Issues connecting to remote Windows Host #6768
Comments
|
Is it defaulting to the https port? Also try the --insecure flag.
…On Thu, Oct 5, 2023 at 17:38 April Marx ***@***.***> wrote:
I'm currently trying to test the dev-sec windows baseline, however when i
run the following inspec command:
inspec exec windows-baseline -t winrm://192.168.1.2 --user 'username'
--password 'password'
i get the following error:
'''
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
initialize': Digest initialization failed: initialization error
(OpenSSL::Digest::DigestError) from
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
block (3 levels) in class:Digest'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
new' from
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
block (3 levels) in class:Digest'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:149:in
ntlm_hash' from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:162:in
ntlmv2_hash'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:192:in
ntlmv2_hash' from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:196:in
calculate_user_session_key!'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:27:in
authenticate!' from
/home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client.rb:36:in
init_context'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:244:in
init_auth' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:168:in
send_request'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:153:in
max_envelope_size_kb' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:78:in
max_fragment_blob_size'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:203:in
fragmenter' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:167:in
block in open_shell_payload'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
map' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
open_shell_payload'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:123:in
open_shell' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:170:in
block in open'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/retryable.rb:35:in
retryable' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:168:in
open'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:128:in
with_command_shell' from
/home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:79:in
run'
from
/home/user/.local/share/gem/ruby/3.0.0/gems/train-winrm-0.2.13/lib/train-winrm/connection.rb:127:in
block in run_command_via_connection' from
/home/user/.local/share/gem/ruby/3.0.0/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in
block in create_with_logging_context'
'''
The winRM configuration in the Remote host is the following:
PS C:\Windows\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL =
O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Any help appreciated. I can't seem to force inspec to use basic
authentication, the flag --winrm-basic-auth-only is completely ignored when
used.
—
Reply to this email directly, view it on GitHub
<#6768>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALK42GAMZYD35AAY3IJLHDX54SFNAVCNFSM6AAAAAA5U42CK6VHI2DSMVQWIX3LMV43ASLTON2WKOZRHEZDSMJQGA2DOMA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
I just tried the following: inspec exec windows-baseline\ inspec/ -t winrm://192.168.1.2:5985 --user='username' --password='password' --reporter html2:report.html --insecure --winrm-basic-auth-only Same result |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm currently trying to test the dev-sec windows baseline, however when i run the following inspec command:
inspec exec windows-baseline -t winrm://192.168.1.2 --user 'username' --password 'password'
i get the following error:
/home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:in
initialize': Digest initialization failed: initialization error (OpenSSL::Digest::DigestError) from /home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:31:inblock (3 levels) in class:Digest'from /home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:in
new' from /home/user/.local/share/gem/ruby/3.0.0/gems/openssl-3.2.0/lib/openssl/digest.rb:37:inblock (3 levels) in class:Digest'from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:149:in
ntlm_hash' from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm.rb:162:inntlmv2_hash'from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:192:in
ntlmv2_hash' from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:196:incalculate_user_session_key!'from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client/session.rb:27:in
authenticate!' from /home/user/.local/share/gem/ruby/3.0.0/gems/rubyntlm-0.6.3/lib/net/ntlm/client.rb:36:ininit_context'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:244:in
init_auth' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/http/transport.rb:168:insend_request'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:153:in
max_envelope_size_kb' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:78:inmax_fragment_blob_size'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:203:in
fragmenter' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:167:inblock in open_shell_payload'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:in
map' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:166:inopen_shell_payload'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/power_shell.rb:123:in
open_shell' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:170:inblock in open'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/retryable.rb:35:in
retryable' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:168:inopen'from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:128:in
with_command_shell' from /home/user/.local/share/gem/ruby/3.0.0/gems/winrm-2.3.6/lib/winrm/shells/base.rb:79:inrun'from /home/user/.local/share/gem/ruby/3.0.0/gems/train-winrm-0.2.13/lib/train-winrm/connection.rb:127:in
block in run_command_via_connection' from /home/user/.local/share/gem/ruby/3.0.0/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:inblock in create_with_logging_context'The winRM configuration in the Remote host is the following:
PS C:\Windows\system32> winrm get winrm/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = true
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = true
Auth
Basic = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = true
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = *
IPv6Filter = *
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647
Any help appreciated. I can't seem to force inspec to use basic authentication, the flag --winrm-basic-auth-only is completely ignored when used.
The text was updated successfully, but these errors were encountered: