WMI for Script Kiddies
added on 2022/09/16 @ 16:31:06 | 715 views| category: hacking-security
WMI or Windows Management Instrumentation or Windows Managed Infrastructure is an interface for managed components that provides data and operations to consumers or users. In particular, WMI is Microsoft’s implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards. This jargon basically means that there is a way for you to manipulate and observe system data. This could be data about the system itself, applications, networks, devices, processes, etc., all of which could be extremely useful to the average Script Kiddie trying to gain information about a target. Thankfully, WMI has been a part of the operating system since Windows 2000 (although it has gone through some upgrades since then).
WMI can be a powerful tool for administrators (and Script Kiddies) because it has the added benefit of being able to gather and/or manipulate information on a remote computer. That’s right, you can use WMI to perform advanced reconnaissance or even manipulate those systems using remote WMI connections.
But wait, there’s more! WMI can be used programmatically through scripts or applications. These programs can be used to automate administrative tasks (or nefarious Script Kiddie operations) on the local or remote systems. And Microsoft was extremely helpful by making WMI available to programmers of all backgrounds, including C/C++, Visual Basic, .NET languages, and various Windows Script Host (WSH) languages like VBScript and JScript. In fact, almost all of the common programming languages, including Python, have libraries that support COM. Finally, Microsoft also made a fairly easy-to-use command-line interface for WMI called the WMI Command-Line Utility (Wmic.exe). Even better, WMI has been easily accessible via PowerShell since Windows 7.