1
0
-1

Hi,

When trying the very first discovery i run into a credential issues.

I tried local administrator, i tried domain admin with the domain.

I even tried the winexe-static command from the command line pointing to just my desktop and domain / local admin credentials but always get the 'failed to open connection' message.

windows firewall is disabled, no local policies are in place. Using a simular tool but windows based the scan works ok and that tool is able to read software and other info.

Any idea's whats going on? I *'ed out our domain name in the screenshot. 

 

2018-04-17 11:48:34wmi_helperwmi_commandAttempting to execute command0.658468fail 
timeout 5m /usr/local/open-audit/other/winexe-static -U */'Administrator'%****** --uninstall //192.168.30.50 "wmic csproduct get uuid" 

ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET
ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET
ERROR: Failed to open connection - NT_STATUS_CONNECTION_RESET

    CommentAdd your comment...

    2 answers

    1.  
      1
      0
      -1

      Hi Mark,

      Linux version: CentOS Linux release 7.4.1708 (Core)

      Linux centos 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

      You are running version 2.1.1 of Open-AudIT.
      Your Host is: centos, and it's OS is Linux.
      Your database platform is mysql (version 5.5.56-MariaDB).
      Your web server is Apache/2.4.6 (CentOS) PHP/5.4.16 .
      Your PHP version is 5.4.16 and it's current time is 2018-04-17 15:19:40.

      The windows client machines are mostly windows 10 where SMB1 is no longer supported by MS. 

      With Kind Regards,

      Marco van Kammen. 


      1. Mark Unwin

        At the present time Open-AudIT uses SMB1. As a workaround you can have the audit script run at logon, manually copy it to the devices and run it, have the uses run it via "Audit My PC" link on the Open-AudIT logon page (no need to actually logon). This is now very high on our list of items to address.

      2. Marco van Kammen

        Hi Mark, Running the audit script seems to work as workaround, but we will wait for the permanent fix before we decide to go on and buy some licenses. Thanks & Regards, Marco van Kammen.

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Marco,

      A couple questions for you -

      What Linux distribution and version is your Open-AudIT installation on? For a list of supported Operating Systems and requirements, please see: https://community.opmantek.com/display/OA/Server+Requirements

      Also, is SMB1 disabled on the Windows machine?

      Thanks,

      Mark H

        CommentAdd your comment...