-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Mr. Yanjin,
Attaching new small NVT using wmi_connect_reg() function.
Let us know, if you need any thing.
NASL out put :
==============
openvas-nasl -X wmi_reg_test.nasl -t 192.168.1.230
User Name : test
Passwd : test
Host : 192.168.1.230
Connected to host with handle 161723352
Registry Enum Entries :
DevicePath|MediaPathUnexpanded|SM_GamesName|SM_ConfigureProgramsName|ProgramFilesDir|ProductId|WallPaperDir|MediaPath|ProgramFilesPath|SM_AccessoriesName|PF_AccessoriesName|SM_ConfigureProgramsExisted|CommonFilesDir
Registry Get SZ Value : C:\Program Files
Thanks!
Veerendra
On Wednesday 15 May 2013 01:04 AM, Yanjin Ding wrote:
> Hello Mr. Ganiger,
>
> I tried your example script, it works. But I'm still having a problem with
> query registry using "wmi_connect_reg" and "wmi_reg_enum_value". The error
> is "WMI query failed" for "wmi_reg_enum_value". The example script is
> attached. Could you please take a look and see if there's any problem?
> Thank you.
>
> *--*
> *Yanjin Ding*
>
>
>
>
> On Tue, May 14, 2013 at 6:59 AM, Veerendra Ganiger
> <veerendr...@secpod.com>wrote:
>
> Hello Yanjin,
>
> Tested wmi connect on Windows XP SP3 and is working fine.
> Attaching a small NASL script, please check is it working or not.
>
> We will try to reproduce the issue, please provide which platform you
> are using.
>
>
> openvas-nasl -X wmi_connect_test.nasl -t 192.168.1.230
>
> NASL script out put :
> =====================
> User Name : test
> Passwd : test
> Host : 192.168.1.230
>
> Connected to host with handle 152144128
>
> Executing wmi query : SELECT IPAddress, MacAddress, Description FROM
> Win32_NetworkAdapterConfiguration Where IPEnabled = True
>
> Query Result : Description|Index|IPAddress|MACAddress
> VMware Accelerated AMD PCNet Adapter - Packet Scheduler
> Miniport|1|192.168.1.230|00:0a:11:64:01:7A
> VMware Accelerated AMD PCNet Adapter - Packet Scheduler
> Miniport|10|192.168.1.230|00:0a:11:64:01:7A
>
>
> Thanks!
> Veerendra
>
> On Tuesday 14 May 2013 01:45 AM, Yanjin Ding wrote:
>>>> Dear all,
>>>>
>>>> I'm having problem with connecting and querying through wmi. The log
> says:
>>>> WMI Connect Failed.
>>>>
>>>> I used "wmic" from command line, it's able to get RSOP results back. I
> also
>>>> used "gpresult" which is a microsoft tool to query RSOP data, and it's
>>>> working. I believe the host configuration with WMI is correct.
>>>>
>>>> But openvas still can't connect through WMI. I installed wmi following
>>>> instructions here:
>>>>
> http://code.ohloh.net/file?fid=FUi4Z0R3xgX0oCjcpy4vdQq7eec&cid=MQKpc2gZPvw&s=&browser=Default#L0
>>>> .
>>>>
>>>> Also I wrote a test nasl script, first set host, username and password
>>>> properly, then call the function:
>>>> wmi_connect(host:host, username:usrname, password:passwd);
>>>> and run the script using openvas-nasl. It printed our error message:
>>>>
>>>> [librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()]
>>>> failed NT status (c0000236) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
>>>> [librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT
>>>> status (c0000236) in dcerpc_pipe_connect_b_recv
>>>> nasl_wmi_connect: WMI Connect failed
>>>>
>>>> I'm using openvas 6 libraries and wmi 1.3.14.
>>>>
>>>> Can anyone help me out? Thank you in advance.
>>>> *--*
>>>> *Yanjin Ding*
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Openvas-devel mailing list
>>>> Openvas-devel@wald.intevation.org
>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
>>>>
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRlIfHAAoJEFdbOg70fJia8BoIAIY2N/Ff57bBDHmPGagEinkX
5vFRoM/bYnsjwXZbY7tgDzJnf4uvYZqZUjtzg/nzgzsKP1+W9nZ81OM9RGCEr1dO
xYSOlvHbttEVGw9qFb2nTv/Tv397VhnnVBGpBJ/d2ZcqJQBXlr5Sm0Ntah87aELf
+ypjQJS185jrdmmaJbkH9kRXCVdccu97HWjlRb8rdSB2yr781BWFNaXV3yMCqB69
q2VhDWOcMTZKvOsTUFkt65Z98OoFaPr7ep/jcAGH3d4M0POZ+GGvpQSgq5bco9Be
hFnv7sBHE2fH3qHCuNg+4CsCQHhXCCOyL0A9dnSelVQ6/9quI+g0LYlLq943/TA=
=sGEp
-----END PGP SIGNATURE-----
include("wmi_file.inc");
include("wmi_os.inc");
## Variables Initialization
host = "";
usrname = "";
passwd = "";
handle = "";
usrname = "test";
passwd = "test";
host = get_host_ip();
security_note(data:"User Name : "+usrname);
security_note(data:"Passwd : "+passwd);
security_note(data:"Host : "+host);
if(!host || !usrname || !passwd){
security_note(data:string("\nImproper info provided"));
exit(0);
}
## WMI Registry Connect
handle = wmi_connect_reg(host:host, username:usrname, password:passwd);
if(!handle){
security_note(data:string("\nFailed to get handle "));
exit(0);
}
security_note(data:string("\nConnected to host with handle ", handle));
## HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
reg_entries = wmi_reg_enum_value(wmi_handle:handle, key:
"SOFTWARE\Microsoft\Windows\CurrentVersion");
security_note(data:string("\nRegistry Enum Entries : ", reg_entries));
## HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
reg_value =
wmi_reg_get_sz(wmi_handle:handle,key:"SOFTWARE\Microsoft\Windows\CurrentVersion",
key_name:"ProgramFilesDir");
security_note(data:string("\nRegistry Get SZ Value : ", reg_value));
wmi_close(wmi_handle:handle);
_______________________________________________
Openvas-devel mailing list
Openvas-devel@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel
