Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / VBScript
 

Fast WMI Network Probing

0.00/5 (No votes)
13 Aug 2009CPOL1 min read 15.8K  
Scans network PCs and remotely start notepad.exe, plus an interactive command shell via PSEXEC.

Introduction

This article will explain how to scan your network for open shares and start remote processes using WMI - Windows Management Instrumentation. The script will attempt to create remote processes: notepad.exe and an interactive command shell on ComputerName using PSEXEC.

Background

I've been looking for code to scan a network for open shares such as C$\Admin$ etc.,... and didn't have much luck. So, I decided to write this simple VBScript code to probe a PC to see if execute/write permissions are available.

Using the code

Create a file called wmi.vbs:

VBScript
strComputer=Wscript.Arguments(0)
sleep=3
Wscript.Echo strComputer
Set filesys = CreateObject("Scripting.FileSystemObject")
Set objSWbemServices = GetObject ("WinMgmts:Root\Cimv2")
Set colProcess = objSWbemServices.ExecQuery ("Select * From Win32_Process")
For Each objProcess In colProcess
  If InStr (objProcess.CommandLine, WScript.ScriptName) <> 0 Then
    pid=objProcess.ProcessId
  End If
Next
On Error Resume Next
Err.Clear
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd /c ping -n " & sleep & " 127.0.0.1>nul & _
             taskkill /PID " & pid & " /F" ,0,false
Set objWMIService = GetObject("winmgmts:" & _
                    "{impersonationLevel=impersonate}!\\" & _
                    strComputer & "\root\cimv2")
if  Err.Number <> 0  then
    Wscript.Echo Err.Description
else
    Wscript.Echo "ok"
    Set objWMIService = GetObject("winmgmts:\\" & _
                        strComputer & "\root\cimv2:Win32_Process")
    objWMIService.Create "notepad.exe", null, null, intProcessID
    WshShell.Run "psexec \\" & strComputer &" cmd"
End If
WshShell.Run "taskkill /IM ping.exe /T",0,true

Then, launch it by passing your computer name:

cscript.exe wmi.vbs ComputerName

Points of interest

One problem with using WMI is that it "hangs" from seconds to minutes on a GetObject - which is detrimentally slow if there are 1000s of PCs to scan.

To overcome the WMI hang, the script will sneakily terminate itself via a TASKKILL after a number of specified seconds (sleep=3) have elapsed. The end result is that scans are fast, and doesn't create threads or involve writing complex code. But most importantly, the "hangs" have been greatly reduced!

To test the script, open a command prompt and type:

net view /domain

This will return a list of domains on the network. To get a list of PCs for a specific domain, type:

net view /domain:yourdomain

At this point, save the output results and create a batch file called wmi.bat:

cscript.exe C:\wmi.vbs COMPUTER1
cscript.exe C:\wmi.vbs COMPUTER2
cscript.exe C:\wmi.vbs COMPUTER3
...
cscript.exe C:\wmi.vbs COMPUTERN

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2009 by cyber_flash
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-10-19:1