Remotely determine logged in user
List running processes
Kill a process
Determine open shares
wmic share list brief
Determine IP address
Get a new IP address
ipconfig /renew
Remotely display machine’s MAC address
Remotely list running processes every second
Remotely display System Info
Disk drive information
wmic partition list full
Bios info
List all patches
Look for a particular patch
Remotely List Local Enabled Accounts
Start a service remotely
sc \\machinename start lanmanserver
List services
sc \\machinename query
Disable startup service
List user accounts
Enable RDP remotely
List number of times a user logged on
Query active RDP sessions
Remove active RDP session ID 2
Remotely query registry for last logged in user
List all computers in domain “blah”
Reboot
Shutdown
Remotely reboot machine
Copy entire folder and its contents from a remote source to local machine
Find location of file with string “blah” in file name
Spawn a new command prompt
Determine name of a machine with known IP
Find directory named blah
Command line history
Determine the current user (aka whoami Linux equivalent)
Determine who is apart of the administrators group
Add a user where travis is the username and password is blah
Add user travis to administrators group
List user accounts
Map a network share with a given drive letter of T:
List network connections and the programs that are making those connections
Display contents of file text.txt
Edit contents of file text.txt
Determine PC name
Run cmd.exe as administrator user
Uninstall a program, Symantec in this case ;-}
Determine whether a system is 32 or 64 bit
Powershell one liner download file
Information about OS version and other useful system information
Startup applications
Recursively unzip all zip folders, you’ll need unzip.exe for this
Query status of Windows Defender
Powershell one liner to determine if Windows Defender and other services are running
Validate credentials against Active Directory
Delete net use connection
4 replies on “Pentesting one liner Windows Commands”
what does the “WMIC” stand for?
Windows management instrumentation command. You’ll also hear people refer to it as simply WMI. The wmic command to me is one of the more powerful commands on windows. You can do multiple tasks with one command. My list above is brief, there are tons of other things you can do as well.
Travis, this post is awesome. I was looking around for some WMIC one-liners and came across this on Google. Great stuff and well layed out, thanks for posting. The ‘wmic USERACCOUNT WHERE “Disabled=0 AND LocalAccount=1” GET Name’ command revealed a number of local admin accounts I wasn’t aware of. Thanks!
vocatus,
Glad it helped.