Post Recon With Wmic

Hello Everyone ! This Article Intents to Concentrate More on Enumeration.. rather exploitation, Enumeration and recon are the roots of exploitation.This part Covers a small content of recon Soon i will be posting a Next part on Red team Activities.

At the point when an Attacker gain a Reverse Shell on a Remote PC with privilege escalation Included, WMIC(Windows Management Instrumentation Command Line) if you Looking for More intro on WMIC you can Follow this Link https://en.wikipedia.org/wiki/Windows_Management_Instrumentation

Just for Example Case i am using my Admin cmd With WMIC

Get System Roles, User Name, and Manufacturer

We can specifies loads of data about the Victim System including its Name, Domain, Manufacturer, Model Number and Much progressively through the PC framework

We are adding following channels to get explicit outcome.

Jobs: It gives every one of the jobs that the unfortunate casualty framework play like Workstation, Server, Browser and so on.

Producer: It give the maker of the framework, here and there are sure vulnerabilities in a specific model of a specific model. So we can utilize this data to scan for any immediate vulnerabilities.

User Name: It gives the username of the framework which is demonstrated extremely accommodating as we can separate among overseers and ordinary clients, at that point he/she can list a gigantic measure of data and roll out compelling improvements utilizing the WMI Command Line

Create a process

We can create many process on the victim’s system using the process alias of wmic command.This is helpful in running any backdoor or fill up the memory of the victim’s system.

Syntax: wmic process call create “[Process Name]”

Change Priority of a Process

We can change priority of any process running on the victim’s system with the help of process alias of wmic command.

Running a process at a higher or lower priority only really has an effect on the actual performance of that process when your CPU is maxed out at 100%. You are basically just telling the computer to prioritize which processes need the most power and which need less.

Clear System Logs

Wmic can be used to delete system logs using the nteventlog alias. It is a very simple command where we mention the name of log and then using an option nteventlog and clear the log file. It can be an effective command while cleaning up after hacking any system.

This is the Same Module which Executes Background when the command clearev

That’s all for this Part Stay Connected for More… Next article on Red-team Activities.

Happy Hunting and Exploitation…..The more you Share the More you gain…