Powershell * WMI

Associations

A common and popular example is of the classes which deal with network adapter: PS C:\Windows\system32> Get-WmiObject -Class *win32_networkadapter* -List We can use associators of to extract information from all the above classes: The __RELPATH property in an instance can be used as a key to list relationship: PS C:\Windows\system32> Get-WmiObject -Class win32_networkadapter | f1…

Powershell * WMI

More Windows Utilities

WMI code creater: WMIGen 10.0.6: Click on Generate. Click on run . WMI on remote computer: PS C:\> Get-WmiObject -Class win32_operatingsystem -ComputerName 192.168.222.144 -Credential SECURITY\administrator PS C:\> whoami PS C:\> Get-WmiObject -Class win32_bios -ComputerName 192.168.222.144 This we run when WMI is restricted: PS C:\> $sess = New-CimSession -ComputerName 192.168.222.144 -Credential SECURITY\administrator PS C:\> Get-CimInstance -CimSession…

Powershell * WMI

Exploring Namespace

We can list all namespaces by querying the namespace class. Use below command to list all namespaces within the root namespace. PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master> Get-WmiObject -Namespace “root” -Class “__Namespace” | select name PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master> Get-CimInstance -Namespace “root” -ClassName “__Namespace” PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master> Get-WmiObject -Namespace “root” -Class “__Namespace” PS C:\Users\victim6\Downloads\new\new\tool\tool\PowerSploit-master\PowerSploit-master> Get-WmiObject -Namespace “root” -Class “__Namespace” | select Name…

Powershell * WMI

WMI Introduction

WMI is a windows Management Instrumentation which Microsoft implement for common information model (CIM). Its give us uniform interface for applications and scripts to manage a local or remote computer or network. It contains implement : Managed object format Providers Managed Object Namespaces Repository Consumers MOF Files: We can find the .mof file on this…