02_CIM/WMI/Powershell

We will enumerate and work with WMI (Windows Management Instrumentation)
- Look at some Key Terms: ‘Namespaces’, ‘Classes’, ‘Properties’, and ‘Methods.’
We will utilize WMI to create persistence on a victim machine.

Definition: Windows Management Instrumentation (WMI) is a set of tools provided by Microsoft to manage and monitor Windows operating systems.
Purpose: It allows administrators to gather information about the system, including hardware and software configurations, and perform administrative tasks both locally and remotely.
Access Methods: WMI can be accessed via command-line tools like wmic, scripting languages like PowerShell, or programming languages that support COM (Component Object Model).
Common Uses:
- System Monitoring: Check system health, performance, and resource usage.
- Configuration Management: Retrieve and configure system settings.
- Automation: Automate administrative tasks such as querying installed software, managing services, or gathering system information.
Components:
- WMI Repository: A database where WMI stores configuration and status information.
- WMI Providers: Components that supply data from different parts of the system to the WMI repository.
- WMI Consumers: Applications or scripts that request information or perform tasks using WMI.
Security: WMI uses DCOM (Distributed Component Object Model) for remote communication, which includes security mechanisms to control access and ensure secure data transmission.
Practical Example: Using PowerShell, you can get a list of all running processes on a computer with the command Get-WmiObject Win32_Process.

Untitled

Untitled