Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SMB credentials and Administrator lockouts

from [net sec] Network Security [Permanent Link]
Subject: SMB credentials and Administrator lockouts
Date: Tue, 23 Aug 2005 02:22:22 +0000
I am running scans on a primarily Windows 2000/2003 subnet using my own credentials (NOT Administrator) as provided in the SMB login section of the client(both GTK and NessusWX). Despite having supplied credentials, I am continuously locking out all Administrator(local and Domain) accounts on all the devices I target. We restrict users to 5 failed password attempts before locking out the account per domain policy.

After doing some additional digging via Windows Event Logs and tcpdump, it is apparent that nessus is attempting to do an authentication using the name 'administrator' despite the supplied SMB credentials. It appears (from event logs) that nessus attempts 'administrator, nessus..random_number, supplied SMB credentials.

Below is output from the event log of a targeted system in chronological order:

Logon Failure:
        Reason:         Unknown user name or bad password
        User Name:      administrator

Logon Failure:
        Reason:         Unknown user name or bad password
        User Name:      nessus48095321612101650981206322540

Successful Network Logon:
        User Name:      SMBlogin
        Domain:         SMBDomain

Why is this, can I turn it off, anyone else run into this?

My Admins are NOT happy with me!


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus report with zero hosts found, Rick L.Y. Eagles
Next by Date:  Re: Nessus report with zero hosts found, Rick L.Y. Eagles
Previous by Thread:  NessusWX v GTK client, net sec
Next by Thread:  RE: SMB credentials and Administrator lockouts, net sec
Indexes:  [Date] [Thread] [Top] [All Lists]