User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » WMIC... passing cleartext usernames/passwords? Page [1]  
Optimum
All American
13716 Posts
user info
edit post

Does anyone know if the Windows Management Instrumentation tool, wmic, sends usernames or passwords in cleartext to machines it's collecting information from?

10/12/2009 10:24:14 AM

evan
All American
27701 Posts
user info
edit post

it depends on how you ask it to authenticate. i haven't used wmic much, only calls to WMI from wsh/vbscript... but i'm assuming wmic just uses the credentials it's running under.

normally, it uses ntlm if at all possible. if the above is true, it's definitely using ntlm.

usernames are plaintext if i remember correctly, but the password is never sent in plaintext

10/12/2009 11:11:53 AM

Optimum
All American
13716 Posts
user info
edit post

gotcha. assume that this is running as a domain-level admin, passing similar credentials via the wmic command-line tool. same thing?

10/12/2009 11:17:37 AM

smoothcrim
Universal Magnetic!
18969 Posts
user info
edit post

it can be setup to pass the kerb token itself if there's a domain involved. local accounts, the lowest common scheme is observed unless gpos are configured otherwise

10/12/2009 1:29:38 PM

disco_stu
All American
7436 Posts
user info
edit post

http://www.wireshark.org/
You tell us.

That is, if no one else knows.

^or that.

[Edited on October 12, 2009 at 1:30 PM. Reason : .]

10/12/2009 1:29:48 PM

Optimum
All American
13716 Posts
user info
edit post

some additional reading suggests to me that WMI is encrypted...

http://redmondmag.com/articles/2002/02/01/securing-remote-management-with-wmi.aspx

10/12/2009 4:23:18 PM

 Message Boards » Tech Talk » WMIC... passing cleartext usernames/passwords? Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.