Wmi allows to open process in hosts where you know username/\(password/Hash\). Then, Wmiexec uses wmi to execute each command that is asked to execute \(this is why Wmicexec gives you semi-interactive shell\).
**dcomexec.py:** This script gives a semi-interactive shell similar to wmiexec.py, but using different DCOM endpoints \(ShellBrowserWindow DCOM object\). Currently, it supports MMC20. Application, Shell Windows and Shell Browser Window objects. \(from [here](https://www.hackingarticles.in/beginners-guide-to-impacket-tool-kit-part-1/)\)
## WMIC
From an attacker's perspective, WMI can be very valuable in enumerating sensitive information about a system or the domain.
We see it executed successfully \(ReturnValue = 0\). And a second later our Empire listener catches it. Note the process ID is the same as WMI returned.
All this information was extracted from here: [https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-2-psexec-and-services/](https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-2-psexec-and-services/)