Open-AudIT

What's on your network?
It is currently Wed Jan 24, 2018 12:16 am

All times are UTC + 10 hours




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Thu Mar 14, 2013 6:30 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
HI,
unable to remote audit to workstation pc.
our windows station pc has been turn off all the firewall still have no luck to remote in ..
In create a windows audit script section.
it prompt
Warning, could not resolve hostname.
Make sure an entry exists in DNS if you intend to use the audit script on another system.
Computer : try fill in ipaddress or computer name
submit to url 127.0.0.1
remote username: the workstation administrator username ?
remote password: the workstation password ?
active directory user what should i fill? ( i try fill in our domain name / workstation user log in name)
active directory user what should i fill? ( i try fill in our domain name / workstation user log in name).
your help is much appreciate.


Last edited by thunder88 on Thu Mar 28, 2013 6:37 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 15, 2013 1:52 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
You need more detail for us to help you as your original post is a bit confusing. What steps are you doing to get these errors? What files are you editing?


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 18, 2013 2:55 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
Hi, so far i not yet do any editing on the open audit file i only go to the browser
http://localhost
log in to open audit web server.
than go to Admin ->scripts -> create audit windows
i try to key in
the computer : Ip address
submit online thick
remote username: just put local account administrator
remote password: just put local account password

Active directory user: what should i key in ? ( i did key in the DOMAIN NAME)
active directory user detail 2: wbhat should i key in ? ( i did key in the DOMAIN NAME )
than click create script.
and that's a warning msg at bottom of this pages
Warning, could not resolve hostname.
Make sure an entry exists in DNS if you intend to use the audit script on another system

Do you able to assits what step should i perform in order to start using open audit for scanning all the workstation which had join domain server.


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 19, 2013 2:18 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
thunder88 wrote:
Do you able to assits what step should i perform in order to start using open audit for scanning all the workstation which had join domain server.

As of beta 9.2 there's no way to audit a domain from the web server. This will change in future versions.

But right now one way to audit a domain is to run the audit_domain script on a central server which then audits the individual domain workstations.

Edit the audit_windows.vbs file in the OpenAudit other directory. Make sure you change the "url" variable near the beginning of the file if you're not performing the domain audit from the OpenAudit server. If you browse to this url you should get the "add a system" form. Make sure submit_online = "y".

Edit the audit_domain.vbs file. Change the script_name path to point to the audit_windows.vbs file above. Change the domain_array variable with your domain name.

Start an elevated cmd prompt in the directory with the two audit scripts and run the following command.
Code:
cscript audit_domain.vbs
If you've configured this correctly the audit_domain script should loop through all your domain machines calling the audit_windows script to audit and post the data.


Top
 Profile  
Reply with quote  
PostPosted: Wed Mar 20, 2013 2:24 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
Dear Jpa,
Below method for audit through workstation which connect to domain server.
Ok i try to configure the thing as below.
befrore that all the workstation will have Own user LOGIN ID / PASSWORD connect with the server domain.
Should I using the local adminstrator username and password to keyin to
this audit_windows script?since when trying run audit_windows script surely user will using their own LOGIN ID and PASSWORD to do their work. will this interrup the users? thanks =)

tart_time = Timer

' NOTE - Scheduled Tasks and Share Sizes can only be retrieved when running locally.
' below are the default settings

' default to localhost
strComputer = "."

' submit the audit to the OAv2 server
submit_online = "y"

' create an XML text file of the result in the current directory
create_file = "n"

' the address of the OAv2 server "submit" page
url = "http://191.168.0.2/index.php/system" <-- example this is my IP for one of the workstation uses to install OAV2 beta 9.2

' submit via a proxy (using the settings of the user running the script)
use_proxy = "n"

' the username (if not using the user running the script)
strUser = "administrator" <-- example

' the password (if not using the user running the script)
strPass = "abc" <-- example

' optional - assign any PCs audited to this Org - take the OrgId from OAv2 interface
org_id = ""

' optional - query this Active Directory attribute to determine the users work unit
' if attribute #1 produces nothing, then try attribute #2
windows_user_work_1 = "physicalDeliveryOfficeName"
windows_user_work_2 = "company"

' do not attempt to query mount points
skip_mount_point = "n"

' do not enumerate printers
skip_printer = "n"

' audit installed software
skip_software = "n"

' retrieve all DNS names
skip_dns = "n"

' if set then delete the audit script upon completion
' useful when starting the script on a remote machine and leaving no trace
self_delete = "n"

' 0 = no debug
' 1 = basic debug
' 2 = verbose debug
debugging = "2"

However my aduit_domain_windows
i had configure this line to :
' the name and path of the audit script to use
script_name = "c:\xampp\OAv2\other\audit_windows.vbs"
since my OaV2 9.2 in here the path.
it is correct?


2nd method to do audit workstation without connect to domain, just using cross network cable to plug in both pc
before i would like to know how it work.
I would like your help what should I configure
if I wan to using OAV2 9.2 pc remote to the other workstation pc .by plugin CROSS NETWORK CABLE. connect from this pc which install OVA2 9.2 to the workstation pc without OAV2 9.2 the ip which is 192.168.0.3
will this work for me?
what is the method to run the script and what to edit in the script. =) .After that how to get the results and report of the workstation pc, where to look at. your help is much appreciated thank you very much.
assume that my IP for the PC install OAV2 9.2 is 192.168.0.2
however the workstation pc i wan to audit them is 192.168.0.3

I Did try edit the audit_windows.VBS for the line as below:

' the address of the OAv2 server "submit" page
url = "http://192.168.0.2/index.php/system"
' submit the audit to the OAv2 server
submit_online = "y"


than i had type this command into run-> cscript audit_windows.VBS 192.168.0.3 than press ok.
i still had no luck to get the resutls from the connected workst ation pc specification.
by the ways where to look at the results, and i had try whole day still couldn't make it work, i did start apache and xamp server.
and log into http://localhost/index.php/main/list_groups . still not able to work up


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 21, 2013 1:41 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
First off are you running a Windows Domain? Do you have Windows Server 20XX set up as a Domain Controller?


Top
 Profile  
Reply with quote  
PostPosted: Thu Mar 21, 2013 3:01 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
jpa wrote:
First off are you running a Windows Domain? Do you have Windows Server 20XX set up as a Domain Controller?

Dear Jpa,
No, we are running NETBIOS server, don't have server 20xx above setup as a domain controller.
in the mean time , I also tested on 2 workstation pc, one of the pc act as Open audit server& both of the pc without join any domain.
just using one utp cat5e cable make it cross over to try still no success. to audit the other pc by runing the command
cscript audit_windows.vbs 192.168.0.3
did try ping each other got the reply connection was established.


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 22, 2013 1:29 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
First off make sure you've got a running OpenAudit server. Use the prebuilt XAMPP from the Downloads page. Make sure you can browse to the OpenAudit instance and login. I assume this machine is 192.168.0.2.

Now make sure your target machine has the admin shares open. In your audit server browse to "\\192.168.0.3\admin$" and you should get a password prompt. Enter the target machines local admin and password. You should see the target machine's Windows directory. If this doesn't work you need to enable remote admin.

Once that is working start with a fresh audit_windows.vbs file. Change the url variable at the top to "http://192.168.0.2/index.php/system", make sure submit_online is "y" and debugging is "3".

Start a cmd prompt on your audit server (192.168.0.2) and run:
Code:
cscript audit_windows.vbs strcomputer=192.168.0.3 struser=targetadmin strpass=targetadminpassword
Make sure to replace the targetadmin/targetadminpassword as appropriate.

The OpenAudit script should output information about what it's doing and any problems. Post the output here if it doesn't work.

Also what version of Windows are your OpenAudit and target machines?


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 22, 2013 11:54 am 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
Dear Jpa,
after i typed \\192.168.0.3\admin$
it prompted a dialog key in password only, username: ssom-3434231/Guest.
but i only set administrator account and password for the windows only Guest account is turn off.
I not able to change the username to administrator, that's no option or retype the username.
so i'm not able access windows directory folder successfully.

yes, i'm able access to http://192.168.0.2/index.php/login/index can log in successfully.
2nd I had eset anvirus with firewall 4.0.370.0 did disable and tried still not success
we are runing windows XP professional 2002 service pack3 for both pc.
Open audit version: OAv2_beta_9.2_xampp


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 22, 2013 1:10 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
You didn't post the screen output of the audit_domain.vbs run. I'm not sure where it's failing or why and I'm running out of guesses without more information. Basically, I know it works because I've audited a non-domain joined machine using struser and strpass. I'm not sure what you've got going on.


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 22, 2013 1:42 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
jpa wrote:
You didn't post the screen output of the audit_domain.vbs run. I'm not sure where it's failing or why and I'm running out of guesses without more information. Basically, I know it works because I've audited a non-domain joined machine using struser and strpass. I'm not sure what you've got going on.

Hi JPA,
it is u asked me to run cscript audit_windows.vbs strcomputer=192.168.0.3 struser=Administrator strpass=abc123 assume is like this the

and that's no respone. from the script.
i type in the start ->? RUN -> paste this command on the dialog space


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 22, 2013 2:13 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
You should get some output. Try this in a cmd prompt:
Code:
cscript audit_windows.vbs strcomputer=192.168.0.3 struser=Administrator strpass=abc123 debugging=3


Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 22, 2013 2:34 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
jpa wrote:
You should get some output. Try this in a cmd prompt:
Code:
cscript audit_windows.vbs strcomputer=192.168.0.3 struser=Administrator strpass=abc123 debugging=3

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.


C:\Documents and Settings\AngCA>cd..

C:\Documents and Settings>cd..

C:\>
C:\>cd xampp

C:\xampp>cd Oav2

C:\xampp\OAv2>cd other

C:\xampp\OAv2\other>cscript audit_windows.vbs strcomputer=192.168.5.xx struser=administrator
strpass=abc debugging=3
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

starting audit - 192.168.5.79
Not pinging target, attempting to audit.
Problem authenticating (1) to 192.168.5.79
Error Number:424
Error Description:Object required

C:\xampp\OAv2\other>
C:\xampp\OAv2\other>cscript audit_domain_windows.vbs strcomputer=192.168.5.xx st
ruser=administrator strpass=abc debugging=3
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Now Auditing: LDAP://sspg
select name, location, operatingSystem, lastLogon from 'LDAP://sspg' wher
e objectclass='computer'
C:\xampp\OAv2\other\audit_domain_windows.vbs(135, 2) Provider: Table does not ex
ist.
fyi, now i tested on the workstation machine with join domain in sspg and the open-audit also join domain in sspg
but in both ways not success .

i will try for the workstation with in WORKGROUP only later.


Top
 Profile  
Reply with quote  
PostPosted: Sat Mar 23, 2013 1:26 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1228
What happens if you use this:
Code:
cscript audit_windows.vbs strcomputer=192.168.5.xx struser=192.168.5.xx\administrator strpass=abc debugging=3
or
Code:
cscript audit_windows.vbs strcomputer=computername struser=computername\administrator strpass=abc debugging=3

Where you obviously fix the IP addresses or computername before running.


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 25, 2013 5:30 pm 
Offline
Newbie

Joined: Thu Mar 14, 2013 5:42 pm
Posts: 11
Dear Jpa,
here the error =)
C:\xampp\OAv2\other>cscript audit_windows.vbs strcomputer=192.168.0.xx struser=19
2.168.0.xx\administrator strpass=abc debugging=3
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

starting audit - 192.168.0.xx
Not pinging target, attempting to audit.
My PID is : 896
Audit Start Time : 2013-03-25 15:02:37
Audit Location: remote
-------------------
system info
windows info
Windows User: administrator@ssom-688f431da9
bios info
scsi info
processor info
memory info
motherboard info
optical info
modem info
video info
monitor info
sound info
disk info
partition info
shares info
network card info
network address info
DNS info
printer info
Driver Name: Microsoft XPS Document Writer
scheduled tasks
environment variables
logs
pagefile
local users info
Codec info
ODBC Driver info
MDAC info
DirectX info
Windows Media Player info
Internet Explorer info
Outlook Express info
Software info
Services info
CD Keys
No Adobe license database found
network routing info
Audit Generated in 164 seconds.
Submitting audit online
C:\xampp\OAv2\other\audit_windows.vbs(5617, 2) msxml3.dll: The connection with t
he server was terminated abnormally



C:\xampp\OAv2\other>
C:\xampp\OAv2\other>
C:\xampp\OAv2\other>

C:\xampp\OAv2\other>cscript audit_windows.vbs strcomputer=Ssom-688f431da9 struse
r=Ssom-688f431da9\administrator strpass=abc debugging=3
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

starting audit - Ssom-688f431da9
Not pinging target, attempting to audit.
My PID is : 4016
Audit Start Time : 2013-03-25 15:19:17
Audit Location: remote
-------------------
system info
windows info
Windows User: administrator@ssom-688f431da9
bios info
scsi info
processor info
memory info
motherboard info
optical info
modem info
video info
monitor info
sound info
disk info
partition info
shares info
network card info
network address info
DNS info
printer info
Driver Name: Microsoft XPS Document Writer
scheduled tasks
environment variables
logs
pagefile
local users info
Codec info
ODBC Driver info
MDAC info
DirectX info
Windows Media Player info
Internet Explorer info
Outlook Express info
Software info
Services info
CD Keys
No Adobe license database found
network routing info
Audit Generated in 3 seconds.
Submitting audit online
C:\xampp\OAv2\other\audit_windows.vbs(5617, 2) msxml3.dll: The connection with t
he server was terminated abnormally



C:\xampp\OAv2\other>


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group