SANS - Windows CMDline Kung-Fu with wmic
To kill a process, like 'kill -9 [pid] and killall-9 cmd.exe'
C:\> wmic process [pid] delete
C:\> wmic process where name='cmd.exe' delete
Like the 'top' command
C:\> wmic process list brief /every:1
To simulate 'net user'
C:\> wmic useraccount
To show hotfixes and service packs. [qfe = quick fix enginering]
C:\> wmic qfe
For malware analysis, including all files loaded at startup.
C:\> wmic startup list full
Similar to 'ps -aux | grep cmd.exe'.
C:\> wmic process list brief | find "cmd.exe"
Similar to 'man wmic'
C:\> wmic /?:full > wmic_docs_that_stink.txt
Similar to 'ifconfig -a'
C:\> wmic nicconfig where IPEnabled='true'
Similar to ' ifconfig'
C:\> wmic nicconfig where Index=1 call EnableStatic ("10.10.10.10"), ("255.255.255.0")
For DHCP
C:\> wmic nicconfig where Index=1 call EnableDHCP
Others:
c:\> wmic ComputerSystem GET Model
c:\> wmic computersystem get name,systemtype
c:\> wmic bios get serialnumber
c:\> wmic nic get macaddress,description
c:\> wmic csproduct get identifyingnumber
c:\> wmic baseboard get product,Manufacturer,version,serialnumber
c:\> wmic COMPUTERSYSTEM get TotalPhysicalMemory
c:\> wmic process get workingsetsize,commandline
c:\> wmic partition get name,size,type
c:\> wmic COMPUTERSYSTEM GET MANUFACTURER
c:\> wmic csproduct get version
c:\> wmic service list brief
c:\> wmic process list brief
c:\> wmic startup list brief
c:\> wmic csproduct get "UUID"