0

I am checking with nessus the vulnerability status of MS Windows machines on a network I do not manage for which I have received appropriate domain-level credentials. It works but the results I get seem to suggest that not all the machines I access are properly configured to allow access with the said credentials (they may not be on the right domain, they may not be in a domain at all, etc.)

I am therefore looking for a clever way to check, for a given network range, if MS Windows machines allow me to get in with a specific set of domain credentials. The kind of information I need is basically IP,allowed-or-not.

Before jumping into python or nmap scripting I was wondering if someone could share his/her experience with a similar task -- I would appreciate any pointers to avoid reinventing the wheel.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
WoJ
  • 3,607
  • 9
  • 49
  • 79
  • 2
    sounds like a powershell script to me :) – SpacemanSpiff Nov 21 '12 at 14:49
  • so do you have multiple domains and are there supposed to be windows devices that are not members of these domains? Or is that what you are trying to detect? – tony roth Nov 21 '12 at 15:20
  • @tony: there is the official AD domain (I have the credentials) and all the machines should be in there. I have doubts. I want to check :) – WoJ Nov 22 '12 at 07:17
  • @SpacemanSpiff: I never tried PowerShell (I am a Unix guy) but I will try. Would you have 3-4 keywords (function names) I should look at? – WoJ Nov 22 '12 at 07:19

1 Answers1

0

This might be what you are looking for. Keep in mind there is not much error-checking going on. You just need to modify the first two lines and paste the code in a PowerShell window.

$inputfile = 'c:\path\to\ips.txt'
$outputfile = 'c:\path\to\status.txt'

$ips = Get-Content $inputfile
$cred = Get-Credential

$ips | ForEach-Object {
    try
    {
        [void](Get-WmiObject -Credential $cred -ComputerName $_ -Query 'select CSName from win32_operatingsystem')
        $status = 'success'
    }
    catch
    {
        $status = 'failure'
    }

    $op = '' | select IP,Status
    $op.ip = $_
    $op.status = $status
    $op
} | Export-Csv -Path $outputfile -NoTypeInformation
charleswj81
  • 2,453
  • 15
  • 18
  • Thanks a lot. (EDIT: I asked about parsing CIDR ranges but I found the answer here: http://thepowershellguy.com/blogs/gaurhoth/archive/2007/03/29/finding-a-range-of-ip-addresses.aspx) – WoJ Dec 03 '12 at 13:33