Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DCOM Plugin Question

from [jfvanmeter] Network Security [Permanent Link]
Subject: Re: DCOM Plugin Question
Date: Mon, 27 Feb 2006 15:22:08 +0000 
Thanks Nicolas, the issue, is the current scanner that the client requires me 
to uses reports it.  

I would like to move them to Nessus. 

The question I keep getting  is why does one report it and Nessus does not. 
With that said, I figured I would create/find the plugin.

If anyone can add to what Nicolas has told me feel free to chime in.

Thank You in Advance --John



-------------- Original message -------------- 
From: Nicolas Pouvesle <npouvesle@tenablesecurity.com> 


On Sat, 2006-02-25 at 17:06 +0000, jfvanmeter@comcast.net wrote: 


DCOM allows applications to be distributed across locations, the 
application 

create program ids that can have the default launch and access permissons. 


A user account is added as authentication credentials to granted permission 

to access/launch the component. When the user credentials (as a example a 
service account) are add they can recieve the default access and launch 
permissions. Alot of time they don't need the default permissions. 


DCOMCNFG is the tool that comes with Windows that allows you to configure 
the 

DCOM settings of a COM application. The application can be listed as a Name 
or 
by a program ID and its rather painful to manual check each. 




Thanks for the information. I will try to look at that later and see 
what I can do. 



Other scanners I've used will report on what user has what level of access 

and/or launch permission for a COM object. When I run an Administrative scan 
using Nessus, i've never see it report on this setting and so far i've been 
unable to find a plugin that does. 


I was thinking of writting a plugin to check the access and launch 
permission 

for COM objects. but didn't want to re-invent the wheel and thought I would 
ask 
to see if anyone else 

has. 



I really don't think you want to do that. It is easy to use the DCOM 
protocol with the Windows API but it is much more complex to do that 
with Nessus ;-) 


Nicolas 

_______________________________________________ 
Nessus mailing list 
Nessus@list.nessus.org 
http://mail.nessus.org/mailman/listinfo/nessus 
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Problems with the registration site for the plugins update., George A. Theall
Next by Date:  Plugins, Anna Zapata
Previous by Thread:  Re: DCOM Plugin Question, Nicolas Pouvesle
Next by Thread:  problem initiating nessus, Juan B
Indexes:  [Date] [Thread] [Top] [All Lists]