WMI - wmiexe

Syntax: "   winexe -U domain/user%password //host "<command>"  "


Sometimes it is required to execute command on remote server.
At remote UX/ Linux OS it is common to use for this reasons ”SSH” protocol (when you are from old school and not reinventing the wheel).
At MS Windows it is possible as well to install “Cygwin” to emulate UX/Linux environment. On another hand sometime it is not required (or not possible) to install additional software on remote MS Windows Server.
According to this we can use “winexe” command that is delivered with “wmic” package for our Linux server. In this way it is possible to execute remote commands on MS Windows server directly from Linux console.

WINEXE options:

[root@Linux-WMI-Client test]# winexe --help
Usage: winexe //host command
  --uninstall                                 Uninstall winexe service after
                                              remote execution
  --reinstall                                 Reinstall winexe service before
                                              remote execution
  --system                                    Use SYSTEM account
  --runas=[DOMAIN\]USERNAME%PASSWORD          Run as user (BEWARE: password is
                                              sent in cleartext over net)
  --interactive=INT                           Desktop interaction: 0 -
                                              disallow, 1 - allow. If you
                                              allow use also --system switch
                                              (Win requirement). Vista do not
                                              support this option.
Help options:
  -?, --help                                  Show this help message
  --usage                                     Display brief usage message

Common samba options:
  -d, --debuglevel=DEBUGLEVEL                 Set debug level
  --debug-stderr                              Send debug output to STDERR
  -s, --configfile=CONFIGFILE                 Use alternative configuration
  --option=name=value                         Set smb.conf option from command
  -l, --log-basename=LOGFILEBASE              Basename for log/debug files
  --leak-report                               enable talloc leak reporting on
  --leak-report-full                          enable full talloc leak
                                              reporting on exit
Connection options:
  -R, --name-resolve=NAME-RESOLVE-ORDER       Use these name resolution
                                              services only
  -O, --socket-options=SOCKETOPTIONS          socket options to use
  -n, --netbiosname=NETBIOSNAME               Primary netbios name
  -W, --workgroup=WORKGROUP                   Set the workgroup name
  --realm=REALM                               Set the realm name
  -i, --scope=SCOPE                           Use this Netbios scope
  -m, --maxprotocol=MAXPROTOCOL               Set max protocol level

Authentication options:
  -U, --user=[DOMAIN\]USERNAME[%PASSWORD]     Set the network username
  -N, --no-pass                               Don't ask for a password
  --password=STRING                           Password
  -A, --authentication-file=FILE              Get the credentials from a file
  -S, --signing=on|off|required               Set the client signing state
  -P, --machine-pass                          Use stored machine account
                                              password (implies -k)
  --simple-bind-dn=STRING                     DN to use for a simple bind
  -k, --kerberos=STRING                       Use Kerberos
  --use-security-mechanisms=STRING            Restricted list of
                                              authentication mechanisms
                                              available for use with this
Common samba options:
  -V, --version                               Print version

WINEXE run command

In general it is possible to say that with help of this command you are able to run same set of commands on your remote MS Windows server like used User account (for remote logging) would be able to start on local CLI interface of your remote MS Windows server. (Fu too long and complicated? not really ;) )

WINEXE - Example

[root@Linux-WMI-Client ~]# winexe -U wmiuser%wmipasswd //wmi-server.localnet "ipconfig "          # requesting network config from remote MS Win

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b9ce:96eb:7638:c103
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{B8240955-75CE-4852-8D6B-407A45BF515F}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2470:2c12:f5ff:f387
   Link-local IPv6 Address . . . . . : fe80::2470:2c12:f5ff:f387
   Default Gateway . . . . . . . . . : ::
[root@Linux-WMI-Client ~]#

WINEXE - "cmd" Example

It is possible to become “shell” of remote MS Windows Server with command “cmd”

[root@Linux-WMI-Client ~]# winexe -U wmiuser%wmipasswd //wmi-server.localnet "cmd"    # Starting CLI/Shell/CMD on remote MS Win
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>                                                                  # We do have full CLI/Shell/CMD interface
                                                                                      # with rights of our User on Remote MS Win

WINEXE - "cmd /c" Example

Sometime it is required to star remote command with help of remote CLI/Shell/CMD interface.

[root@Linux-WMI-Client ~]# winexe -U wmiuser%wmipasswd //wmi-server.localnet "cmd /c hostname"
[root@Linux-WMI-Client ~]#
QR Code
QR Code wiki:infrastructure_tools:wmi:wmi-winexe (generated for current page)