search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.54k stars 3.58k forks source link

WMIQUERY instance has no attribute 'do_select' #201

Open DziugasB opened 8 years ago

DziugasB commented 8 years ago

wmiquery.py 'User:Password@192.168.1.1' -f <( echo "select * from MSCluster_Cluster" ) -namespace '//./root/mscluster' -rpc-auth-level privacy Impacket v0.9.15 - Copyright 2002-2016 Core Security Technologies

WQL> select * from MSCluster_Cluster [-] ("WMIQUERY instance has no attribute 'do_select'", 'When unpacking field \'InstancePropQualifierSet | : | \'\x02\x04\x00\x00\x00\x11\x00\x00\x00\x03\x01\x00\x00\x11\x03\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x11\x00\x00\x00\xf3\x00\x00\x00\x11\x03\x00\x00\x00\x02\x00\x00\x00\x1e\x00\x00\x00\xed\x02\x00\x00\x11\x08\x00\x00\x00\xd8\x02\x00\x00\xfb\x02\x00\x00\x11\x03\x00\x00\x00\x01\x00\x00\x00\x11\x00\x00\x00\xab\x01\x00\x00\x11\x03\x00\x00\x00\x02\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00\x11\x00\x00\x00=\x00\x00\x00\x11\x03\x00\x00\

asolino commented 8 years ago

Hey @DziugasB

Thanks for your report... I think the error is elsewhere. Please run the following query and let me know if it works on your side: wmiquery.py 'User:Password@192.168.1.1' -f <( echo "select * from Win32_Process" ) -namespace '//./root/cimv2' -rpc-auth-level privacy

DziugasB commented 8 years ago

Hi! It looks like MSCluster namespace output has something unexpected.

wmiquery.py 'User:Password@192.168.1.1' -f <( echo 'select * from win32_computersystemproduct' ) -namespace '//./root/cimv2' -rpc-auth-level privacy Impacket v0.9.15 - Copyright 2002-2016 Core Security Technologies

WQL> select * from win32_computersystemproduct | Caption | Description | IdentifyingNumber | Name | SKUNumber | Vendor | Version | UUID | | Computer System Product | Computer System Product | SNSNSNSN | ProLiant BL460c Gen8 | 0 | HP | | 12313232132131232131321321312 |

asolino commented 8 years ago

Thanks for checking that @DziugasB.

If you can identity which column is triggering the original error that'd be great. Otherwise I will need to set up an environment where //./root/mscluster namespace is available.

In short, you will need to call a single select <property> from MSCluster_Cluster where <property> is each one of the properties listed here until (hopefully) one of those trigger the error.

Let me know if this is something you can do.. otherwise I'll try to set up a test environment.

CCing @gadio that has also worked with this namespace.

DziugasB commented 8 years ago

Hi!

There are many columns with such problem: Description, DefaultNetworkRole, Security_Descriptor, QuorumArbitrationTimeMax, ClusSvcHangTimeout, ClusSvcRegroupOpeningTimeout, PlumbAllCrossSubnetRoutes and others.

There are many columns which are displayed ok: Caption, InstallDate, Status, CreationClassName, PrimaryOwnerContact, PrimaryOwnerName, Roles, NameFormat, OtherIdentifyingInfo, IdentifyingDescriptions, Dedicated, MaxNumberOfNodes, Name, Fqdn and others

I did not find reason why.