Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Enumerating enitre windows user/group browse list

from [Matt] Network Security [Permanent Link]
Subject: Re: Enumerating enitre windows user/group browse list
Date: Mon, 22 Nov 2004 16:00:44 +0000 
Hi,

Thanks, i actually tried this at the time and it was only able to pull the local user list down off the box where as Nessus was able to pull the host SID that could be used to enumerate the names of the local users on the host and the domain SID that could be used to enumerate the names of the users on the domain.

I was not able to pull down the domain list from the box using dumpsec... Nessus connected to the remote host using a NULL session.

Any advice or tips/techniques?

Many thanks

~ Matt.

JBRATTON@torchmarkcorp.com wrote:

Hi Matt-

From Windows try "Net view \\computername " or "Net view /Domain:<insert 
domain here>"

You may also want to try DumpACL (now called dumpsec), which can be had for
free at http://systemtools.com/somarsoft.  This tool works pretty well
although some of the functionality is broken and some won't work for
anything besides NT4.

If you're running with an admin ID on your local network this is probably
normal and OK for your average Win server - if you're getting this from the
outside you're in trouble.








-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-
bounces@list.nessus.org] On Behalf Of Matt
Sent: Monday, November 22, 2004 8:26 AM
To: nessus@list.nessus.org
Subject: Enumerating enitre windows user/group browse list

Hi,

While enumerating a domain with a large browse list on the remote host
Nessus came up with the below on the report ::

"Warning  -   microsoft-ds (445/tcp)"
"Here is the browse list of the remote host :
WARNING - LARGE BROWSE LIST.
Only the first 165 names enumerated"

Is it possible for Nessus to display the entire browse list? I am
assuming this is a plugin change or modification as i can not find any
information on obtaining the full browse list as this would of been
useful for reporting.

It would be nice to enumerate the entire list unless someone can suggest
another method of doing this and displaying it...

Many Thanks

~ Matt.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


----------------------------------------------------------------------------
This message contains information which is privileged and confidential and
is solely for the use of the intended recipient. If you are not the
intended recipient, be aware that any review, disclosure, copying,
distribution, or use of the contents of this message is strictly prohibited.
If you have received this in error, please destroy it immediately and notify
us at PrivacyAct@torchmarkcorp.com.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Enumerating enitre windows user/group browse list, JBRATTON
Next by Date:  Free Inprotect / Nessus Online Vulnerability Scan, Greg Kuhnert
Previous by Thread:  RE: Enumerating enitre windows user/group browse list, JBRATTON
Next by Thread:  Core dumps with batch scans, Mercer, Jeff
Indexes:  [Date] [Thread] [Top] [All Lists]