I’m using Greenbone Community Container Edition with Docker on Ubuntu 22.04 LTS.
Currently I’m doing an authenticated scan of a Windows 10 machine.
This seems to basically work and some vunerabilies have been detected.
But while reviewing the results I discovered in the report entry ‘Authenticated Scan / LSC Info Consolidation (Windows SMB Login)’ an entry:
Description (Knowledge base entry) : Value/Content
-----------------------------------------------------------------
Access via WMI possible (WMI/access_successful) : FALSE
and the openvas.log of the ospd-openvas container also shows an entry:
lib nasl:MESSAGE:2023-08-11 13h19.59 utc:8012: nasl_wmi_connect: WMI Connect failed or missing WMI support for the scanner
What is needed to successfully use WMI with the Greenbone Community Edition Docker Container?
Thanks, but if its already installed in the current ospd-openvas container, why do I get the following:
But while reviewing the results I discovered in the report entry ‘Authenticated Scan / LSC Info Consolidation (Windows SMB Login)’ an entry:
Description (Knowledge base entry) : Value/Content
-----------------------------------------------------------------
Access via WMI possible (WMI/access_successful) : FALSE
and the openvas.log of the ospd-openvas container also shows an entry:
lib nasl:MESSAGE:2023-08-11 13h19.59 utc:8012: nasl_wmi_connect: WMI Connect failed or missing WMI support for the scanner
What is needed to successfully use WMI with the Greenbone Community Edition Docker Container?
That’s correct - when I checked this, I found out that my containers weren’t up to date …
So I updated them and tried again but with the same result.
The report still shows in ‘Authenticated Scan / LSC Info Consolidation (Windows SMB Login)’ an entry:
Description (Knowledge base entry) : Value/Content
-----------------------------------------------------------------
Access via WMI possible (WMI/access_successful) : FALSE
and the openvas.log of the ospd-openvas container also still shows:
lib nasl:MESSAGE:2023-08-29 14h45.19 utc:348: nasl_wmi_connect: WMI Connect failed or missing WMI support for the scanner
So I opened up a shell in the ospd-openvas container and found the following files related to WMI
root@ospd-openvas:/usr/local/bin# ls -la *wmi*
lrwxrwxrwx 1 root root 25 Aug 3 07:39 impacket-wmiexec -> /usr/local/bin/wmiexec.py
-rwxr-xr-x 1 root root 4627944 Jun 15 11:31 wmic
-rwxr-xr-x 1 root root 19578 Aug 3 07:39 wmiexec.py
-rwxr-xr-x 1 root root 12193 Aug 3 07:39 wmipersist.py
-rwxr-xr-x 1 root root 9070 Aug 3 07:39 wmiquery.py
I know wmic from my Windows machines and played around with it but never were successful – I always get:
root@ospd-openvas:~# /usr/local/bin/wmic -U DOMAIN/myScanUser%myPassword //10.10.10.10 "SELECT * FROM Win32_OperatingSystem"
[/source/samba/librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[/source/samba/librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
[/source/wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT
When I try the same target form a Windows Host (logged on as DOMAIN/myScanUser) it is successful:
C:\Users\ myScanUser>wmic /node:10.10.10.10 path win32_operatingsystem get caption
Caption
Microsoft Windows 10 Pro
The scanned Windows 10 target machine has the (Windows) Firewall completetly disabled.
What’s going wrong here and how can this be fixed?
Hello!
I was checking the scanner code and the error comes from nasl_wmi.c, which uses openvas-smb library for establishing the connection. Python impacket should not be involved here.
I checked in the container and the openvas is linked against the necessary library
Since it works for you from your windows wmi client, I would think it is either a bug in the libopenvas_wmiclient.so or a misusage (missing argument like namespace, unsupported char in the user/pass, etc) and therefore you get a connection error.
From the code, I can see that for establishing the connection, the namespace defaults to root\\cimv2 and the options defaults to [sign].
Indeed, that is what I a mentioned in my last comment, and yes, it is used for the connection if it is not override for provided values. Those are just the used defaults.
So, should it work with that defaults ? Do you need to change anything in your target to get it working with those defaults?
I don’t know exactly what you mean - the test-target is an out of the box installation of Windows 10 21H2 with completely disabled firewall and I’m not aware of anything special …
I did another wmic test with debug output and got:
root@ospd-openvas:/ospd-openvas# /usr/local/bin/wmic -d 7 -U DOMAIN/myScanUser%myPassword //10.10.10.10 --namespace root/cimv2 "SELECT * FROM Win32_OperatingSystem"
[/source/samba/param/loadparm.c:587:init_globals()] Initialising global parameters
[/source/samba/param/loadparm.c:2464:lp_load()] lp_load: refreshing parameters from /usr/local/etc/openvas/openvas-smb.conf
[/source/samba/param/params.c:517:OpenConfFile()] params.c:OpenConfFile() - Unable to open configuration file "/usr/local/etc/openvas/openvas-smb.conf":
No such file or directory
[/source/samba/param/loadparm.c:2473:lp_load()] pm_process() returned No
[/source/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service IPC$
[/source/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service ADMIN$
[/source/samba/auth/credentials/credentials_krb5.c:170:cli_credentials_set_ccache()] failed to get principal from default ccache: No such file or directory: get-principal lstat(/tmp/krb5cc_0)
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'spnego' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'schannel' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam_ignoredomain' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'name_to_ntstatus' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'fixed_challenge' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind_samba3' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'anonymous' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'krb5' registered
[/source/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'ntlmssp' registered
[/source/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[/source/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:xed_challenge
[/source/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/source/samba/lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. xed_challenge
[/source/samba/lib/socket/interface.c:103:add_interface()] added interface ip=172.19.0.7 nmask=255.255.0.0
[/source/samba/librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[/source/samba/librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
[/source/wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT
Perhaps this is helpful …
Has anybody working WMI with a current Greenbone Docker Container environment?
In the meantime, I installed GVM on a separate VM from source (also using Ubuntu 22.04 LTS) and there WMI access to the same Windows 10 machine works.
I launched on both VMs: /usr/local/bin/wmic -d 7 -U DOMAIN/myScanUser%myPassword //10.10.10.10 "SELECT * FROM Win32_OperatingSystem"
Output of native install:
greenbone@vmgreenbone:~$ /usr/local/bin/wmic -d 7 -U DOMAIN/myScanUser%myPassword //10.10.10.10 "SELECT * FROM Win32_OperatingSystem"
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:587:init_globals()] Initialising global parameters
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:2464:lp_load()] lp_load: refreshing parameters from /usr/local/etc/openvas/openvas-smb.conf
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/params.c:517:OpenConfFile()] params.c:OpenConfFile() - Unable to open configuration file "/usr/local/etc/openvas/openvas-smb.conf":
No such file or directory
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:2473:lp_load()] pm_process() returned No
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service IPC$
[/home/greenbone/source/openvas-smb-22.5.3/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service ADMIN$
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/credentials/credentials_krb5.c:170:cli_credentials_set_ccache()] failed to get principal from default ccache: No such file or directory: get-principal lstat(/tmp/krb5cc_1000)
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'spnego' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'schannel' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam_ignoredomain' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'name_to_ntstatus' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'fixed_challenge' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind_samba3' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/auth.c:446:auth_register()] AUTH backend 'anonymous' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'krb5' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'ntlmssp' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:10.10.10.10
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC mechanism spnego
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC submechanism gssapi_krb5
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec_gssapi.c:305:gensec_gssapi_client_start()] Cannot do GSSAPI to an IP address
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:605:gensec_start_mech()] Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC submechanism ntlmssp
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:567:complete_activation()] Negotiated COM version: 5.7 using binding ncacn_ip_tcp:10.10.10.10[135]
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:1171:bind_new_pipe()] /home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:1171: dcom_get_pipe: host=10.10.10.10, similar=10.10.10.10[49788]
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/gensec/gensec.c:597:gensec_start_mech()] Starting GENSEC mechanism ntlmssp
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:128:ntlmssp_client_challenge()] Got challenge flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_client.c:242:ntlmssp_client_challenge()] NTLMSSP: Set final flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp_sign.c:318:ntlmssp_sign_init()] NTLMSSP Sign/Seal - Initialising with flags:
[/home/greenbone/source/openvas-smb-22.5.3/samba/auth/ntlmssp/ntlmssp.c:72:debug_ntlmssp_flags()] Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:196:main()] OK : Login to remote object.
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:200:main()] OK : WMI query execute.
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:203:main()] OK : Reset result of WMI query.
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/ndr/ndr_string.c:214:ndr_pull_string()] long string ''
[/home/greenbone/source/openvas-smb-22.5.3/wmi/wmic.c:212:main()] OK : Retrieve result data.
CLASS: Win32_OperatingSystem
BootDevice|BuildNumber|BuildType|Caption|CodeSet|CountryCode|CreationClassName|CSCreationClassName|CSDVersion|CSName|CurrentTimeZone|DataExecutionPrevention_32BitApplications|DataExecutionPrevention_Available|DataExecutionPrevention_Drivers|DataExecutionPrevention_SupportPolicy|Debug|Description|Distributed|EncryptionLevel|ForegroundApplicationBoost|FreePhysicalMemory|FreeSpaceInPagingFiles|FreeVirtualMemory|InstallDate|LargeSystemCache|LastBootUpTime|LocalDateTime|Locale|Manufacturer|MaxNumberOfProcesses|MaxProcessMemorySize|MUILanguages|Name|NumberOfLicensedUsers|NumberOfProcesses|NumberOfUsers|OperatingSystemSKU|Organization|OSArchitecture|OSLanguage|OSProductSuite|OSType|OtherTypeDescription|PAEEnabled|PlusProductID|PlusVersionNumber|PortableOperatingSystem|Primary|ProductType|RegisteredUser|SerialNumber|ServicePackMajorVersion|ServicePackMinorVersion|SizeStoredInPagingFiles|Status|SuiteMask|SystemDevice|SystemDirectory|SystemDrive|TotalSwapSpaceSize|TotalVirtualMemorySize|TotalVisibleMemorySize|Version|WindowsDirectory
\Device\HarddiskVolume1|19044|Multiprocessor Free|Microsoft Windows 10 Pro|1252|49|Win32_OperatingSystem|Win32_ComputerSystem|(null)|JKW10HORE|120|True|True|True|2|False||False|256|2|2479160|715548|3104276|20220210150208.000000+060|0|20230907122453.500000+120|20230911170946.482000+120|0407|Microsoft Corporation|4294967295|137438953344|(de-DE)|Microsoft Windows 10 Pro|C:\Windows|\Device\Harddisk0\Partition3|0|98|5|48||64-Bit|1031|256|18|(null)|False|(null)|(null)|False|True|1|Microsoft|00330-80000-00000-AA107|0|0|720896|OK|272|\Device\HarddiskVolume3|C:\Windows\system32|C:|0|4914168|4193272|10.0.19044|C:\Windows
greenbone@vmgreenbone:~$
Output of docker install:
root@ospd-openvas:/ospd-openvas# /usr/local/bin/wmic -d 7 -U DOMAIN/myScanUser%myPassword //10.10.10.10 "SELECT * FROM Win32_OperatingSystem"
[/source/samba/param/loadparm.c:587:init_globals()] Initialising global parameters
[/source/samba/param/loadparm.c:2464:lp_load()] lp_load: refreshing parameters from /usr/local/etc/openvas/openvas-smb.conf
[/source/samba/param/params.c:517:OpenConfFile()] params.c:OpenConfFile() - Unable to open configuration file "/usr/local/etc/openvas/openvas-smb.conf":
No such file or directory
[/source/samba/param/loadparm.c:2473:lp_load()] pm_process() returned No
[/source/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service IPC$
[/source/samba/param/loadparm.c:1344:lp_add_hidden()] adding hidden service ADMIN$
[/source/samba/auth/credentials/credentials_krb5.c:170:cli_credentials_set_ccache()] failed to get principal from default ccache: No such file or directory: get-principal lstat(/tmp/krb5cc_0)
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'spnego' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'schannel' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'sam_ignoredomain' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'name_to_ntstatus' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'fixed_challenge' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind_samba3' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'winbind' registered
[/source/samba/auth/auth.c:446:auth_register()] AUTH backend 'anonymous' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'krb5' registered
[/source/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'ntlmssp' registered
[/source/samba/auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[/source/samba/auth/gensec/gensec.c:1228:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[/source/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:m
[/source/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/source/samba/lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. m
[/source/samba/lib/socket/interface.c:103:add_interface()] added interface ip=172.19.0.7 nmask=255.255.0.0
[/source/samba/librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[/source/samba/librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
[/source/wmi/wmic.c:196:main()] ERROR: Login to remote object.
NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT
root@ospd-openvas:/ospd-openvas#
The difference is:
Native:
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:10.10.10.10
[/home/greenbone/source/openvas-smb-22.5.3/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:413:determine_rpc_binding_continue2()] dcerpc_ndr_request_recv returned NT_STATUS_OK
[/home/greenbone/source/openvas-smb-22.5.3/samba/lib/com/dcom/main.c:417:determine_rpc_binding_continue2()] IObjectExporter::ServerAlive returned NT_STATUS_OK
vs.
Docker:
[/source/samba/lib/com/dcom/main.c:527:dcom_determine_rpc_binding()] Using binding ncacn_ip_tcp:m
[/source/samba/librpc/rpc/dcerpc_connect.c:513:continue_map_binding()] Mapped to DCERPC endpoint 135
[/source/samba/lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. m
[/source/samba/lib/socket/interface.c:103:add_interface()] added interface ip=172.19.0.7 nmask=255.255.0.0
[/source/samba/librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[/source/samba/librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
To me it seems that wmic can’t connect to outside of the container but I don’t know the root cause.
Can someone help, perhaps Greenbone?
When you update the containers, you get the ospd-openvas which includes other modules (gvm-libs, openvas-smb and openvas). Also, I suppose you are using the latest stable ospd-openvas images.
Ospd-openvas images are created with latest/stable tag only with a new release. Last release is 2 month old, but next week a new ospd-openvas release (and docker image including all patches) should be available.
If you don’t want to wait, you can pull the ospd-openvas:edge (instead of stable) which should already include the last openvas-smb with the fix.
So it seems that the fix isn’t included in the edge Ospd-openvas image what my current tests confirms.
But that’s not really a problem, I’ll monitor for the new release next week and retest again …