In Open-AudIT why does audit_windows.vbs script fail when using IP Address?

 
1
0
-1

When I use the IP address of a computer when running audit_windows.vbs I receive the notice "PC not able to be audited and not found in Active Directory" but when I execute the script using a computer's name it works

cscript audit_windows.vbs 10.1.12.162 submit_online=y ping_target=y            (No audit recorded)

cscript audit_windows.vbs wlayd041 submit_online=y ping_target=y                (Audit Submitted)

This is occurring at a remote site. The IP of the Open-AudIT server is in a 192.168.1.x network

 

    CommentAdd your comment...

    5 answers

    1.  
      2
      1
      0
      To scan via IP instead of hostname, change one setting in audit_windows.vbs:
      ldap = ""
      1. Phil

        aka get rid of LDAP://192.168.4.21

      2. Rick Wegner

        Same response . I was the one that added the ldap server address starting audit - 10.1.12.165 Argurments ------------------- create_file: n debugging: 5 ldap: org_id: ping_target: y audit_netstat: s self_delete: n audit_software: y audit_dns: y audit_mount_point: y strcomputer: 10.1.12.165 struser: strpass: submit_online: y system_id: url: http://vm-auditIT/open-audit/index.php/system/add_system use_proxy: n windows_user_work_1: physicalDeliveryOfficeName windows_user_work_2: company details_to_lower: y hide_audit_window: n ------------------- LocalNet: 192.168.1.159 169.254.24.41 fe80::70e4:1ba8:d95c:1829 VM-AUDITIT Target: 10.1.12.165 No Match: Auditing remote host. PC 10.1.12.165 responding to ping Problem authenticating (9) to 10.1.12.165 Error Number:70 Error Description:Permission denied

      3. Phil

        I scan by IP all the time, never failed once so I knew the ldap setting shouldn't be there (I've never used it, never scanned AD before just ip by ip via batch files). Now that you fixed that, you need to add username and password to the command. Here is how I do it cscript audit_windows.vbs 10.1.3.62 strUser=hostname\administrator strPass=password

      4. Mark Unwin

        Also, try setting ping_target to 'n'.

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Whatever the exact issue is, it is related to the use of IPs, beyond those I am attempting to audit. When I change the url string to use the IP address of the Open-Audit server I get the same access denied error. I switch it back to the server name it works.

        CommentAdd your comment...
      1.  
        1
        0
        -1

        after posting this I noticed a typo, arguments is mis-spelled on lines 132, 134 & 345 in audit_windows.vbs

        1. Rick Wegner

          The entries in lines 132 and 134 were indeed misspelled, but those lines are commented out and the real line of code, line 135 Set objArgs = WScript.Arguments , had the proper spelling. I know that arguments are applying since I had to run the script with the submit_online=y argument before it would send to the server.

        CommentAdd your comment...
      2.  
        1
        0
        -1

        Here are the settings I've been using, and as I said it's never failed like this. I changed the IP's, and didn't need to include username/password because I'm logged in with local administrator account, and the local admin password is same on all the systems I'm auditing. Only need to include username/password when scanning a remote system that doesn't have the same local account password...

         

        I:\share1\Downloads\OpenAudit\scans>cscript audit_windows.vbs 00.00.00.00 debugging=5
        Microsoft (R) Windows Script Host Version 5.8
        Copyright (C) Microsoft Corporation. All rights reserved.

        starting audit - 00.00.00.00
        Argurments
        -------------------
        create_file: n
        debugging: 5
        ldap:
        org_id:
        ping_target: n
        audit_netstat: s
        self_delete: n
        audit_software: y
        audit_dns: y
        audit_mount_point: n
        strcomputer: 00.00.00.00
        struser:
        strpass:
        submit_online: y
        system_id:
        url: http://00.00.00.01/open-audit/index.php/system/add_system
        use_proxy: n
        windows_user_work_1: physicalDeliveryOfficeName
        windows_user_work_2: company
        details_to_lower: y
        hide_audit_window: n
        -------------------
        LocalNet: 00.00.00.005 192.168.56.1 WSHANPW12
        Target: 00.00.00.00
        No Match: Auditing remote host.
        Not pinging target (override with ping_target=y).
        My PID is : 3652
        Audit Start Time : 2017-05-24 11:27:48
        Audit Location: remote
        -------------------
        system info
        windows info
        Windows User: engadmin@vengwin219
        bios info
        scsi info
        processor info
        memory info
        motherboard info
        optical info
        video info
        monitor info
        sound info
        disk info
        partition info
        shares info
        network card info
        network address info
        DNS info
        IPEnabled adapter without DHCP enabled
        InterfaceIndex: 2
        Description: Intel(R) 82574L Gigabit Network Connection
        MACAddress: 00:50:56:86:7D:A2
        IPAddress: 00.00.00.00
        IPSubnet: 255.255.255.0
        Hostname:
        DNS Full Name:
        DNS IP Address:
        IPAddress: fe80::3c0c:6ac0:58ea:251b
        IPSubnet: 64
        print queue info
        environment variables
        logs
        pagefile
        local users info
        local groups info
        Codec info
        ODBC Driver info
        ODBC Driver info 64bit
        MDAC info
        DirectX info
        Windows Media Player info
        Internet Explorer info
        Outlook Express info
        Software info
        Software for 64bit (registry)
        Software for 64bit (registry) #3
        Hotfix info
        Services info
        CD Keys
        Win 2000 Key
        Win 64bit Key
        Office XP Key
        sqlite3.exe not found
        network routing info
        Audit Generated in 31 seconds.
        Submitting audit online
        Audit Submitted


        Response
        --------
        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
        <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><meta
        http-equiv="Content-type" content="text/html; charset=utf-8" />
        <head>
        <title>Open-AudIT</title>
        </head>

        <body>
        <pre>
        <a href='http://00.00.00.01/open-audit/index.php/system'>Back to input page</a><b
        r />
        <a href='http://00.00.00.01/open-audit/index.php'>Front Page</a><br />
        SystemID (updated): <a href='http://00.00.00.01/open-audit/index.php/main/system_
        display/745'>745</a>.<br />
        <br />Time: 2.7717 seconds.<br />
        </body></html>
        Total Execution Time: 35 seconds.

          CommentAdd your comment...
        1.  
          1
          0
          -1

          Can you try the below command and post the output, please.

          cscript audit_windows.vbs 10.1.12.162 submit_online=y ping_target=y debugging=5
          1. Rick Wegner

            Here is the response using the IP address, the response with the dns name follows C:\xampplite\open-audit\other>cscript audit_windows.vbs 10.1.12.162 submit_online=y ping_target=y debugging=5 Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. starting audit - 10.1.12.162 Argurments ------------------- create_file: n debugging: 5 ldap: LDAP://192.168.4.21 org_id: ping_target: y audit_netstat: s self_delete: n audit_software: y audit_dns: y audit_mount_point: y strcomputer: 10.1.12.162 struser: strpass: submit_online: y system_id: url: http://vm-auditIT/open-audit/index.php/system/add_system use_proxy: n windows_user_work_1: physicalDeliveryOfficeName windows_user_work_2: company details_to_lower: y hide_audit_window: n ------------------- LocalNet: 192.168.1.159 169.254.24.41 fe80::70e4:1ba8:d95c:1829 VM-AUDITIT Target: 10.1.12.162 No Match: Auditing remote host. PC 10.1.12.162 responding to ping Problem authenticating (9) to 10.1.12.162 Error Number:70 Error Description:Permission denied Cannot connect to 10.1.12.162 Attempting Active Directory data retrieval. LDAP domain: LDAP://192.168.4.21 PC not able to be audited and not found in Active Directory. Active Directory used for search was: LDAP://192.168.4.21 No audit recorded. ______________________________________________________________________________________ C:\xampplite\open-audit\other>ping -a 10.1.12.162 Pinging wlayd039.cco.cco-cce.org [10.1.12.162] with 32 bytes of data: Reply from 10.1.12.162: bytes=32 time=26ms TTL=122 Reply from 10.1.12.162: bytes=32 time=26ms TTL=122 Reply from 10.1.12.162: bytes=32 time=26ms TTL=122 Reply from 10.1.12.162: bytes=32 time=26ms TTL=122 ______________________________________________________________________________________ C:\xampplite\open-audit\other>cscript audit_windows.vbs wlayd039 submit_online=y ping_target=y debugging=5 Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. starting audit - wlayd039 Argurments ------------------- create_file: n debugging: 5 ldap: LDAP://192.168.4.21 org_id: ping_target: y audit_netstat: s self_delete: n audit_software: y audit_dns: y audit_mount_point: y strcomputer: wlayd039 struser: strpass: submit_online: y system_id: url: http://vm-auditIT/open-audit/index.php/system/add_system use_proxy: n windows_user_work_1: physicalDeliveryOfficeName windows_user_work_2: company details_to_lower: y hide_audit_window: n ------------------- LocalNet: 192.168.1.159 169.254.24.41 fe80::70e4:1ba8:d95c:1829 VM-AUDITIT Target: wlayd039 No Match: Auditing remote host. PC wlayd039 responding to ping My PID is : 10288 Audit Start Time : 2017-05-24 10:04:19 Audit Location: remote ------------------- system info

          CommentAdd your comment...