Automating Windows Scanning With Pre-Checks On Linux

Hello,

I am trying to automate the pre-checks I perform before initializing windows authenticated scans. Additionally, my current testing resources basically just consist of Linux machines.

 

So to give more details I have three main checks I manually perform remotely on windows targets to be scanned which consist of:

  1. net use \x.x.x.x\admin$ /user:username password
  2. reg query \x.x.x.x\hklm
  3. And Using a GUI to check if WMI is enabled ‘msinfo32.exe’

Additionally, I installed Powershell on Ubuntu and I am hoping to use this platform to run the Powershell commands for various reasons but I am having problems mapping the three mentioned Windows commands to Powershell commands.

Perhaps someone could give me some ideas?

 

Thanks,

Joe

You can use those exactly as they are in PowerShell.

PowerShell allows for running external commands in the shell, and this is well documented in the PowerShell documentation and in other blogs/articles all over the web. A quick search using ‘PowerShell Running Exe’s’ will give you a long list of examples. For example:

Using PowerShell and external commands and their parameters or switches.

Running external commands, always require special consideration.

PowerShell: Running Executables
https://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx

Solve Problems with External Command Lines in PowerShell
https://devblogs.microsoft.com/scripting/solve-problems-with-external-command-lines-in-powershell

Top 5 tips for running external commands in Powershell
https://powershelleverydayfaq.blogspot.com/2012/04/top-5-tips-for-running-external.html

Using Windows PowerShell to run old command line tools (and their weirdest parameters)
https://blogs.technet.microsoft.com/josebda/2012/03/03/using-windows-powershell-to-run-old-command-line-tools-and-their-weirdest-parameters

Execution of external commands in PowerShell done right
https://mnaoumov.wordpress.com/2015/01/11/execution-of-external-commands-in-powershell-done-right
https://mnaoumov.wordpress.com/2015/03/31/execution-of-external-commands-native-applications-in-powershell-done-right-part-2
https://mnaoumov.wordpress.com/2015/04/05/execution-of-external-commands-native-applications-in-powershell-done-right-part-3

http://edgylogic.com/blog/powershell-and-external-commands-done-right

Quoating specifics
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules
https://trevorsullivan.net/2016/07/20/powershell-quoting

Lastly, there are PowerShell equivalent cmdlets for those as well. Easily discovered, using the web search…

‘Powershell net use’

and …

‘PowerShell query registry’

… or …

‘powershell registry cmdlets’

and …

‘powershell msinfo32 system summary’

Which you choose to use, is up to you.