search

oiweiwei / go-msrpc

The DCE/RPC / MS-RPC Codegen/Client for Go
MIT License
30 stars 2 forks source link

any example about WMI class StdRegProv? #3

Closed fardeadok closed 4 days ago

fardeadok commented 1 month ago

I can't figure out how to access the StdRegProvider class to read values from the registry. It is necessary through WMI and not through the remote registry or WinRM. Are there any more examples?

oiweiwei commented 1 month ago

hello @fardeadok, thanks for your interest!

I was trying to make things work as per this manual: https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--registry.

after improving examples/dcom.go, I was able to run certain WMI registry commands:

$ go run examples/wmiexec.go --class StdRegProv  --method EnumValues --args '{"hDefKey":2147483650, "sSubKeyName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip"}' 
{
  "ReturnValue": 0,
  "Types": [
    4,
    1,
    1,
    4,
    1,
    2,
    4,
    4,
    4,
    4,
    4,
    4,
    4
  ],
  "sNames": [
    "BootFlags",
    "Description",
    "DisplayName",
    "ErrorControl",
    "Group",
    "ImagePath",
    "Start",
    "Tag",
    "Type",
    "NdisMajorVersion",
    "NdisMinorVersion",
    "DriverMajorVersion",
    "DriverMinorVersion"
  ]
}
$ go run examples/wmiexec.go --class StdRegProv  --method GetStringValue --args '{"hDefKey":2147483650, "sSubKeyName":"SYSTEM\\CurrentControlSet\\Services\\Tcpip", "sValueName": "DisplayName"}'
{
  "ReturnValue": 0,
  "sValue": "@%SystemRoot%\\system32\\drivers\\tcpip.sys,-10001"
}
fardeadok commented 1 month ago

Thank you. Super!

Is it possible to use that without AD?

SERVER =192.168.0.1 // remote comp with WMI USERNAME=DESKTOPALEX\Alex // my username on remote comp PASSWORD=XXXXX // my password on remote comp TARGET=host/DESKTOPALEX // remote comp name

when trying to connect to a remote computer (it is not in the AD domain), it gives this error that the KDC cannot find: "new_object_exporter: bind: could not bind the selected transport: bind: init security context: security provider: krb5: init: apreq: affirm login: could not get valid TGT for client's realm: [Root cause: Networking_Error] Networking_Error: AS Exchange Error: failed sending AS_REQ to KDC: failed to communicate with KDC. Attempts made with UDP ( dok: DNS lookup KDC... no KDCs defined in configuration for realm DESKTOPALEX) and then TCP ( dok: DNS lookup KDC... no KDCs defined in configuration for realm DESKTOPALEX)"

oiweiwei commented 1 month ago

@fardeadok I guess you need to use NTLM authentication in this case, just comment out following lines:

https://github.com/oiweiwei/go-msrpc/blob/main/examples/wmiexec.go#L83-L84