Dec 31, 2021
Seeing the "WINRM QUICKCONFIG ACCESS DENIED" error when trying to enable Windows Remote Management via GPO or Windows Server 2012 & 2008? We
Enable WinRM QuickConfig over GPO
seen from United States
seen from United States
seen from Sweden
seen from Japan
seen from Netherlands
seen from China
seen from United States
seen from Canada
seen from United Kingdom
seen from Jordan
seen from United States
seen from China
seen from China
seen from Australia
seen from China
seen from Germany
seen from United Kingdom
seen from Germany
seen from China
seen from United States
Seeing the "WINRM QUICKCONFIG ACCESS DENIED" error when trying to enable Windows Remote Management via GPO or Windows Server 2012 & 2008? We
Enable WinRM QuickConfig over GPO
Evil-WinRM: The ultimate WinRM shell for Hacking/Pentesting | #HackingTools #HackingWindows #WinRM #Hacking
Remote access application protocols comparison
Introduction The current article provides an overview of the most commonly used remote access protocols, based on my e-book "Windows Server Administration Tools and Management consoles", chapter 4. More about the e-book can be found in the Source section at the end of this article. RDP and other Microsoft protocol specifications The Microsoft Remote Desktop Protocol (RDP) specification is publicly available by Microsoft and has received extensive updates and improvements since its first introduction in Windows NT 4.0 Server. As per Wikipedia “based on the ITU-T T.128 application sharing protocol from the T.120 recommendation series, the first version of RDP (named version 4.0) was introduced by Microsoft with "Terminal Services", as a part of their product Windows NT 4.0 Server, Terminal Server Edition. The Terminal Services Edition of NT 4.0 relied on Citrix's MultiWin technology, previously provided as a part of Citrix WinFrame atop Windows NT 3.51, in order to support multiple users and login sessions simultaneously”. The most recent RDP protocol specification is available for download in pdf format at https://stefanos.cloud/blog/MSRDPSpecification. WMI Windows Management Instrumentation (WMI) is Microsoft’s implementation of the Web-Based Enterprise Management (WBEM) protocol, maintained by DMTF (https://stefanos.cloud/blog/DMTFWBEM). The WMI management framework is natively present in every Windows operating system since Windows 2000. Read the full article
Veeam unattended installation with Ansible
[EN] Veeam unattended installation with Ansible #Veeam #VeeamVanguard #Ansible
There are already a lot of great projects out there for the Veeam unattended installation. One of the most advanced projects is for sure the Chef cookbook for Veeam Backup and Replication. I myself have also already worked on that topic, and have done some rework of the PowerShell script from Timothy Dewin. The Veeam unattended installation with Ansible is the next evolution of my prior projectan…
View On WordPress
Round of use Winrm code execution XML
Round of use Winrm code execution XML
Original text by Matt harr0ey
Introduction This beginning alludes to give point simple concept related to using Winrm.vbs to do code executed by XML file so I could collect a few ideas we totally can use to do a simple method is being offered by the red team like Winrm.vbs is getting more popular so I found some things can’t waste any more time to release them,
Winrm.vbs ==> Windows Remote…
View On WordPress
WinRM WSMan Fault Message = Access is denied.
WinRM WSMan Fault Message = Access is denied.
WSMan Fault Message = Access is denied. Error number: -2147024891 0x80070005 Access is denied. WinRM Access Denied C:\Windows\system32>winrm id -r:http://127.0.0.1/wsman -u:Administrator Enter the password for ‘Administrator’ to connect to ‘http://127.0.0.1/ws man’: After entered the password you will obtain the next error WSMan Fault Message = The client cannot connect to the destination…
View On WordPress
Ansibleでwindowsを操作する
対象
windows server 2012 R2(GCPのイメージ)
環境
python 3.5.2 / ansible 2.3.1 / pywinrm 0.2.2
事前確認
windowsをansibleで操作する場合、windowsのwinRMサービスが起動している必要があるため、サービスが利用できる状態か確認を行う
サービスが起動していても、ファイアウォールで閉じられていたら接続できないので、winRMが使用するポートhttp(5985), https(5986) が接続できる状態にあるか確認を行う
Basic認証の許可
デフォルトでは、winrmではBasic認証は許可されていないため、許可しておく
PowerShellを管理者権限で起動し、以下のコマンドを実行する
Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value True
設定の確認は以下のとおり、"Set"を"Get"に変えて、Value以降を削除するとOK
Get-Item -Path "WSMan:\localhost\Service\Auth\Basic"
windows server の設定に関しては、こちらの記事で紹介されている通り、スクリプトをダウンロードして実行するでも良いかと思います
pythonのmoduleインストール
ansibleからwinRMへ接続するために、 「pywinrm」をインストールする
求められるバージョンは、pywinrm >= 0.2.2
pip install pywinrm
インベントリの追加とgroup_varsの設定
hosts(インベントリ)
[windows] 104.198.117.44 [windows:vars] ansible_user=xxxxxxxxx ansible_password=xxxxxxxxxxxxx ansible_port=5986 ansible_connection=winrm ansible_winrm_server_cert_validation=ignore
接続テスト
ansible windows -i inventories/hosts -m win_ping -vvv
ansible 2.3.0だとbytesとstringに関するエラーがでる
ここに記載の通りで、win_pingのバグということで、ansibleを2.3.1にupgradeして解決
どうしてもうまくいかない場合は、windows serverの再起動をオススメします。
実行結果
META: ran handlers Using module file /Users/tshst/.anyenv/envs/pyenv/versions/3.5.2/lib/python3.5/site-packages/ansible/modules/windows/win_ping.ps1 <104.198.117.44> ESTABLISH WINRM CONNECTION FOR USER: xxxxxxxxx on PORT 5986 TO 104.198.117.44 EXEC (via pipeline wrapper) 104.198.117.44 | SUCCESS => { "changed": false, "ping": "pong" } META: ran handlers META: ran handlers
簡単なplaybook
どんなことができるかは、こちらのモジュール一覧を見てみてください
それ以外にも、PowerShellでできることはなんでもできそうな気がしますが、今のところ学ぶ気にはならないですw
group_varsに変数をまとめて記載する
先程、hostsに記載していた内容を新規作成したgroup_vars/windows.ymlに記載する
管理上やっているだけで、特にやらなくても動くと思います
ホスト名を変更する
ansibleディレクトリ直下に以下の内容で、windows.ymlファイルを作成する
--- - name: windows hostname setting hosts: windows gather_facts: false tasks: - win_domain_membership: domain_admin_user: "{{ ansible_user }}" domain_admin_password: "{{ ansible_password }}" workgroup_name: hoge hostname: hogemoge state: workgroup register: domain_state - win_reboot: when: domain_state.reboot_required
動作確認
% ansible-playbook -i inventories windows.yml -vvv Using /Users/tshst/OneDrive/src/github.com/tshst/develop/ansible/ansible.cfg as config file PLAYBOOK: windows.yml ********************************************************************************************************************************************************************************************************************************************** 1 plays in windows.yml PLAY [windows hostname setting] ************************************************************************************************************************************************************************************************************************************ META: ran handlers TASK [win_domain_membership] *************************************************************************************************************************************************************************************************************************************** task path: /Users/tshst/OneDrive/src/github.com/tshst/develop/ansible/windows.yml:6 Using module file /Users/tshst/.anyenv/envs/pyenv/versions/3.5.2/lib/python3.5/site-packages/ansible/modules/windows/win_domain_membership.ps1 <104.198.117.44> ESTABLISH WINRM CONNECTION FOR USER: tshpaper on PORT 5986 TO 104.198.117.44 EXEC (via pipeline wrapper) changed: [104.198.117.44] => { "changed": true, "reboot_required": true } TASK [win_reboot] ************************************************************************************************************************************************************************************************************************************************** task path: /Users/tshst/OneDrive/src/github.com/tshst/develop/ansible/windows.yml:14 <104.198.117.44> ESTABLISH WINRM CONNECTION FOR USER: tshpaper on PORT 5986 TO 104.198.117.44 EXEC (via pipeline wrapper) attempting post-reboot test command 'whoami' <104.198.117.44> ESTABLISH WINRM CONNECTION FOR USER: tshpaper on PORT 5986 TO 104.198.117.44 EXEC (via pipeline wrapper) changed: [104.198.117.44] => { "changed": true, "rebooted": true, "warnings": [] } META: ran handlers META: ran handlers PLAY RECAP ********************************************************************************************************************************************************************************************************************************************************* 104.198.117.44 : ok=2 changed=2 unreachable=0 failed=0
リモートデスクトップで接続した状態で、実行すると再起動の処理の後に、強制再起動されて、「おー」となるので、おすすめです!
Using PowerShell to Add a Key to the Registry
Using PowerShell to Add a Key to the Registry
Using PS to Add a Key to the Registry
In a recent experiment, I had to disable User Account Control (UAC) on a remote Virtual Machine through WinRM.
Note
To better protect those users who are members of the local Administrators group, we implemented UAC restrictions on the network. This mechanism helps prevent against “loopback” attacks. This mechanism also helps prevent local malicious software…
View On WordPress