Discovery windows audit script not working correctly? 3.0.2

 
1
0
-1

I'm having some issues figuring out what is going on.

If I go to the main page, click on the 'Audit My PC' and run the script, it runs and imports into the database.

When I run a discovery, it does the audit, but doesn't import into the database,

The logs come back as:


11,2162019-06-03 16:23:46wmi_helpercopy_to_windowsAttempting to copy file to Windows.success
0.000000
C:\xampp\open-audit\other\paexec.exe \\192.168.2.201 -s -u domain/user.a -p "******" -c "c:\windows\C:\xampp\open-audit\other\scripts\audit_windows_19_06_03_23_23_46_69915700.vbs"
11,2172019-06-03 16:23:46wmi_helperexecute_windowsWindows attempt to copy file to 192.168.2.201 succeeded in wmi_helper::copy_to_windowssuccess
0.000000
C:\xampp\open-audit\other\paexec.exe \\192.168.2.201 -s -u user.a -p "******" cmd /c "cscript C:\Windows\audit_windows.vbs submit_online=n create_file=w debugging=0 self_delete=y last_seen_by=audit_wmi system_id=111 discovery_id=9"
11,2182019-06-03 16:24:09inputdiscoveriesNo script output from 192.168.2.201 (System ID 111). Cannot retrieve audit result.fail
0.000000
11,2192019-06-03 16:24:09inputdiscoveriesCould not find audit result path in script output from 192.168.2.201 (System ID 111). Cannot retrieve audit result.fail
0.000000
11,2202019-06-03 16:24:09include_input_discoveriesdiscoveriesNo audit script result to processnotice
0.000000



Anyone have an idea what's going on /where to look?    Possibly not reading the config /generating the scripts properly?

Running community 3.0.2

  1. Mark Unwin

    Open-AudIT 3.1.0 is now available and has some improvements in this area.

CommentAdd your comment...

4 answers

  1.  
    1
    0
    -1

    This was on a client PC.  Went to the OA server web page, clicked on Audit this PC.   Ran the script that it downloaded.

    The log from above, was doing a discovery on a single device from the OA server.

    Neither method is working on 3.0.2 for me.   

    1. Mark Unwin

      Have you set the default_network_address in the config?

      It needs this set in order to know where to send the result back to.

    CommentAdd your comment...
  2.  
    1
    0
    -1

    Thanks for the reply Phil

    Checked that and everything was good. 

    This is on a fresh build, so no extra software installed.  Disabled the windows firewall completely with no change.

    If I run audit_windows script from version 3.0.0, I can run it locally and it works properly just not through discovery.

    Script from 3.0.2 returns the error in the script window screen shot.

      CommentAdd your comment...
    1.  
      1
      0
      -1

      What version of Windows? You may need to enable Windows Remote Management. From administrator Command Prompt:

      winrm quickconfig


      more info: https://docs.microsoft.com/en-us/windows/desktop/winrm/about-windows-remote-management


      also check the windows firewall and if a desktop security app is blocking that

        CommentAdd your comment...
      1.  
        1
        0
        -1


        This is the best output of the error I could get.

        1. Mark Unwin

          If you're trying to run discovery against the OA server, in short - it won't work.

          It's because discovery tries to talk to the target using WMI and credentials over the network. If the target is the local machine, Windows will refuse. This is on our to do list.

        CommentAdd your comment...