[Openvas-discuss] Problem with qeurying registry using openvas wmi

Veerendra Ganiger veerendragg at secpod.com
Wed Sep 4 17:07:29 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Monday 26 August 2013 07:47 PM, Yanjin Ding wrote:
> Dear all,
> 
> I'm trying to query registry values that exist on target machine(I checked
> manually). The function "wmi_connect_reg" succeeded, and return the handle.
> Then I try to call function "wmi_reg_enum_key", "wmi_reg_get_sz",
> "wmi_reg_get_dword_val", none of these work. Error message is : WMI query
> failed.
> The test script is attached.
> 
> I configured the target machine as follows:
> 1. Turned off firewall
> 2. Run "wmimgmt.msc" -> WMI control -> properties
>     enabled "remote enable" for namespace "root", "rsop", "default', "cimv2"
> 3. Started service "Remote registry"
> 
> Environment:
> openvas libraries 6.0.0
> wmi 1.3.14
> target machine os: Windows 7 Professional in a domain

As you mentioned it's in a domain try by adding domain into the username

i.e
if (domain){
  usrname = domain + '\\' + usrname;
}

Also attaching modified test script along with this mail.

Hope this will solve your problem. :)



Thanks!
Verendra

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSJ0ypAAoJEFdbOg70fJiaqNQIAIZIwTf/yYzhhiH5+5bflyAx
7QaricSrFC6UjthnRYwIcjkgw9IudO0dVM2v5rPv4qr6fqnTTMOV3QzSFrigGPPH
LDXsyCNRbbi3VtL0C3Q+7NduapNVzocQ15s5iLPLCpF7C4a5M3WtRwxIfW3hC7PD
oRkXG4HoSelpktBTN/h38ZBF3IzYle+hDdFjd5rEM3/j09ucKO29D5BpKu8Pzohc
DY/1mWP7p6ryF7CatJCvljyg4fiiIlBoQh4eUrSLPGFAwhn4oVe6NmscOzpyF5oL
MygXtz4pK/ZW2YIlMFs0A7GdH6aKQtLPt8UHYMsv6KtE5BztoDENvlQ9/Ccwr+w=
=7ic2
-----END PGP SIGNATURE-----
-------------- next part --------------
## Variables Initialization
host = "";
usrname = "";
passwd = "";
handle = "";

usrname = "username";
passwd = "password";
domain = "test";
host = get_host_ip();

security_note(data:"User Name : "+usrname);
security_note(data:"Passwd : "+passwd);
security_note(data:"Domain : "+domain);
security_note(data:"Host : "+host);

if (domain){
  usrname = domain + '\\' + usrname;
}

if(!host || !usrname || !passwd){
  security_note(data:string("\nImproper info provided"));
  exit(0);
}

security_note(data:string(wmi_versioninfo()));

## Connect using WMI
handle = wmi_connect_reg(host:host, username:usrname, password:passwd);

if(!handle){
  security_note(data:string("\nFailed to get handle "));
  exit(0);
}

security_note(data:string("\nConnected to host with handle ", handle));

MaxSize = wmi_reg_get_dword_val(wmi_handle:handle,key:"Software\Policies\Microsoft\Windows\EventLog\Application", key_name:"MaxSize");
security_note(data:string("\nQuery Result : ", MaxSize));

exit(0);


More information about the Openvas-discuss mailing list