Linux – Using winexe to run “wmic” commands on a Windows machine

linuxremotewindows

We use winexe to execute commands on our Windows machines from Linux. For example:

winexe -A authfile //syspc4.domain.com "ipconfig /all"

Expectedly the above prints out the same thing as if you had run cmd.exe on a Windows machine and typed in "ipconfig /all"

My ultimate goal is to remotely (from Linux) get the Window's machines serial number and model name. This is very easily achievable with the following two commands in cmd.exe locally on the Windows (Windows XP) machine:

wmic bios get serialnumber
wmic computersystem get model

However, any attempts to execute this via winexe simply do not work — after hitting enter, nothing happens. No error, nothing. It will just appear to be frozen until I ctrl+c out of it.

Here are the commands that I've tried:

winexe -A authfile //syspc4.domain.com "wmic bios get serialnumber"
winexe -A authfile //syspc4.domain.com "cmd wmic bios get serialnumber"
winexe -A authfile //syspc4.domain.com "cmd /c wmic bios get serialnumber"
winexe -A authfile //syspc4.domain.com "cmd"
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>wmic bios get serialnumber

In all cases, no response. A quick look at winexe –help reveals a log option, but even with that set, there is no output log of any kind.

I found the following post on another forum, in which the person is asking almost the exact same thing as me, and naturally he just never got an answer:
http://www.linuxquestions.org/questions/linux-software-2/winexe-780343/

EDIT: With debug turned on, this is where it hangs:

winexe -d 6 -A authfile //syspc4.domain.com "wmic bios get serialnumber"

...
IN: async_open(\pipe\ahexec, 2)
IN: async_open_recv
CTRL: Sending command: get version
CTRL: Sending command: run wmic bios get serialnumber
CTRL: Recieved command: std_io_err 15C40030
IN: async_open(\pipe\ahexec_stdin15C40030, 2)
IN: async_open(\pipe\ahexec_stdout15C40030, 2)
IN: async_open(\pipe\ahexec_stderr15C40030, 2)
IN: async_open_recv
IN: async_open_recv
IN: async_open_recv

**hangs forever here**

Then ctrl+c:

^CAborting...
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: on_ctrl_pipe_error - NT_STATUS_PIPE_DISCONNECTED

However the curious thing is that even with a command that doesn't fail (like ipconfig /all), it gives the exact same thing:

...
IN: async_open(\pipe\ahexec, 2)
IN: async_open_recv
CTRL: Sending command: get version
CTRL: Sending command: run ipconfig /all
CTRL: Recieved command: std_io_err 15C40031
IN: async_open(\pipe\ahexec_stdin15C40031, 2)
IN: async_open(\pipe\ahexec_stdout15C40031, 2)
IN: async_open(\pipe\ahexec_stderr15C40031, 2)
IN: async_open_recv
IN: async_open_recv
IN: async_open_recv

Windows IP Configuration
...
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: smb_raw_read_recv - NT_STATUS_PIPE_DISCONNECTED
ERROR: on_ctrl_pipe_error - NT_STATUS_PIPE_DISCONNECTED

Best Answer

Use the WMI-Client here: http://www.orvant.com/packages/ and run the WMIC commands directly from Linux, although you will have to use the WQL equivalents of your commands, as this version does not support the non-WQL queryies.

Related Question