Thursday, January 10, 2013

Validating Windows Credentials Remotely

I occasionally work with customers that require using alternate credentials to access resources on remote machines.  These machines are sometimes part of a domain or just workgroup systems.  I wanted to throw something together to provide a few examples of testing credentials on a remote computer.

Note: Some of these commands may not work due to firewalls/restrictions in place on the remote machine.  Be sure to verify the appropriate services are enabled and permissions are set.

SMB Access

Use this command to map a remote share as a network drive; You will be prompted for credentials
 net use x: \\\c$  

Use this command to remove your mapped network drive
 net use x: /delete

Use this command to map the network drive, but include credentials in a single command
 net use x: \\\c$ password /user:username

WMI Access

Use this command to verify you have access to WMI on the remote machine
 wmic /node:"" /user:user /password:password bios

Remote Registry

I did not know of a way via command line to test registry access, so I chose to use the example of connecting to a remote registry via regedit.exe

Launch regedit.exe

Click File > Connect Network Registry

Enter in the hostname or IP Address of the remote machine and click OK

You will be prompted for a username and password

Once authenticated, you will now see the remote machine as a separate node in your registry editor.  Navigate around to verify you can view registry keys.

Verify account is in admin group

Aside from launching a Computer Management console (compmgmt.msc) and connecting to the remote machine, here is another WMIC command that will enumerate the users and groups.  I added a piped find to look for any line with "Administrators" to single out the Administrators group.

 wmic /node:"" /user:username /password:password path win32_groupuser | find /i "Administrators"

No comments:

Post a Comment