Hi Mark,
What is the OS on the machine that is "known to be vulnerable"? MS05-039 is
not exploitable without credentials on any Win OS except 2000. Also, since
you don't normally use auto_enable_dependencies, you may not be getting the
other SMB scripts that need to run in order for 19408 to work (I haven't
tested 19402 - it requires administrative priveleges on the machine it is
run against).
As far as the nessusrc, it gets multiple yes'es added if if has not yet been
updated for new plugins which have been downloaded, as it adds the numbers
for those plugins to the rc file and then turns them on. You can write a
very simple perl script to turn on only the plugins you want. What I do
(right now) is update my plugins, then launch a scan against a single host
and wait for the rc file to get updated. Then, I break the scan and run my
perl script against the rc file to turn on only those plugins that I want.
Of course, you could just backup your rc file, run a scan against a single
host, then replace the new rc with your backed-up copy. There are obviously
several ways around this problem.
With the dependencies, just to be sure, you might try manually enabling
plugin 13855 (smb_hotfixes.nasl), which 19402 is dependent on to set the
SMB/Registry/Enumerated key. You might try turning on "log_whole_attack"
and see if you notice Nessus launching 13855 (smb_hotfixes.nasl) and if it
appears to complete successfully. It also is dependent upon several plugins
(another reason to use auto_enable dependencies). These dependencies are:
netbios_name_get.nasl
smb_login.nasl
smb_registry_full_access.nasl
smb_reg_service_pack.nasl
smb_reg_service_pack_W2K.nasl
smb_reg_service_pack_XP.nasl
So you might want to make sure they are enabled, as well as any of their
dependencies (if you do not wish to use auto_enable_dependencies).
Regards,
Chad Uretsky
-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of Mark Natoli
Sent: Wednesday, August 24, 2005 9:29 AM
To: nessus@list.nessus.org
Subject: plugin 19402
Hi All,
Using a combination of update-nessusrc and scripts run from cron, I have
automated the daily scanning of multiple networks for vulnerabilites that
have known worms. However I cannot get the new 19402 (nor 19408) to test
positive for a machine known to be vulerbable to MS05-039.
Here is a line from the log:
[Wed Aug 24 10:15:09 2005][9628] user nessususer : Not launching
smb_kb899588.nasl against hostname1.ourdomain.com because the key
SMB/Registry/Enumerated is missing (this is not an error)
Does anyone have a plugin that works?
Also, after upgrading to 2.2.5 from 2.0.x, I had to make the .nessusrc
read only to the owner of the script running cron. Without doing this, the
.nessusrc is opened when the script is run and multiple yes'es are added to
plugin's slowing down the report even though I don't have any dependencies
specified: auto_enable_dependencies = no silent_dependencies = no
Any help?
btw, I also tried enabling dependencies to get 19402 to work but this made
no difference to me.
Thanks,
-Mark
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
