Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

parsing systeminfo from cyrilic (russian) windows os #45

Open
usarXXXX opened this issue Apr 23, 2020 · 2 comments
Open

parsing systeminfo from cyrilic (russian) windows os #45

usarXXXX opened this issue Apr 23, 2020 · 2 comments
Labels
bug Something isn't working

Comments

@usarXXXX
Copy link

usarXXXX commented Apr 23, 2020

hi, i am testing wesng with windows 2012 r2 server in russian language, it fails to detect os name or/ version and exits.
error:
python wes.py sys qfe
Windows Exploit Suggester 0.98 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
[-] Not able to detect OS version based on provided input file

tried to run wesng on same windows, it gave not able to detect os name.
problem seems to be with reg expression to detect name/version? couldnt test it though

qfe file:
https://pastebin.com/raw/frwMSuMz
systeminfo file:
https://pastebin.com/raw/wX1Nb1J1

screenshot from windows detecting os version, failing on os name
https://imgur.com/a/imWKuFQ

thanks for help

@bitsadmin bitsadmin added the bug Something isn't working label Aug 1, 2020
@12345qwert123456
Copy link

You can easily translate systeminfo results from ANY LANGUAGE into English

You just need to copy the binary and replace the mui file

mkdir temp
mkdir .\temp\en-US
copy C:\Windows\System32\systeminfo.exe .\temp\
copy C:\Windows\System32\en-US\systeminfo.exe.mui .\temp\en-US\

Then run the program and you will only need to translate the "Os Name" field (Майкрософт -> Microsoft)

PS C:\Users\User\Desktop> .\temp\systeminfo.exe

Host Name:                 WIN-E9PCJNUUR9A
OS Name:                   Майкрософт Windows 10 Pro
OS Version:                10.0.19045 N/A Build 19045
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free

And it will work

Windows Exploit Suggester 1.05 ( https://github.com/bitsadmin/wesng/ )
[+] Parsing systeminfo output
[+] Operating System
    - Name: Windows 10 Version 22H2 for x64-based Systems
    - Generation: 10
    - Build: 19045
    - Version: 22H2
    - Architecture: x64-based
    - Installed hotfixes (14): KB5037587, KB5037592, KB4562830, KB4577586, KB4580325, KB5000736, KB5011048, KB5011069, KB5015684, KB5033052, KB5037768, KB5037018, KB5037240, KB5003503
[+] Loading definitions
    - Creation date of definitions: 20241012
[+] Determining missing patches
[!] Found vulnerabilities!

@bitsadmin
Copy link
Owner

Nice suggestion Nikitin. Be aware that you will need to also have the English language pack installed on the system, otherwise the systeminfo.exe.mui file won't be present inside of the en-US folder.

Alternatively, it is possible to use the systeminfo.exe LOFLBin[1] against a non-English machine from a machine which has the English language pack, given that you are running in the context of a user which is local admin on the remote system.

[1] https://lofl-project.github.io/loflcab/Binaries/systeminfo/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants