Open-AudIT
http://www.open-audit.org/phpBB3/

Audit_Windows.vbs on a certain Windows 2003 SP2 Fails/hangs
http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6318
Page 1 of 1

Author:  augrunt [ Tue Apr 15, 2014 10:38 am ]
Post subject:  Audit_Windows.vbs on a certain Windows 2003 SP2 Fails/hangs

Hey guys,

Encountered an issue with the script on a Windows Server 2003 (SP2), 32-bit.
Specifically, this portion:

Code:
if (cint(local_windows_build_number) > 2222 and not local_windows_build_number = "3000") then
   for each oProc in getObject( "winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2").instancesOf("Win32_Process")
      if lcase(oProc.name) = "wscript.exe" _
         or lcase(oProc.name) = "cscript.exe" Then
         sCmdLine = oProc.commandLine
         if  instr(1, sCmdLine, "\" & sScriptName, vbTextCompare) > 0 _
            or instr(1, sCmdLine, " " & sScriptName, vbTextCompare) > 0 _
            or instr(1, sCmdLine, """" & sScriptName, vbTextCompare) > 0 then
               nPID = oProc.processId
         end if
      end if
   next
end if


The output hangs on:

Code:
C:\audit>cscript audit_windows.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

starting audit - .
Not pinging target, attempting to audit.


I am not particularly sure why it hangs, but removing the code block fixes the issue and it proceeds as normal. I tried to echo in the foreach loop and nothing would spit out, so it seems it isn't actually finding anything to loop through. Any ideas?

Author:  jpa [ Wed Apr 16, 2014 1:30 am ]
Post subject:  Re: Audit_Windows.vbs on a certain Windows 2003 SP2 Fails/ha

This may be indicative of WMI being corrupt on the affected machine. The script could probably handle this better but the code you've removed is not really useful so you won't notice it's gone.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/