Windows Firewall

netsh advfirewall set  currentprofile state off

netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off

netsh firewall set opmode mode=DISABLE

WMIC

This command shows the global options which are used in the wmic command. WMIC Global Options are used to set properties of the WMIC environment. With the combination of global options and the aliases than we can manage the system through the wmic environment.

Syntax/Example: wmic /?

wmic computerystem list full /format:list

wmic process list /format:list  
wmic ntdomain list /format:list  
wmic useraccount list /format:list  
wmic group list /format:list  
wmic sysaccount list /format:list

Get System Roles, User Name, and Manufacturer

wmic computersystem get Name, Domain, Manufacturer, Model, Username, Roles /format:list

Get the SIDs

wmic group get Caption, InstallDate, LocalAccount, Domain, SID, Status

Create a process

wmic process call create “taskmgr.exe”

Change Priority of a Process

wmic process where name=”explorer.exe” call set priority 64

Terminate a process

wmic process where name=”explorer.exe” call terminate

Get a list of Executable Files

wmic process where “NOT ExecutablePath LIKE ‘%Windows%’” GET ExecutablePath

Get Folder Properties

wmic fsdir where=”drive=’c:’ and filename=’test’” get /format:list’

Get File Properties

wmic datafile where name=’c:\windows\system32\demo\demo.txt’ get /format:list

Locate System Files

wmic environment get Description, VariableValue

Get a list of Installed Applications

wmic product get name

Get a list of Running Services

wmic service where (state=”running”) get caption, name, startmode

Get Startup Services

wmic startup get Caption, Command

Get System Driver Details

wmic sysdriver get Caption, Name, PathName, ServiceType, State, Status /format:list

Get OS Details

wmic os get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpdate, NumberofProcesses, NumberofUsers, Organization, RegisteredUsers, Status /format:list

Get the Motherboard Details

wmic baseboard, get Manufacturer, Product, SerialNumber, Version

Get BIOS Serial Number

wmic bios, get serialNumber

Get Hard Disk Details

wmic diskdrive get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType /format:list

Get Hard Disk Partitions Details

wmic logicaldisk where drivetype=3 get Name, Compressed, Description, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName

Get Memory Cache Details

wmic memcache get Name, BlockSize, Purpose, MaxCacheSize, Status

Get Memory Chip Details

wmic memorychip get PartNumber, SerialNumber

Detect If victim system is a host OS or installed via VMware

wmic onboarddevice get Desciption, DeviceType, Enabled, Status /format:list

Lock a User Account

wmic useraccount where name=’demo’ set disabled=false

Remove Password requirement for logging in

wmic useraccount where name=’demo’ set PasswordRequired=false

Rename a user account

wmic useraccount where name=’demo’ rename hacker

Restrict user from changing a password

wmic useraccount where name=’hacker’ set passwordchangeable=false

Get Antivirus Details

wmic /namespace:\root\securitycenter2 path antivirusproduct GET displayName, productState, pathToSignedProductExe

Clear System Logs

wmic nteventlog where filename=’system’ cleareventlog

results matching ""

    No results matching ""