MIMIC® Online Documentation
WinRM Identify Simulation
-
Table of Contents
-
Overview
This update package ships an Web simulation of a basic WinRM Identify simulation.
The WinRM sample simulation demonstrates the basics of simulating a Windows System implementing Microsoft's version of the WS-Management Protocol.
The sample provides a flexible framework that can be expanded to simulate more complex WinRM transactions.
-
Prerequisites
To run this simulation, you must have installed the following optional modules as documented in the online documentation:
- WEB Services
-
Usage
To run the simulation, invoke the File->Open menu from the MIMICView GUI, and select the WinRMIdentifySim.cfg file.
Select agent 1 and change its IP address, if necessary. Start it using the Agent->Start menu item.
After the agent starts completely and turns into green, you can test the WinRM simulation by following this procedure:
The first step to using the sample is to verify connectivity to the agent. A successful "ping" of the agent will that the network is properly configured.
Open an Administrator command prompt: Attempt to ping the agent:
C:\>ping
Pinging with 32 bytes of data: Reply from : bytes=32 time<1ms TTL=127 Reply from : bytes=32 time=1ms TTL=127 Reply from : bytes=32 time=1ms TTL=127 The next step is to verify that your WinRM client is correctly configured. If you have not already configured WinRM you can use the "quickconfig" option for the initial configuration.
C:\>winrm quickconfig WinRM is not set up to receive requests on this machine. The following changes must be made: Start the WinRM service. Set the WinRM service type to delayed auto start. Make these changes [y/n]? y <<<<< Answer Yes WinRM has been updated to receive requests. Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. Enable the WinRM firewall exception. Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users. Make these changes [y/n]? n <<<<< It is not necessary to configure the listener
You can display and verify the WinRM client settings using the command below:
C:\>winrm get winrm/config/client Client NetworkDelayms = 5000 URLPrefix = wsman AllowUnencrypted = false Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = false DefaultPorts HTTP = 5985 HTTPS = 5986 TrustedHostsThe commands below configure the WinRM client to enable simple communications with the MIMIC agent. Note: These commands enable unsecured communications.
winrm set winrm/config/client/auth @{Basic="true"} winrm set winrm/config/client @{AllowUnencrypted="true"} winrm set winrm/config/client @{TrustedHosts="*"}To test the simulation use a WinRM command of the form below targeted at the MIMIC agent:
C:\>winrm identify -r:{host} -a:Basic -encoding:utf-8 -u:{user} -p:{password}Sample WinRM command and MIMIC agent response:
C:\>winrm identify -r:10.16.0.1 -a:Basic -encoding:utf-8 -u:user -p:password IdentifyResponse ProtocolVersion = http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd ProductVendor = Microsoft Corporation ProductVersion = OS: 6.3.9600 SP: 0.0 Stack: 3.0 SecurityProfiles SecurityProfileName = http://schemas.dmtf.org/wbem/wsman/1/wsman/secprof ile/http/basic, http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spneg o-kerberosMIMIC Web simulations can be configured to support Microsoft's Negotiate (SPNEGO) authentication. The MIMIC simulator must be installed on a Microsoft Windows system and the user name and password must match an existing user account.
A WinRM command of the form below targeted at the MIMIC agent will use Negotiate instead of Basic authentication:
C:\>winrm identify -r:{host} -a:Negotiate -encoding:utf-8 -u:{Windows_user} -p:{Windows_user_password}The Agent->Statistics menu can be used to check various statistics for the WEB Services protocol in use. Also the mimiclog for the active session will contain useful debug information.