Windows Firewall
netsh advfirewall set currentprofile state off
netsh advfirewall set domainprofile state off
netsh advfirewall set privateprofile state off
netsh firewall set opmode mode=DISABLE
WMIC
This command shows the global options which are used in the wmic command. WMIC Global Options are used to set properties of the WMIC environment. With the combination of global options and the aliases than we can manage the system through the wmic environment.
Syntax/Example: wmic /?
wmic computerystem list full /format:list
wmic process list /format:list
wmic ntdomain list /format:list
wmic useraccount list /format:list
wmic group list /format:list
wmic sysaccount list /format:list
Get System Roles, User Name, and Manufacturer
wmic computersystem get Name, Domain, Manufacturer, Model, Username, Roles /format:list
Get the SIDs
wmic group get Caption, InstallDate, LocalAccount, Domain, SID, Status
Create a process
wmic process call create “taskmgr.exe”
Change Priority of a Process
wmic process where name=”explorer.exe” call set priority 64
Terminate a process
wmic process where name=”explorer.exe” call terminate
Get a list of Executable Files
wmic process where “NOT ExecutablePath LIKE ‘%Windows%’” GET ExecutablePath
Get Folder Properties
wmic fsdir where=”drive=’c:’ and filename=’test’” get /format:list’
Get File Properties
wmic datafile where name=’c:\windows\system32\demo\demo.txt’ get /format:list
Locate System Files
wmic environment get Description, VariableValue
Get a list of Installed Applications
wmic product get name
Get a list of Running Services
wmic service where (state=”running”) get caption, name, startmode
Get Startup Services
wmic startup get Caption, Command
Get System Driver Details
wmic sysdriver get Caption, Name, PathName, ServiceType, State, Status /format:list
Get OS Details
wmic os get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpdate, NumberofProcesses, NumberofUsers, Organization, RegisteredUsers, Status /format:list
Get the Motherboard Details
wmic baseboard, get Manufacturer, Product, SerialNumber, Version
Get BIOS Serial Number
wmic bios, get serialNumber
Get Hard Disk Details
wmic diskdrive get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType /format:list
Get Hard Disk Partitions Details
wmic logicaldisk where drivetype=3 get Name, Compressed, Description, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName
Get Memory Cache Details
wmic memcache get Name, BlockSize, Purpose, MaxCacheSize, Status
Get Memory Chip Details
wmic memorychip get PartNumber, SerialNumber
Detect If victim system is a host OS or installed via VMware
wmic onboarddevice get Desciption, DeviceType, Enabled, Status /format:list
Lock a User Account
wmic useraccount where name=’demo’ set disabled=false
Remove Password requirement for logging in
wmic useraccount where name=’demo’ set PasswordRequired=false
Rename a user account
wmic useraccount where name=’demo’ rename hacker
Restrict user from changing a password
wmic useraccount where name=’hacker’ set passwordchangeable=false
Get Antivirus Details
wmic /namespace:\root\securitycenter2 path antivirusproduct GET displayName, productState, pathToSignedProductExe
Clear System Logs
wmic nteventlog where filename=’system’ cleareventlog