Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SMB Credentials

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: SMB Credentials
Date: Thu, 22 Dec 2005 17:17:19 -0500 
On Thu, Dec 22, 2005 at 09:58:10AM +0100, Mara Fernandez wrote:


In the company where i'm working , we are doing a trail with 
different VA tools, to decide which of them (or how many of 
them :) ) we'll go to use in the future to test the system's 
company.  
  
By know, we haven't got a linux server so we are using the  
knoppix with the version 2.2.4 of nessus. This version isn't  
updated with the last nasl but.....  


I'd urge you to find a way to use Nessus in its current form. Realize
that one of Nessus's strengths is that plugins are being revised and
added on a daily basis. I don't know when the Knoppix build was put
together, but given that 2.2.4 was released back in March and 2.2.5 in
July, you're probably missing several months worth of new plugins as
well as corrections to existing plugins. And that likely means you're
not seeing our adoption of CVSS scoring for risk assessment or a general
move away from banners when detecting flaws.

Oh, and understand too that Nessus 3 offers significantly better
performance than Nessus 2.2.


I used previous versions of Nessus in other ocassions, with  
knoppix too, and i hadn't got any problems with the credentials. 
If i used a user wih administrative privileges in the scaned 
system, i got some information like pach installed, registry 
information, etc.  
  
Now i'm trying to do the same but a i don't get the same  
information :(((( I configure the username and password in the  
credentials tab but nessus don't make any kind of conection or 
validation with this credentials in the system (i tested the 
event viewer of the system and i didn't found it). 
 
What can be the problem? 


It's hard to say... What do you see in nessusd.messages and/or
nessusd.dump logfiles? Is this a general problem or only when scanning
specific hosts? Generally it's advisable to update to the latest plugins
when running into trouble like this... Can you burn another CD with the
latest plugins tarball?


If i don't use any credential, Does nessus a Null session in the 
system to get the information? I proved that but i did'nt got any 
kind of information in the event viewer. 


Nessus needs credentials to access the registry remotely.

George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SMB Credentials, Mara Fernandez
    • Re: SMB Credentials, George A. Theall <=
Previous by Date:  Re: Error on Installation of Nessus client on Redhat Linux ES3.0, George A. Theall
Next by Date:  Re: Error on Installation of Nessus client on Redhat Linux ES3.0, Jan-Oliver Wagner
Previous by Thread:  SMB Credentials, Mara Fernandez
Next by Thread:  Error on Installation of Nessus client on Redhat Linux ES3.0, prasun . m
Indexes:  [Date] [Thread] [Top] [All Lists]