.. / wbemtest.exe

UI tool for interacting with Windows Management Instrumentation (WMI)

• https://learn.microsoft.com/en-us/intune/configmgr/develop/core/understand/introduction-to-wbemtest
• https://4sysops.com/archives/wbemtest-part-1-testing-wmi-connectivity/
• https://patchmypc.com/blog/intro-wbemtest/

Execute

Launch process

wbemtest.exe

• wmic.exe deprecation but you still want to use native WMI
• One useful tool for working with WMI/WBEM is WBEMTEST. There are many WMI tools out there. However, WBEMTEST is immediately available on most systems, rather than having to be downloaded first. You might think of it like Notepad.exe. There are text editors with richer capabilities available, but Notepad.exe is always there when you need to view or create a text file.
• Connect to the target namespace as \\<TARGETHOST>\root\cimv2, select Execute Method, Object path as Win32_Process, Method as Create, Edit in Parameters, edit the CommandLine property, save property, save method, click on “Execute!” button.
• There is a lot of clicking required.
• Requires admin access on the remote machine, but you can still do a lot of local enumeration.

Processes

Query processes

wbemtest.exe

• T1057
• T1047