Commands tagged wmic (4)

  • Pass the files path to finfo(), can be unix path, dos path, relative or absolute. The file is converted into an absolute nix path, then checked to see if it is in-fact a regular/existing file. Then converted into an absolute windows path and sent to "wmic". Then magic, you have windows file details right in the terminal. Uses: cygwin, cygpath, sed, and awk. Needs Windows WMI "wmic.exe" to be operational. The output is corrected for easy... finfo notepad.exe finfo "C:\windows\system32\notepad.exe" finfo /cygdrive/c/Windows/System32/notepad.exe finfo "/cygdrive/c/Program Files/notepad.exe" finfo ../notepad.exe Show Sample Output


    0
    finfo() { [[ -f "$(cygpath "$@")" ]] || { echo "bad-file";return 1;}; echo "$(wmic datafile where name=\""$(echo "$(cygpath -wa "$@")"|sed 's/\\/\\\\/g')"\" get /value)"|sed 's/\r//g;s/^M$//;/^$/d'|awk -F"=" '{print $1"=""\033[1m"$2"\033[0m"}';}
    lowjax · 2013-12-30 07:47:41 0
  • Using "wmic get * /value" within any Cygwin shell will return lots of Win/Dos newline junk ie "^M$" at the end of found value line, two lines ("$" Unix newline) above, and three below. This makes storing and or evaluating wmic queries as variables a pain. The method i suggest strips the mentioned junk, only returns the value after "OSArchitecture=", and includes only one Unix style newline. Other methods using sed|awk|cut can only handle the output of wmic cleanly when piped or using multiple sed statements. wmic OS get OSArchitecture /value | sed 's/\r//g;s/^M$//;/^$/d;s/.*=//' making wmic OS get OSArchitecture /value | grep -Eo '[^=]*$' a much cleaner and slightly less costly alternative. Show Sample Output


    0
    wmic OS get OSArchitecture /value | grep -Eo '[^=]*$'
    lowjax · 2014-03-15 02:04:08 0
  • This is used during pentest to quickly poll all the processes running on a set of systems you have common credentials for the /FAILFAST:ON speeds up the scans. Show Sample Output


    0
    FOR /F "delims==" %%A IN ('type ips.txt') DO wmic /Node:%%A wmic /user:username /password:yourpassword /FAILFAST:ON process where "name like '%.exe'" call getowner
    operat0r · 2014-06-26 01:53:29 1
  • wmi

    Get windows version with servicepack and hostname Show Sample Output


    -3
    wmic -U DOMAIN/user --password='password' //IP_HOST "select Caption,CSDVersion,CSName from Win32_OperatingSystem" | grep Windows
    dr_gogeta86 · 2010-09-20 14:23:37 2

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Run a command if today is the last day of the month
This is handy to just shove into a daily cron entry. If you do use cron, make sure to escape the %d with \%d or it will fail.

most used unix commands

generate random identicon

How much RAM is Apache using?
Display the amount of memory used by all the httpd processes. Great in case you are being Slashdoted!

Detect illegal access to kernel space, potentially useful for Meltdown detection
Based on capsule8 agent examples, not rigorously tested

Display which distro is installed
Works on nearly all linux distros

Convert seconds into minutes and seconds
This is a very simple way to input a large number of seconds and get a more useful value in minutes and seconds. Avoids useless use of echo.

List programs with open ports and connections
I prefer to use this and not the -n variety, so I get DNS-resolved hostnames. Nice when I'm trying to figure out who's got that port open.

Detect illegal access to kernel space, potentially useful for Meltdown detection
Based on capsule8 agent examples, not rigorously tested

To print a specific line from a file
You can get one specific line during any procedure. Very interesting to be used when you know what line you want.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: