Closed fardeadok closed 4 days ago
hello @fardeadok, thanks for your interest!
I was trying to make things work as per this manual: https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--registry.
after improving examples/dcom.go, I was able to run certain WMI registry commands:
$ go run examples/wmiexec.go --class StdRegProv --method EnumValues --args '{"hDefKey":2147483650, "sSubKeyName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip"}'
{
"ReturnValue": 0,
"Types": [
4,
1,
1,
4,
1,
2,
4,
4,
4,
4,
4,
4,
4
],
"sNames": [
"BootFlags",
"Description",
"DisplayName",
"ErrorControl",
"Group",
"ImagePath",
"Start",
"Tag",
"Type",
"NdisMajorVersion",
"NdisMinorVersion",
"DriverMajorVersion",
"DriverMinorVersion"
]
}
$ go run examples/wmiexec.go --class StdRegProv --method GetStringValue --args '{"hDefKey":2147483650, "sSubKeyName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip", "sValueName": "DisplayName"}'
{
"ReturnValue": 0,
"sValue": "@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10001"
}
Thank you. Super!
Is it possible to use that without AD?
SERVER =192.168.0.1 // remote comp with WMI USERNAME=DESKTOPALEX\Alex // my username on remote comp PASSWORD=XXXXX // my password on remote comp TARGET=host/DESKTOPALEX // remote comp name
when trying to connect to a remote computer (it is not in the AD domain), it gives this error that the KDC cannot find: "new_object_exporter: bind: could not bind the selected transport: bind: init security context: security provider: krb5: init: apreq: affirm login: could not get valid TGT for client's realm: [Root cause: Networking_Error] Networking_Error: AS Exchange Error: failed sending AS_REQ to KDC: failed to communicate with KDC. Attempts made with UDP ( dok: DNS lookup KDC... no KDCs defined in configuration for realm DESKTOPALEX) and then TCP ( dok: DNS lookup KDC... no KDCs defined in configuration for realm DESKTOPALEX)"
@fardeadok I guess you need to use NTLM authentication in this case, just comment out following lines:
https://github.com/oiweiwei/go-msrpc/blob/main/examples/wmiexec.go#L83-L84
I can't figure out how to access the StdRegProvider class to read values from the registry. It is necessary through WMI and not through the remote registry or WinRM. Are there any more examples?