Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Scanning with administrative rights

from [Lowrie, Lynn \(ISSAtlanta\)] Network Security [Permanent Link]
Subject: RE: [ISSForum] Scanning with administrative rights
Date: Fri, 25 Mar 2005 18:02:23 -0500 
Unfortunately mark, you are in error.  You have to check the box for the 
account to designated a verified account, otherwise it will be considered 
unverified.  Please review the interface and you will see the format.

Cheers,

-- L²
Lynn E. Lowrie
X 63032
GO ISS!!
---
"You do not really understand something
unless you can explain it to your grandmother."
     - Albert Einstein, 1879 - 1955
---
-----Original Message-----
From: Evans, Mark (FSO Contractor) [mailto:Mark.Evans.ctr@disa.mil] 
Sent: Friday, March 25, 2005 9:47 AM
To: Lowrie, Lynn (ISSAtlanta); Eric Testa; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Scanning with administrative rights

I don't agree with this assessment.  Entering an account in the
Knownaccounts.bin file is "VERIFIED" account, and should be used regardless
of the account lockout policy on the  target machine.  Unless you
specifically disable the account checks, this account shoulld be used at all
times.

-----Original Message-----
From: Lowrie, Lynn (ISSAtlanta) [mailto:LLowrie@iss.net]
Sent: Thursday, March 24, 2005 9:06 AM
To: Eric Testa; issforum@atla-mm1.iss.net
Subject: RE: [ISSForum] Scanning with administrative rights


 
Eric,

Since the default account used by Internet Scanner 7.0 is not that of the
logged on user, but rather that of the machine that it is installed upon,
automatic authentication based on your user account is not going to be a
factor.

What you would need to do is to add an entry into your KnownAccounts.bin
file using the machinename, username, and password of the account on the
target system and then use SmartScan (Common settings / Windows Logon
Session in the policy).  Keep in mind that the logic incorporated into IS7.0
is such that unless the machinename/domain name matches, the account
name/password pair will not be attempted.  Also keep in mind that for
SmartScan to function, your targets lockout policy must be within the
parameters set in your policy (same section mentioned above.) and be sure to
enable the "Drop current logon session" feature so that any currently
established connections with the potential target does not interfere with
Scanner connection attempts.

Hope that helps,

-- L²
Lynn E. Lowrie
GO ISS!!
---
"You do not really understand something
unless you can explain it to your grandmother."
     - Albert Einstein, 1879 - 1955
---
-----Original Message-----
From: issforum-bounces@atla-mm1.iss.net On Behalf Of Eric Testa
Sent: Wednesday, March 23, 2005 11:56 PM
To: issforum@atla-mm1.iss.net
Subject: [ISSForum] Scanning with administrative rights

I am having trouble scanning and gaining administrator rights on the target
machine.  

 

My set up is as follows:

 

ISS Internet Scanner 7.0 on a Windows XP machine w/SP1.  I am trying to scan
a standalone NT 4.0 SP6a machine that has local user accounts.  I have set
up a user account and added the user to the administrator group.  The
account that I created on the target machine is identical to the user name
and password that I am logged on to the XP machine running the internet
scanner (not sure if this makes a difference).  I have also imputed the user
name and password in the knowaccounts.bin file enabled the smart scan.
Every time I run the scan I run the report and under the column
administrative access is says NO.

 

 

What am I doing wrong?  

 

Thanks

Eric

 

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ISSForum] RSKILL and Cisco 3550, DMZSecure
Next by Date:  [ISSForum] System Scanner failed to generate certificates, dawne
Previous by Thread:  RE: [ISSForum] Scanning with administrative rights, Lowrie, Lynn \(ISSAtlanta\)
Next by Thread:  [ISSForum] LOGDB:LogWithRaw, Sergey V Soldatov
Indexes:  [Date] [Thread] [Top] [All Lists]