/wmic /usr/local/bin/

Usage

Usage

Usage: wmic -U user%password //host "query"

Options

-?, --help
Show this help message
-A, --authentication-file=FILE
Get the credentials from a file
--delimiter=STRING
delimiter to use when querying multiple values, default to '|'
-d, --debuglevel=DEBUGLEVEL
Set debug level
--debug-stderr
Send debug output to STDERR
-i, --scope=SCOPE
Use this Netbios scope
-k, --kerberos=STRING
Use Kerberos
-l, --log-basename=LOGFILEBASE
Basename for log/debug files
--leak-report
enable full talloc leak reporting on exit
--leak-report-full
enable talloc leak reporting on exit
-m, --maxprotocol=MAXPROTOCOL
Set max protocol level
--namespace=STRING
WMI namespace, default to root\cimv2
-N, --no-pass
Don't ask for a password
-n, --netbiosname=NETBIOSNAME
Primary netbios name
--option=name=value
Set smb.conf option from command line
-O, --socket-options=SOCKETOPTIONS
socket options to use
--password=STRING
Password
-P, --machine-pass
Use stored machine account password (implies -k)
--realm=REALM
Set the realm name
-R, --name-resolve=NAME-RESOLVE-ORDER
Use these name resolution services only
--simple-bind-dn=STRING
DN to use for a simple bind
-S, --signing=on|off|required
Set the client signing state
-s, --configfile=CONFIGFILE
Use alternative configuration file
--usage
Display brief usage message
--use-security-mechanisms=STRING
Restricted list of authentication mechanisms available for use with this authentication
-U, --user=[DOMAIN\]USERNAME[%PASSWORD]
Set the network username
-V, --version
Print version
-W, --workgroup=WORKGROUP
Set the workgroup name

Examples

Note: For a complete list of classes you can request, please refer to http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx

Get system information

$ wmic -U unknown //192.168.1.12 "select * from Win32_ComputerSystem"

Password for [WORKGROUP\unknown]:

CLASS: Win32_ComputerSystem

AdminPasswordStatus|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|

BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|Domain|DomainRole|

EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|

Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|

PartOfDomain|PauseAfterReset|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|

PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay|

SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup

3|True|True|0|0|True|Normal boot|UNKNOWN-7C76953|3|Win32_ComputerSystem|120|True|AT/AT COMPATIBLE|WORKGROUP|0|True|3|False|NULL|(null)|

3|(null)|innotek GmbH|VirtualBox|UNKNOWN-7C76953|(null)|True|1|1|NULL|(vboxVer_4.2.12,vboxRev_84980)|False|-1|NULL|False|3|0|3|(null)|

Unknown|1|-1|-1|(LM_Workstation,LM_Server,NT,Potential_Browser)|OK|NULL|30|("Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect)|

0|X86-based PC|3|1073201152|UNKNOWN-7C76953\unknown|6|(null)

Get list of running processes

$ wmic -U unknown%oopsoops //192.168.1.12 "select caption, name, parentprocessid, processid from win32_process"

CLASS: Win32_Process

Caption|Handle|Name|ParentProcessId|ProcessId

System Idle Process|0|System Idle Process|0|0

System|4|System|0|4

smss.exe|460|smss.exe|4|460

csrss.exe|924|csrss.exe|460|924

winlogon.exe|948|winlogon.exe|460|948

services.exe|992|services.exe|948|992

lsass.exe|1004|lsass.exe|948|1004

VBoxService.exe|1168|VBoxService.exe|992|1168

svchost.exe|1220|svchost.exe|992|1220

svchost.exe|1332|svchost.exe|992|1332

MsMpEng.exe|1576|MsMpEng.exe|992|1576

svchost.exe|1616|svchost.exe|992|1616

svchost.exe|1712|svchost.exe|992|1712

svchost.exe|1940|svchost.exe|992|1940

spoolsv.exe|244|spoolsv.exe|992|244

explorer.exe|916|explorer.exe|788|916

VBoxTray.exe|1288|VBoxTray.exe|916|1288

concentr.exe|1388|concentr.exe|916|1388

msseces.exe|1400|msseces.exe|916|1400

ctfmon.exe|1424|ctfmon.exe|916|1424

wfcrun32.exe|1472|wfcrun32.exe|1220|1472

svchost.exe|1812|svchost.exe|992|1812

dsNcService.exe|1908|dsNcService.exe|992|1908

jqs.exe|280|jqs.exe|992|280

TeamViewer_Service.exe|780|TeamViewer_Service.exe|992|780

alg.exe|3556|alg.exe|992|3556

wmiapsrv.exe|532|wmiapsrv.exe|992|532

wscntfy.exe|1640|wscntfy.exe|1616|1640

wmiprvse.exe|4000|wmiprvse.exe|1220|4000

你可能感兴趣的:(linux)