Search code examples
linuxwindowsbashregistrywmic

WMIC differences in Linux vs Windows

This wmic query (NODE, USER, PASS all desensitised)...

wmic /NODE:10.00.00.1 /LOCALE:MS_409 /PRIVILEGES:ENABLE /TRACE:OFF /INTERACTIVE:OFF /FAILFAST:OFF /USER:domain\my_user /PASSWORD:myPass! /OUTPUT:STDOUT /APPEND:STDOUT /AGGREGATE:ON class StdRegProv CALL EnumKey ^&H80000002,"Software\Microsoft\SystemCertificates\MY\Certificates"

^&H80000002 is the uint32 conversion of HKEY_LOCAL_MACHINE

... runs flawlessly in a CMD prompt in Windows. I can also run it in the context of a node package from my local windows machine with success, I'm going to assume this is because the wmic call is made specifically to the local machine (windows) where it is handled effortlessly. Returning to me a result containing what I require...

res.sNames [ 'BB731A3DD8F089A6D4E59AF9D706...' ]

I created a docker container running Alpine and node where I host an express application. I followed the instructions below to install WMIC on Linux...

https://askubuntu.com/questions/885407/installing-wmic-on-ubuntu-16-04-lts

This installed successfully.

Now when I run the exact same query from a bash prompt in Ubuntu either via my Node app or a direct command, I'm receiving this result:

Garne@MYCOMPUTERNAME MINGW64 ~ $ wmic.exe /NODE:10.00.00.1 /LOCALE:MS_409 /PRIVILEGES:ENABLE /TRACE:OFF /INTERACTIVE:OFF /FAILFAST:OFF /USER:domain\my_user /PASSWORD:myPass! /OUTPUT:STDOUT /APPEND:STDOUT /AGGREGATE:ON class StdRegProv CALL EnumKey ^&H80000002,"Software\Microsoft\SystemCertificates\MY\Certificates"

[1] 426

bash: H80000002,Software\Microsoft\SystemCertificates\MY\Certificates: No such file or directory

Garne@MYCOMPUTERNAME MINGW64 ~ $ ERROR: Description = Access is denied.

I can't for the life of me work out whether this is due to a string formatting error in Linux vs Windows or whether Linux is running a different variant of wmic that isn't resolving my query correctly?

Solution

  • For anyone wondering, after hours of testing this with very obscure error messages. Make sure you escape absolutely everything in bash style not in a windows fashion.

    Note:

    • \$ instead of ^&
    • Wrap USER value in ''
    • Wrap PASSWORD value in ''

    References here:

    https://manpages.debian.org/buster/bash/bash.1.en.html#QUOTING

    $ wmic /NODE:10.23.0.11 /LOCALE:MS_409 /PRIVILEGES:ENABLE /TRACE:OFF /INTERACTIVE:OFF /FAILFAST:OFF /USER:'domain\my_user' /PASSWORD:'myPass!' /OUTPUT:STDOUT /APPEND:STDOUT /AGGREGATE:ON class StdRegProv CALL EnumKey \&H80000002,"Software\Microsoft\SystemCertificates\MY\Certificates"
Executing (StdRegProv)->EnumKey()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
        sNames = {"BB731A3DD8F089A6D4E59AF9D70601F9CBB94A9D"};
};