# WMI

wmi(Windows Management Instrumentation)는 DCOM을 사용하여 원격 컴퓨터의 시스템을 관리하고 엑세스 할 수 있는 프로토콜입니다.

관리자 권한이 있다면 wmi 통신을 통해 Win32\_Process.Create API를 호출하여 원격 명령을 실행하는 것이 가능합니다.

## Abuse

{% tabs %}
{% tab title="Windows" %}

<pre class="language-powershell"><code class="lang-powershell"><strong># wmi를 통한 원격 명령 실행
</strong>wmic /node:'&#x3C;target-ip>' /user:'&#x3C;username>' /password:'&#x3C;password>' process call create 'cmd.exe /c whoami >c:\windows\temp\whoami.txt'
</code></pre>

{% hint style="info" %}
wmi 명령 실행 결과는 출력되지 않으며, 출력 리다이렉션의 결과는 wmi 서버에 생성됩니다.
{% endhint %}
{% endtab %}

{% tab title="UNIX" %}

<pre class="language-bash"><code class="lang-bash"><strong># wmi를 통한 원격 명령 실행
</strong>nxc wmi '&#x3C;target-ip>' -u '&#x3C;username>' -p '&#x3C;password>' --exec-method wmiexec -x '&#x3C;command>'
</code></pre>

{% endtab %}
{% endtabs %}

## References

{% embed url="<https://learn.microsoft.com/ko-kr/windows/win32/wmisdk/about-wmi>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pentestwiki.com/lateral-movement/windows/wmi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.