Versions Compared

Old Version 1

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version 2

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is the Windows short domain name. It is not the fully qualified domain. IE, mydomanmydomain, as opposed to not mydomain.open-audit.com.

The SHORTDOMAIN can be ommited omitted and the query will validate the credentials against the local machine being queried.

...

If the target computer is not on a domain, in general it must be the Adminitrator account that is used.

The SHORTDOMAIN and USERNAME can be supplied as either SHORTDOMAIN/USERNAME or USERNAME@SHORTDOMAIN.

More info - https://docs.microsoft.com/en-us/windows/win32/wmisdk/user-account-control-and-wmi?redirectedfrom=MSDN

PASSWORD

WMI itself cannot cater to password that contain both single and double quotes. It is recommended to avoid these characters altogether in the password.

...

The target Windows computer should be specified as either the IP address or the hostname only (that must resolve in DNS).

Providing a FQDN to the target , even if DNS resolves it, will not work as Windows relies on netbios for some aspects of authentication with Linux does not provide.

QUERY

Standard WMI queries are catered to. For more information, see the WMI reference at Microsoft - https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-reference

Other useful links

Connecting to WMI remotely - https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with-vista?redirectedfrom=MSDN

Target Client Configuration (from the Open-AudIT wiki)

Examples

Code Block
marku@test:/usr/local/nmis8/bin$ ./wmic -U WINDEVDOMAIN/administrator%my_password //10.152.0.40 "select * from Win32_OperatingSystem"
CLASS: Win32_OperatingSystem
BootDevice|BuildNumber|BuildType|Caption|CodeSet|CountryCode|CreationClassName|CSCreationClassName|CSDVersion|CSName|CurrentTimeZone|DataExecutionPrevention_32BitApplications|DataExecutionPrevention_Available|DataExecutionPrevention_Drivers|DataExecutionPrevention_SupportPolicy|Debug|Description|Distributed|EncryptionLevel|ForegroundApplicationBoost|FreePhysicalMemory|FreeSpaceInPagingFiles|FreeVirtualMemory|InstallDate|LargeSystemCache|LastBootUpTime|LocalDateTime|Locale|Manufacturer|MaxNumberOfProcesses|MaxProcessMemorySize|MUILanguages|Name|NumberOfLicensedUsers|NumberOfProcesses|NumberOfUsers|OperatingSystemSKU|Organization|OSArchitecture|OSLanguage|OSProductSuite|OSType|OtherTypeDescription|PAEEnabled|PlusProductID|PlusVersionNumber|PortableOperatingSystem|Primary|ProductType|RegisteredUser|SerialNumber|ServicePackMajorVersion|ServicePackMinorVersion|SizeStoredInPagingFiles|Status|SuiteMask|SystemDevice|SystemDirectory|SystemDrive|TotalSwapSpaceSize|TotalVirtualMemorySize|TotalVisibleMemorySize|Version|WindowsDirectory
\Device\HarddiskVolume2|14393|Multiprocessor Free|Microsoft Windows Server 2016 Datacenter|1252|1|Win32_OperatingSystem|Win32_ComputerSystem|(null)|WINNOW|0|True|True|True|3|False||False|256|2|2444088|943512|3478896|20201021053937.000000+000|0|20210531040349.499770+000|20210604010119.214000+000|0409|Microsoft Corporation|4294967295|137438953344|(en-US)|Microsoft Windows Server 2016 Datacenter|C:\Windows|\Device\Harddisk0\Partition3|0|57|8|8|(null)|64-bit|1033|400|18|(null)|False|(null)|(null)|False|True|3|(null)|00376-40000-00000-AA947|0|0|1048576|OK|400|\Device\HarddiskVolume3|C:\Windows\system32|C:|0|5241572|4192996|10.0.14393|C:\Windows

...