135 - Pentesting WMI

Windows Management Instrumentation (WMI) is a subsystem of PowerShell that gives admins access to powerful system monitoring tools. Though this system has been designed to allow for fast, efficient system administration, it also has a spookier side: it can be abused by insiders as a tool to surveil other employees.

WMI allows read and write access to almost all settings on Windows systems. Understandably, this makes it the most critical interface in the Windows environment for the administration and remote maintenance of Windows computers, regardless of whether they are PCs or servers. WMI is typically accessed via PowerShell, VBScript, or the Windows Management Instrumentation Console (WMIC). WMI is not a single program but consists of several programs and various databases, also known as repositories.

Footprinting WMI

the program wmiexec.py from the Impacket toolkit can be used for this.

/usr/share/doc/python3-impacket/examples/wmiexec.py USER:"PASSWORD"@IP "hostname"

Previous110,995 - Pentesting POP Next139,445 - SMB Pentesting

Last updated 2 years ago