Home page logo

pauldotcom logo PaulDotCom mailing list archives

wmic behaviour - is it just me?
From: daniel at virturity.com (Daniel [Virturity.com])
Date: Fri, 26 Jun 2009 10:01:37 +0100

I didnt see that before but i would capture the network traffic on the
target to verify what is going to the share and NTFS auditing the shared
resource to get some more information what happening there. Can also
check if null session shares help (KB289655), but i agree that the
computer permission should be sufficient. 

On Thu, 2009-06-25 at 13:18 -0600, Andrew Anderson wrote:
I am trying to pull netstat results from a remote machine partly as
per Ed's description on Command Line Kung Fu.#31

using the following line..

wmic /node:100.x.x.x process call Create "cmd.exe /c netstat > \

the call seems to finish properly, gives me a pid for the process, and
returns 0.

but nothing ever gets written to the file share.

if I run it locally on the target box:

netstat > \\10.x.x.x\temp\results.txt

It runs successully....  and I have my results on the remote share.

Some notes:
I can run other wmic commands against the remote machine ok.
I can see the process start on the remote machine.
The share permissions are set to allow full control for 'everyone' and
'Domain Computers' -- no I did NOT start here, nor do I plan to leave
permissions like this. --
I have tried the /user:x switch to explicity use my admin account and
It makes no difference.

Does anyone have any thoughts or perhaps seen this before?


Andrew Anderson
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]