ps -aux – visible credentials of wmic command

This topic has 2 replies, 2 voices, and was last updated 1 year, 1 month ago by admin.

Viewing 3 posts - 1 through 3 (of 3 total)

Author
Posts

2021-10-31 at 5:16 AM #553

Participant

When you run ps -aux while the wmic command is running, all the credentials are visible
e.g.:
root 29 0.2 0.0 23740 2992 tty1 S 20:12 0:00 wmic -U adminuser%password //192.168.0.22 select * from Win32_ComputerSystem

So I created a little code fix to hide the credentials and now it looks like this:
root 29 0.2 0.0 23740 2992 tty1 S 20:12 0:00 wmic -U ****************** //192.168.0.22 select * from Win32_ComputerSystem

The patch code is below:

--- wmic.c.old	2010-04-15 17:49:39.000000000 +0200
+++ wmic.c	2021-10-30 11:19:57.334508330 +0200
@@ -54,6 +54,7 @@
 
     int argc_new;
     char **argv_new;
+    int mu;
 
     struct poptOption long_options[] = {
 	POPT_AUTOHELP
@@ -68,6 +69,14 @@
 	POPT_TABLEEND
     };
 
+    void wipe(char *s)
+    {
+	while(*s) {
+	    *s = '*';
+	    s++;
+	}
+    }
+
     pc = poptGetContext("wmi", argc, (const char **) argv,
 	        long_options, POPT_CONTEXT_KEEP_FIRST);
 
@@ -89,6 +98,27 @@
 	}
     }
 
+    mu = 0;
+    if (argc > 1) for(i = 1; i < argc; i++) {
+	if(mu) {
+	    wipe(argv);
+	    mu = 0;
+	} else {
+	    if(!strncmp(argv, "-U", 2)
+	       || !strncmp(argv, "-A", 2)
+	       || !strncmp(argv, "-k", 2)
+	       || !strncmp(argv, "--user", 6)
+	       || !strncmp(argv, "--authentication-file", 21)
+	       || !strncmp(argv, "--kerbedos", 10)
+	       ) mu = 1;
+	    else if(!strncmp(argv, "--password", 10)
+		    || !strncmp(argv, "-N", 2)
+		    || !strncmp(argv, "--no-pass", 9)
+		    || !strncmp(argv, "--use-security-mechanisms", 25)
+		    ) wipe(argv);
+	}
+    }
+
     if (argc_new != 3
 	|| strncmp(argv_new[1], "//", 2) != 0) {
 	poptPrintUsage(pc, stdout, 0);