我们使用 winexe 从 Linux 在 Windows 机器上执行命令。例如:
winexe -A authfile //syspc4.domain.com "ipconfig /all"
预计上面的内容会打印出与在 Windows 计算机上运行 cmd.exe 并输入“ipconfig /all”相同的内容
我的最终目标是远程(从 Linux)获取 Window 机器的序列号和型号名称。这可以通过 Windows (Windows XP) 计算机本地 cmd.exe 中的以下两个命令轻松实现:
wmic bios get serialnumber
wmic computersystem get model
然而,任何通过 winexe 执行此命令的尝试都不起作用——按 Enter 键后,什么也没有发生。没有错误,什么都没有。它看起来只是被冻结,直到我按 ctrl+c 退出它。
以下是我尝试过的命令:
winexe -A authfile //syspc4.domain.com "wmic bios get serialnumber"
winexe -A authfile //syspc4.domain.com "cmd wmic bios get serialnumber"
winexe -A authfile //syspc4.domain.com "cmd /c wmic bios get serialnumber"
winexe -A authfile //syspc4.domain.com "cmd"
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>wmic bios get serialnumber
在所有情况下,都没有响应。快速查看 winexe --help 会发现一个日志选项,但即使设置了该选项,也没有任何类型的输出日志。
我在另一个论坛上发现了以下帖子,其中的人几乎在问精确的和我一样,他自然也没有得到答案: http://www.linuxquestions.org/questions/linux-software-2/winexe-780343/
编辑:打开调试后,它就挂在此处:
winexe -d 6 -A authfile //syspc4.domain.com "wmic bios get serialnumber"
...
IN: async_open(\pipe\ahexec, 2)
IN: async_open_recv
CTRL: Sending command: get version
CTRL: Sending command: run wmic bios get serialnumber
CTRL: Recieved command: std_io_err 15C40030
IN: async_open(\pipe\ahexec_stdin15C40030, 2)
IN: async_open(\pipe\ahexec_stdout15C40030, 2)
IN: async_open(\pipe\ahexec_stderr15C40030, 2)
IN: async_open_recv
IN: async_open_recv
IN: async_open_recv
**hangs forever here**
Then ctrl+c:
^CAborting...
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: on_ctrl_pipe_error - NT_STATUS_PIPE_DISCONNECTED
然而奇怪的是,即使命令不会失败(如 ipconfig /all),它也会给出完全相同的结果:
...
IN: async_open(\pipe\ahexec, 2)
IN: async_open_recv
CTRL: Sending command: get version
CTRL: Sending command: run ipconfig /all
CTRL: Recieved command: std_io_err 15C40031
IN: async_open(\pipe\ahexec_stdin15C40031, 2)
IN: async_open(\pipe\ahexec_stdout15C40031, 2)
IN: async_open(\pipe\ahexec_stderr15C40031, 2)
IN: async_open_recv
IN: async_open_recv
IN: async_open_recv
Windows IP Configuration
...
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: on_ctrl_pipe_error - NT_STATUS_PIPE_DISCONNECTED
答案1
此处使用 WMI 客户端:http://www.orvant.com/packages/并直接从 Linux 运行 WMIC 命令,尽管您必须使用命令的 WQL 等效项,因为此版本不支持非 WQL 查询。
答案2
当我测试最新的 winexe 代码(来自“当前”git 存储库,又名“winexe-waf”;日期 2013 年 11 月)时,它不会挂起。我使用来自 Unstable 的 Samba 4.0.10 软件包在 Debian Wheezy 上构建 winexe,并运行winexe -U "<user>%<pwd>" //192.168.1.2 'wmic bios get serialnumber'
其中 192.168.1.2 是运行 Windows 7 Professional SP1 的 VirtualBox 虚拟机的 IP 地址。输出如下。
$ winexe -U "<user>%<pwd>" //192.168.1.2 'wmic bios get serialnumber'
SerialNumber
0
$ winexe -U "<user>%<pwd>" //192.168.1.2 'wmic computersystem get model'
Model
VirtualBox
答案3
winexe
我会在打开调试开关的情况下尝试这些命令。您可以调高调试级别(看起来是 0、1、2、3 等数字)。
例子
在这里,我只是按原样运行您的命令,只是添加了 switch -d 3
。
$ winexe -A authfile -d 3 //syspc4.domain.com "wmic bios get serialnumber"
ERROR: Unable to open credentials file!
[param/loadparm.c:587:init_globals()] Initialising global parameters
[param/loadparm.c:2462:lp_load()] lp_load: refreshing parameters from /dev/null
[param/params.c:556:pm_process()] params.c:pm_process() - Processing configuration file "/dev/null"
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service IPC$
[param/loadparm.c:1343:lp_add_hidden()] adding hidden service ADMIN$
[auth/credentials/credentials_krb5.c:171:cli_credentials_set_ccache()] failed to get principal from default ccache: No such file or directory: open(/tmp/krb5cc_500): No such file or directory
[winexe/winexe.c:304:main()] winexe version 0.80
This program may be freely redistributed under the terms of the GNU GPL
[auth/auth.c:447:auth_register()] AUTH backend 'winbind_samba3' registered
[auth/auth.c:447:auth_register()] AUTH backend 'winbind' registered
[auth/auth.c:447:auth_register()] AUTH backend 'name_to_ntstatus' registered
[auth/auth.c:447:auth_register()] AUTH backend 'fixed_challenge' registered
[auth/auth.c:447:auth_register()] AUTH backend 'unix' registered
[auth/auth.c:447:auth_register()] AUTH backend 'anonymous' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam' registered
[auth/auth.c:447:auth_register()] AUTH backend 'sam_ignoredomain' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'krb5' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem fake_gssapi_krb5 is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'schannel' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'spnego' registered
[auth/gensec/gensec.c:1205:gensec_register()] gensec subsystem gssapi_spnego is disabled
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'gssapi_krb5_sasl' registered
[auth/gensec/gensec.c:1229:gensec_register()] GENSEC backend 'ntlmssp' registered
[lib/util/util.c:334:interpret_addr()] sys_gethostbyname: Unknown host. syspc4.domain.com
[lib/socket/interface.c:103:add_interface()] added interface ip=192.168.1.110 nmask=255.255.255.0
[winexe/winexe.c:322:main()] ERROR: Failed to open connection - NT_STATUS_NO_MEMORY