Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HELP] A couple of questions about the wmi configuration #7

Open
StaelensJarne opened this issue Jun 15, 2020 · 3 comments
Open

[HELP] A couple of questions about the wmi configuration #7

StaelensJarne opened this issue Jun 15, 2020 · 3 comments

Comments

@StaelensJarne
Copy link

I have followed the steps in the readme, but I have a couple off questions for it to run properly.
Now I have the error: An error occured: rpc_s_access_denied. How can I troubleshoot these error?

How do I know if this is a permission issue? The scripts in the external scripts directory needs to have as owner the Zabbix user? And not the root?

Can you put an example off the wmi.pw file? With some example content? Does the domain parameter matter if you have a fixed IP-address for your Zabbix machine?

How can I verify if the impacket libray is correctly installed? What can I do to test this library?

If I try to invoke it from the command line, I ge the following error: An error occuren: [Errno -2] Name or service not known. How do I specify the "Windows host" in the zabbix_server from the command line?
@13hakta
Copy link
Owner

13hakta commented Jun 16, 2020
edited
Loading

rpc_access_denied is a common case with insufficient rights. zbxwmi is built upon impacket and depends on its ability to connect. This is one of threads about this issue, may be it would be helpful: fortra/impacket#664

Script needs only to have Read+eXecutable flags for zabbix user, owner could be anyone.

Example for wmi.pw:

mydomain\monitor_user
kind0f5tron9PWD

Domain parameter matters, so its known who connects local user or external.

You may install full impacket package, it has testing scripts.
Suppose you need this one: https://github.com/SecureAuthCorp/impacket/blob/master/tests/SMB_RPC/test_wmi.py

Host argument could be IP or FQDN, whatever can be accessible from zabbix host.

@StaelensJarne
Copy link
Author

I still don't understand how the user need to be configured on the target/remote Windows machine.
If I understand it correctly the user in the wmi.pw file needs to be the user on the remote/target Windows machine from which you want to query ???
Which privileges needs have this user then?
If I use powershell I can Query the WMI:
WMI User
But If I try to test access from another Windows machine in the same network (and in the same domain I get this):
Test from other Windows PC

@StaelensJarne
Copy link
Author

How do I know if it is not a Firewall issue or if there is an issue with the user on the target/remote Windows machine?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@13hakta @StaelensJarne