On newer systems, attackers and penetration testers take advantage of built-in scripting languages, such as the Windows Management Instrumentation Command Line (WMIC), a command-line and scripting interface that is used to simplify access to Windows Instrumentation. If the compromised system supports WMIC, several commands can be used to gather information. Refer to the following table:



wmic nicconfig get ipaddress,macaddress

Obtains the IP address and MAC address

wmic computersystem get username

Verifies the account that was compromised

wmic netlogin get name, lastlogon

Determines who used this system last and when they last logged on

wmic desktop get screensaversecure, screensavertimeout ...

Get Mastering Kali Linux for Advanced Penetration Testing - Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.