!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Windows\System32\WindowsPowerShell\v1.0\en-US\   drwxrwxrwx
Free 4.1 GB of 39.52 GB (10.37%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     about_WMI_Cmdlets.help.txt (8.67 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
TOPIC
    about_WMI_cmdlets
    
SHORT DESCRIPTION
    Provides background information about Windows Management Instrumentation
    (WMI) and Windows PowerShell.
           
LONG DESCRIPTION
    This topic provides information about WMI technology, the WMI cmdlets for 
    Windows PowerShell, WMI-based remoting, WMI accelerators,
    and WMI troubleshooting. This topic also provides links to more information
    about WMI.

                 
  About WMI 

      Windows Management Instrumentation (WMI) is the Microsoft implementation
      of Web-Based Enterprise Management (WBEM), which is an industry 
      initiative to develop a standard technology for accessing management 
      information in an enterprise environment. WMI uses the Common Information
      Model (CIM) industry standard to represent systems, applications, 
      networks, devices, and other managed components. CIM is developed and 
      maintained by the Distributed Management Task Force (DMTF). You can use
      WMI to manage both local and remote computers. For example, you can use
      WMI to do the following: 

          -- Start a process on a remote computer.

          -- Restart a computer remotely.

          -- Get a list of the applications that are installed on a local or 
             remote computer.

          -- Query the Windows event logs on a local or remote computer.

 
  The WMI Cmdlets for Windows PowerShell

      Windows PowerShell implements WMI functionality through a set of cmdlets
      that are available in Windows PowerShell by default. You can use these 
      cmdlets to complete the end-to-end tasks necessary to manage local and 
      remote computers.
 
      The following WMI cmdlets are included.

      Cmdlet                 Description
      ------------------     ----------------------------------------------
      Get-WmiObject          Gets instances of WMI classes or information 
                             about the available classes.

      Invoke-WmiMethod       Calls WMI methods.

      Register-WmiEvent      Subscribes to a WMI event.

      Remove-WmiObject       Deletes WMI classes and instances.

      Set-WmiInstance        Creates or modifies instances of WMI classes.

    
  Sample Commands

      The following command displays the BIOS information for the local 
      computer.
         
          C:\PS> get-wmiobject win32_bios | format-list *

        
      The following command  displays information about the WinRM service
      for three remote computers.
        
          C:\PS> get-wmiobject -query "select * from win32_service where name='WinRM'" -computername server01, server01, server03
                 

      The following more complex command exits all instances of a program.
         
          C:\PS> notepad.exe
          C:\PS> $np = get-wmiobject -query "select * from win32_process where name='notepad.exe'" 
          C:\PS> $np | remove-wmiobject


  WMI-Based Remoting 

      While the ability to manage a local system through WMI is useful, it is
      the remoting capabilities that make WMI a powerful administrative tool. 
      WMI uses Microsoft's Distributed Component Object Model (DCOM) to 
      connect to and manage systems. You might have to configure some systems
      to allow DCOM connections. Firewall settings and locked-down DCOM 
      permissions can block WMI's ability to remotely manage systems. 
   

  WMI Type Accelerators

      Windows PowerShell includes WMI type accelerators. These WMI type 
      accelerators (shortcuts) allow more direct access to a WMI objects
      than a non-type accelerator approach would allow. 

      The following type accelerators are supported with WMI:

          [WMISEARCHER] - A shortcut for searching for WMI objects.

          [WMICLASS] - A shortcut for accessing the static properties
                       and methods of a class.

          [WMI] - A shortcut for getting a single instance of a class.

      [WMISEARCHER] is a type accelerator for a ManagementObjectSearcher.
      It can take a string constructor to create a searcher that you can then
      do a GET() on.

      For example:
    
      PS> $s = [WmiSearcher]'Select * from Win32_Process where Handlecount > 1000'
      PS> $s.Get() |sort handlecount |ft handlecount,__path,name -auto

      handlecount  __PATH                                              name
      -----------  ------                                              ----
      1105         \\SERVER01\root\cimv2:Win32_Process.Handle="3724"   powershell...
      1132         \\SERVER01\root\cimv2:Win32_Process.Handle="1388"   winlogon.exe
      1495         \\SERVER01\root\cimv2:Win32_Process.Handle="2852"   iexplore.exe
      1699         \\SERVER01\root\cimv2:Win32_Process.Handle="1204"   OUTLOOK.EXE
      1719         \\SERVER01\root\cimv2:Win32_Process.Handle="1912"   iexplore.exe
      2579         \\SERVER01\root\cimv2:Win32_Process.Handle="1768"   svchost.exe


      [WMICLASS] is a type accelerator for ManagementClass. This has a 
      string constructor that takes a local or absolute WMI path to a WMI 
      class and returns an object that is bound to that class. 

      For example:

      PS> $c = [WMICLASS]"root\cimv2:WIn32_Process"
      PS> $c |fl *
      Name             : Win32_Process
      __GENUS          : 1
      __CLASS          : Win32_Process
      __SUPERCLASS     : CIM_Process
      __DYNASTY        : CIM_ManagedSystemElement
      __RELPATH        : Win32_Process
      __PROPERTY_COUNT : 45
      __DERIVATION     : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement}
      __SERVER         : SERVER01
      __NAMESPACE      : ROOT\cimv2
      __PATH           : \\SERVER01\ROOT\cimv2:Win32_Process

      [WMI] is a type accelerator for ManagementObject. This has a string 
      constructor that takes a local or absolute WMI path to a WMI instance
      and returns an object that is bound to that instance. 

      For example:

      PS> $p = [WMI]'\\SERVER01\root\cimv2:Win32_Process.Handle="1204"'
      PS> $p.Name
      OUTLOOK.EXE
 

  WMI Troubleshooting 

      The following problems are the most common problems that might occur 
      when you try to connect to a remote computer.

    Problem 1: The remote computer is not online. 

      If a computer is offline, you will not be able to connect to it by 
      using WMI. You may receive the following error message:

          "Remote server machine does not exist or is unavailable"


      If you receive this error message, verify that the computer is online.
      Try to ping the remote computer.
 
 
    Problem 2: You do not have local administrator rights on the remote 
               computer.
 
      To use WMI remotely, you must have local administrator rights on the
      remote computer. If you do not, access to that computer will be denied.

      To verify namespace security:

          a. Click Start, right-click My Computer, and then click Manage.

          b. In Computer Management, expand Services and Applications, 
             right-click WMI Control, and then click Properties.

          c. In the WMI Control Properties dialog box, click  the Security tab.
     
 
    Problem 3: A firewall is blocking access to the remote computer. 

      WMI uses the DCOM (Distributed COM) and RPC (Remote Procedure Call) 
      protocols to traverse the network. By default, many firewalls block
      DCOM and RPC traffic. If your firewall is blocking these protocols,
      your connection will fail. For example, Windows Firewall in Microsoft
      Windows XP Service Pack 2 is configured to automatically block all
      unsolicited network traffic, including DCOM and WMI. In its default 
      configuration, Windows Firewall rejects an incoming WMI request, and 
      you receive the following error message:

          "Remote server machine does not exist or is unavailable" 
       

  More Information about WMI

      For more information about WMI, see the following topics in the MSDN
      (Microsoft Developer Network) library:

          "About WMI:
          http://go.microsoft.com/fwlink/?LinkId=142212

          "WMI Troubleshooting"
          http://go.microsoft.com/fwlink/?LinkId=142213


      And, see "Secrets of Windows Management Instrumentation - Troubleshooting
      and Tips" in the Microsoft TechNet Script Center:

          http://go.microsoft.com/fwlink/?LinkId=142214
 

SEE ALSO
    Online version: http://go.microsoft.com/fwlink/?LinkId=142219
    Get-WmiObject
    Invoke-WmiMethod
    Register-WmiEvent
    Remove-WmiObject
    Set-WmiInstance

 

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.1404 ]--