Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bulk] Missing SMB/transport

from [Muad Dib] Network Security [Permanent Link]
Subject: Re: [Bulk] Missing SMB/transport
Date: Tue, 24 Jan 2006 22:31:10 +0100 
I add some information to my issue. Don't know if it helps

Here is my "at_this_time" .nessusrc file (changed many times)
(kb below)


# This file was automagically created by nessus
trusted_ca = /usr/com/nessus/CA/cacert.pem
nessusd_host = 127.0.0.1
nessusd_user = nessus
paranoia_level = 2
ssl_version = sslv3
begin(SCANNER_SET)
10180 = yes
10335 = yes
10796 = yes
11219 = yes
11840 = yes
14259 = yes
14272 = yes
14274 = yes
end(SCANNER_SET)

begin(SERVER_PREFS)
max_hosts = 20
max_checks = 4
log_whole_attack = yes
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
language = english
checks_read_timeout = 15
non_simult_ports = 139, 445
plugins_timeout = 60
safe_checks = no
auto_enable_dependencies = yes
silent_dependencies = yes
use_mac_addr = no
save_knowledge_base = yes
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
ssl_version = sslv3
email = root
per_user_base = /var/lib/nessus/users
delay_between_tests = 1
test_file = /etc/passwd
ping_hosts = yes
reverse_lookup = no
host_expansion = dns;ip
subnet_class = C
scan_level = normal
outside_firewall = no
track_iothreads = yes
cookie_logpipe_suptmo = 2
non_simul_ports = 139, 445
end(SERVER_PREFS)

begin(PLUGINS_PREFS)
Unknown CGIs arguments torture[checkbox]:Send POST requests = no
SNMP settings[entry]:Community name : = public
SNMP settings[entry]:UDP port : = 161
Login configurations[entry]:FTP account : = anonymous
Login configurations[password]:FTP password (sent in clear) : = nessus@nessus.org
Login configurations[entry]:FTP writeable directory : = /incoming
Login configurations[entry]:SMB account : = ******
Login configurations[password]:SMB password : = ******
Login configurations[checkbox]:Never send SMB credentials in clear text = yes
Login configurations[checkbox]:Only use NTLMv2 = no
HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
HTTP NIDS evasion[radio]:URL encoding = none
HTTP NIDS evasion[radio]:Absolute URI type = none
HTTP NIDS evasion[radio]:Absolute URI host = none
HTTP NIDS evasion[checkbox]:Double slashes = no
HTTP NIDS evasion[radio]:Reverse traversal = none
HTTP NIDS evasion[checkbox]:Self-reference directories = no
HTTP NIDS evasion[checkbox]:Premature request ending = no
HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
HTTP NIDS evasion[checkbox]:Parameter hiding = no
HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
HTTP NIDS evasion[checkbox]:Null method = no
HTTP NIDS evasion[checkbox]:TAB separator = no
HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
HTTP login page[entry]:Login page : = /
HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
SMB Scope[checkbox]:Request information about the domain = yes
Web mirroring[entry]:Number of pages to mirror : = 200
Web mirroring[entry]:Start page : = /
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB use domain SID to enumerate users[entry]:End UID : = 1200
Kerberos configuration[entry]:Kerberos KDC Port : = 88
Kerberos configuration[radio]:Kerberos KDC Transport : = udp
NIDS evasion[radio]:TCP evasion technique = none
NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection = no
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
SMB use host SID to enumerate local users[entry]:End UID : = 1200
SSH settings[entry]:SSH user name : = root
Ping the remote host[entry]:TCP ping destination port(s) : = built-in
Ping the remote host[checkbox]:Do a TCP ping = no
Ping the remote host[checkbox]:Do an ICMP ping = no
Ping the remote host[entry]:Number of retries (ICMP) : = 6
Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
Ping the remote host[checkbox]:Make the dead hosts appear in the report = no
Ping the remote host[checkbox]:Log live hosts in the report = no
SMTP settings[entry]:Third party domain : = example.com
SMTP settings[entry]:From address : = nobody@example.com
SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
Misc information on News server[entry]:From address : = Nessus <listme@listme.dsbl.org>
Misc information on News server[entry]:Test group name regex : = f[a-z]\.tests?
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[checkbox]:No archive = no
Nmap (NASL wrapper)[radio]:TCP scanning technique : = SYN scan
Nmap (NASL wrapper)[checkbox]:UDP port scan = no
Nmap (NASL wrapper)[checkbox]:Service scan = no
Nmap (NASL wrapper)[checkbox]:RPC port scan = no
Nmap (NASL wrapper)[checkbox]:Identify the remote OS = no
Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote OS = no
Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) = no
Nmap (NASL wrapper)[checkbox]:Get Identd info = no
Nmap (NASL wrapper)[checkbox]:Do not randomize the order in which ports are scanned = no
Nmap (NASL wrapper)[radio]:Timing policy : = Auto (nessus specific!)
Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file = no
Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe checks are set = yes
Global variable settings[checkbox]:Enable CGI scanning = yes
Global variable settings[radio]:Network type = Mixed (use RFC 1918)
Global variable settings[checkbox]:Enable experimental scripts = yes
Global variable settings[checkbox]:Thorough tests (slow) = no
Global variable settings[radio]:Report verbosity = Normal
Global variable settings[radio]:Report paranoia = Normal
Global variable settings[radio]:Log verbosity = Normal
Global variable settings[entry]:Debug level = 0
Services[entry]:Number of connections done in parallel : = 6
Services[entry]:Network connection timeout : = 5
Services[entry]:Network read/write timeout : = 5
Services[entry]:Wrapped service read timeout : = 2
Services[radio]:Test SSL based services = Known SSL ports
Nmap (NASL wrapper)[entry]:Host Timeout (ms) : = 200
ftp writeable directories[radio]:How to check if directories are writeable : = Trust the permis
sions (drwxrwx---)
Login configurations[entry]:SMB domain (optional) : = ******
Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : =
Kerberos configuration[entry]:Kerberos Realm (SSH only) : =
Nmap (NASL wrapper)[entry]:Source port : =
Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : =
Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) =
Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) =
Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) =
Nmap (NASL wrapper)[file]:File containing grepable results : =
Nmap (NASL wrapper)[entry]:Data length : =
Services[file]:SSL certificate : =
Services[file]:SSL private key : =
Services[password]:PEM password : =
Services[file]:CA file : =
HTTP NIDS evasion[entry]:HTTP User-Agent =
HTTP NIDS evasion[entry]:Force protocol string : =
SSH settings[password]:SSH password (unsafe!) : =
SSH settings[file]:SSH public key to use : =
SSH settings[file]:SSH private key to use : =
SSH settings[password]:Passphrase for SSH key : =
Login configurations[entry]:HTTP account : =
Login configurations[password]:HTTP password (sent in clear) : =
Login configurations[entry]:NNTP account : =
Login configurations[password]:NNTP password (sent in clear) : =
Login configurations[entry]:POP2 account : =
Login configurations[password]:POP2 password (sent in clear) : =
Login configurations[entry]:POP3 account : =
Login configurations[password]:POP3 password (sent in clear) : =
Login configurations[entry]:IMAP account : =
Login configurations[password]:IMAP password (sent in clear) : =
Login configurations[entry]:Additional SMB account (1) : =
Login configurations[password]:Additional SMB password (1) : =
Login configurations[entry]:Additional SMB domain (optional) (1) : =
Login configurations[entry]:Additional SMB account (2) : =
Login configurations[password]:Additional SMB password (2) : =
Login configurations[entry]:Additional SMB domain (optional) (2) : =
Login configurations[entry]:Additional SMB account (3) : =
Login configurations[password]:Additional SMB password (3) : =
Login configurations[entry]:Additional SMB domain (optional) (3) : =
HTTP login page[entry]:Login form : =
end(PLUGINS_PREFS)

begin(SERVER_INFO)
server_info_nessusd_version = 2.2.6
server_info_libnasl_version = 2.2.6
server_info_libnessus_version = 2.2.6
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.6.14-2-686
end(SERVER_INFO)

begin(RULES)
end(RULES)

begin(PLUGIN_SET)
10001 = yes
.....



Here is the kb


1138133194 3 Launched/14273=1
1138133194 3 Launched/10796=1
1138133194 3 Launched/11840=1
1138133201 3 Launched/10180=1
1138133201 3 Launched/19762=1
1138133201 3 Launched/14259=1
1138133203 3 Launched/14274=1
1138133203 3 Launched/11219=1
1138133203 3 Launched/14272=1
1138133239 3 Host/scanners/synscan=1
1138133239 3 Launched/10335=1
1138133294 3 Ports/tcp/139=1
1138133294 3 TCPScanner/CnxTime1000/139=8024
1138133294 3 TCPScanner/CnxTime/139=8
1138133294 3 Ports/tcp/445=1
1138133294 3 TCPScanner/CnxTime1000/445=8421
1138133294 3 TCPScanner/CnxTime/445=8
1138133325 3 TCPScanner/OpenPortsNb=2
1138133325 3 TCPScanner/FilteredPortsNb=161
1138133325 3 Host/scanned=1
1138133325 3 Host/scanners/nessus_tcp_scanner=1
1138133325 3 Launched/10870=1
1138133325 3 Launched/11038=1
1138133325 3 Launched/12288=1
1138133325 3 Launched/10890=1
1138133325 3 Launched/12241=1
1138133325 1 SMTP/headers/From=nobody@example.com
1138133325 1 SMTP/headers/To=postmaster@[192.168.0.76]
1138133325 3 Launched/10308=1
1138133325 1 ftp/writeable_dir=/incoming
1138133325 1 ftp/login=anonymous
1138133325 1 ftp/password=nessus@nessus.org
1138133325 3 SMB/dont_send_in_cleartext=1
1138133325 1 SMB/login_filled/0=******
1138133325 1 SMB/password_filled/0=******
1138133325 1 SMB/domain_filled/0=******
1138133325 3 Launched/17351=1
1138133325 1 /Settings/Whisker/NIDS=X
1138133325 3 Launched/10917=1
1138133325 1 global_settings/experimental_scripts=yes
1138133325 1 global_settings/thorough_tests=no
1138133325 1 global_settings/report_verbosity=Normal
1138133325 1 global_settings/log_verbosity=Normal
1138133325 1 global_settings/report_paranoia=Normal
1138133325 1 global_settings/network_type=Mixed (use RFC 1918)
1138133325 3 Launched/10889=1
1138133325 3 SMB/test_domain=1
1138133325 3 Launched/11933=1
1138133325 3 Launched/10330=1
1138133325 3 Launched/10223=1
1138133325 3 Launched/10714=1
1138133325 3 Launched/10800=1
1138133325 3 Launched/11292=1
1138133325 3 Launched/10884=1
1138133325 1 SSL/password=
1138133325 3 Launched/12218=1
1138133330 3 Launched/12634=1
1138133330 3 Launched/13571=1
1138133330 3 Launched/12676=1
1138133330 3 Launched/14764=1
1138133330 3 Launched/18800=1
1138133330 3 Launched/16534=1
1138133330 3 Launched/15588=1
1138133333 3 Launched/11011=1
1138133333 3 Launched/10757=1
1138133333 3 Launched/17975=1
1138133340 3 Launched/15700=1
1138133340 3 Launched/13023=1
1138133340 3 Launched/12959=1
1138133340 3 Launched/20403=1
1138133340 3 Launched/19813=1
1138133340 3 Launched/16590=1
1138133340 3 Launched/16925=1
1138133340 3 Launched/20269=1
1138133340 3 Launched/20684=1
1138133340 3 Launched/15234=1
1138133340 3 Launched/16218=1
1138133340 3 Launched/14735=1
1138133340 3 Launched/13086=1
1138133340 3 Launched/19712=1
1138133340 3 Launched/18625=1
1138133340 3 Launched/16697=1
1138133340 3 Launched/14773=1
1138133340 3 Launched/14772=1
1138133340 3 Launched/10582=1
1138133340 3 Launched/11149=1
1138133340 3 Launched/11689=1
1138133340 3 Launched/19559=1
1138133340 3 Launched/18219=1
1138133340 3 Launched/17244=1
1138133340 3 Launched/15614=1
1138133355 3 Launched/15615=1
1138133355 3 Launched/17200=1
1138133355 3 Launched/10135=1
1138133355 3 Launched/18533=1
1138133355 3 Launched/18178=1
1138133355 3 Launched/18177=1
1138133363 3 Launched/14644=1
1138133370 3 Launched/18100=1
1138133370 3 Launched/18141=1
1138133370 3 Launched/10746=1
1138133370 3 Launched/11111=1
1138133370 3 Launched/10736=1
1138133370 3 Launched/11153=1
1138133370 3 Launched/12534=1
1138133370 3 Launched/20077=1
1138133370 3 Launched/16934=1
1138133370 3 Launched/13556=1
1138133370 3 Launched/18748=1
1138133370 3 Launched/12432=1
1138133370 3 Launched/12527=1
1138133370 3 Launched/17568=1
1138133370 3 Launched/12443=1
1138133370 3 Launched/18802=1
1138133370 3 Launched/16748=1
1138133370 3 Launched/12924=1
1138133370 3 Launched/13435=1
1138133370 3 Launched/17264=1
1138133370 3 Launched/17181=1
1138133370 3 Launched/16785=1
1138133370 3 Launched/20539=1
1138133370 3 Launched/19465=1
1138133370 3 Launched/16613=1
1138133370 3 Launched/15800=1
1138133370 3 Launched/19286=1
1138133370 3 Launched/14043=1
1138133370 3 Launched/19097=1
1138133370 3 Launched/16819=1
1138133370 3 Launched/16645=1
1138133370 3 Launched/19929=1
1138133370 3 Launched/12467=1
1138133370 3 Launched/17407=1
1138133370 3 Launched/16569=1
1138133370 3 Launched/20721=1
1138133370 3 Launched/18791=1
1138133370 3 Launched/19133=1
1138133370 3 Launched/13893=1
1138133370 3 Launched/10150=1
1138133370 3 Launched/12266=1
1138133370 3 SMB/NetBIOS/137=1
1138133370 1 SMB/mac_addr=00:a0:44:55:66:77
1138133370 1 SentData/10150/NOTE=\nSynopsis :\n\nIt is possible to obtain the network name of th
e remote host.\n\nDescription :\n\nThe remote host listens on udp port 137 and replies to NetBIO
S\nnbtscan requests.\nBy sending a wildcard request it is possible to obtain the name of\nthe re
mote system and the name of its domain.\n\nRisk factor :\n\nNone\n\nPlugin output :\n\nThe follo
wing 6 NetBIOS names have been gathered :\n\n ****** = Computer name\n ****** = Workgroup / Domain name\n ****** = File Server Service\n ****** = Browse
r Service Elections\n ****** = Master Browser\n __MSBROWSE__ = Master Browser\n\nT
he remote host has the following MAC address on its adapter :\n 00:a0:c9:45:0a:9c
1138133370 3 Success/10150=1
1138133370 1 SMB/name=******
1138133370 3 SMB/netbios_name=1
1138133370 1 SMB/workgroup=******
1138133370 3 Launched/10785=1
1138133385 3 Launched/19067=1
.....



Muad Dib a écrit : 
Hi all,
I'm trying to have my nessus check hotfixes on some
win32 boxes.
I'm using auto_dependancies and all plugins
To do that, it requires several keys. What is strange
is that it fails to set the SMB/transport key altough
ports 139,445 are up and running. It seems that
cifs445.nasl is the issuer but i wonder why, i did not
see any error in this plugin.
I'm using nessus from console so I have deleted all
.nessusrc settings to verify : same result.
I wonder if there are special configuration settings
on win boxes i should have missed.
I tested on 2 boxes, xp sp1 & sp2.











___________________________________________________________________________ Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international.
Téléchargez sur http://fr.messenger.yahoo.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Problem login to nessusd, Luis Miguel Rodriguez
Next by Date:  Re: [nessus 2.2] two ways to call nmap?, Michel Arboi
Previous by Thread:  Missing SMB/transport, Muad Dib
Next by Thread:  Where is the knowledge base saved?, Greg Padden
Indexes:  [Date] [Thread] [Top] [All Lists]