Overview
This document provides step-by-step instructions for pulling, configuring, and running the WMIC (Windows Management Instrumentation Client) Docker container. This container provides a service for remote WMI connectivity, allowing systems to query and manage Windows machines.
Prerequisites
Docker installed on your system
Basic understanding of Docker commands
Administrator/sudo privileges
Pulling the WMIC Container
# Pull the WMIC container from the AWS ECR repository sudo docker pull public.ecr.aws/n2x4v8j4/firstwave/wmic:latest
Configuration
1. Create a Configuration File
Create a file named wmic_server.yaml with your WMI server configuration:
# ----------------------------------- USER DEFINITIONS -----------------------------------
# user identity config block - used for authentication between the wmic_server and the wmi target
# id key name will match the id passed in by calling clients - these ids must not use any other valid top level key in this file
# id key name must be formatted according to the validation rules also specified in this file (since they are also passed in by the clients as http parameters)
# data in the config block must have user and pass, domain is optional, tokens are optional
user1:
user: MYUSER
pass: MYPASSWORD
domain:
# optional list of valid id-specific tokens the client calling the wmi server can use to "authenticate" to the wmi server (not the wmi target)
# leave empty or do not include to not require these tokens
tokens:
- MYSECRETUSERACCESSTOKEN1
- MYSECRETUSERACCESSTOKEN2
# ----------------------------------- TOKEN DEFINITIONS -----------------------------------
# token array
# optional list of valid tokens the client calling the wmi server can use to "authenticate" to the wmi server (not the wmi target)
# any user above can use these tokens - if you need user-specific tokens you can add them in the user defintions above and leave these ones empty
# leave empty or do not include to not require these tokens
tokens:
- MYSECRETACCESSTOKEN1
- MYSECRETACCESSTOKEN2
# ----------------------------------- INPUT VALIDATION DEFINITIONS -----------------------------------
# input validation regular expressions for http input variables
# you must provide regular expressions for each of these, you can provide one or more regular expression
# regular expressions are case insensitive
# if you really want no validation, make the regular expression just a single dot ie .
validation:
id:
# includes only alpha,digits,-,_
- ^[a-z0-9\-_]+$
token:
# includes only alpha,digits,-,_
- ^[a-z0-9\-_]+$
host:
# includes only alpha,digits,. or -
- ^[a-z0-9\.\-]+$
query:
# format like SELECT something FROM something
- ^select.+from)
- OTHERREGEX
namespace:
# format like alpha or digits then a "/" followed by alpha or digits
- ^[a-z0-9]+/[a-z0-9]+$
Save this file in a location of your choice (e.g., your project directory).
2. Run the Container
sudo docker run -d \ -v $/path/to/wmic_server.yaml:/app/contrib/wmic_server/wmic_server.yaml \ -p 2313:2313 \ --restart=unless-stopped \ public.ecr.aws/n2x4v8j4/firstwave/wmic:latest
This command:
Runs the container in detached mode (
-d)Mounts your local configuration file to the expected path inside the container
Maps port 2313 from the container to your host
3. Verify the Container is Running
sudo docker ps
Look for the WMIC container in the list of running containers.
4. Check Container Logs
# Get the container ID first sudo docker ps # Check the logs sudo docker logs CONTAINER_ID
Successful startup will show Gunicorn starting and listening on port 2313.
Using the WMIC Service
Basic Usage
The WMIC service exposes a REST API that you can access via HTTP requests. Here are some example usages:
1. Query a Windows Machine
# Using curl to query a Windows machine
curl -X POST http://localhost:2313/query \
-H "Content-Type: application/json" \
-d '{
"host": "192.168.1.100",
"id": "user1",
"token": "MYSECRETACCESSTOKEN1",
"namespace": "root\\cimv2",
"query": "SELECT * FROM Win32_OperatingSystem"
}'
Common WMI Queries
Here are some useful WMI queries you can run through the WMIC service:
System Information
SELECT * FROM Win32_ComputerSystem
Operating System Information
SELECT * FROM Win32_OperatingSystem
Disk Information
SELECT * FROM Win32_LogicalDisk
Process Information
SELECT * FROM Win32_Process
Network Adapter Configuration
SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=True
Troubleshooting
Container Won't Start
If the container fails to start, check the logs:
sudo docker logs CONTAINER_ID
Common issues include:
Configuration file not found
Ensure the path mapping in your docker run command is correct
Verify the configuration file exists at the specified location
Port already in use
Change the port mapping in your docker run command:
-p 2314:2313
Permission issues
Ensure the configuration file has the correct permissions
Connection Issues
If you can't connect to the WMIC service:
Verify the container is running
sudo docker ps
Check if the port is accessible
telnet localhost 2313
Check firewall settings
Ensure port 2313 is allowed through your firewall
Managing the Container
Stop the Container
# Get the container ID sudo docker ps # Stop the container sudo docker stop CONTAINER_ID
Restart the Container
sudo docker restart CONTAINER_ID
Remove the Container
# Stop the container first sudo docker stop CONTAINER_ID # Remove the container sudo docker rm CONTAINER_ID
The WMIC Docker container provides a convenient way to interact with Windows systems using WMI. By following this guide, you should be able to set up and use the container for querying and managing Windows machines remotely.