Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scanning Win2k with Nessus [SPAM]

from [Beau Nuanes] Network Security [Permanent Link]
Subject: Re: Scanning Win2k with Nessus [SPAM]
Date: Tue, 16 Jan 2007 17:35:56 -0700 
Thank you for the info on Event Viewer, I wasn't aware of that so that 
definitely helps.

The only output I am getting in the report that pertains to connecting to the 
win2k host is from the "smb accessible registry" plugin (nessus id 10400).   It 
says the following:

  It was not possible to connect to PIPE\winreg on the remote host.
  If you intend to use Nessus to perform registry-based checks, the
  registry checks will not work because the 'Remote Registry Access'
  service (winreg) has been disabled on the remote host or can not be
  connected to with the supplied credentials.

The Remote Registry Service IS running on my win2k system (target in this 
case).  The user I created is in the Administrators group, so he should not 
have a problem with the credentials being verified.  Is there something else 
that I am missing in the description pasted above?

Thanks,

Beau
  _____  

From: Mikhail Utin [mailto:mutin@rubos.com]
To: Beau Nuanes [mailto:bnuanes@ssg-inc.net]
Sent: Tue, 16 Jan 2007 16:51:56 -0700
Subject: Re: Scanning Win2k with Nessus [SPAM]

              
Hi,  
Windows loggings registered in the Even Viewer is   different story. It is 
regular Windows login. Nessus uses remote registry access   service to get in 
and check the registry and C$. It should not be in the Event   Viewer. Check 
Nessus report what it say if it was able to get in . You'll easy   find this 
statements.  
   
Mikhail Utin       
----- Original Message -----     
From:     Beau Nuanes         
To: nessus@list.nessus.org     
Sent: Tuesday, January 16, 2007 5:53     PM    
Subject: Scanning Win2k with Nessus    

Hello,

I am new to Nessus, but have been doing     system/network administration for 
about 5 years.  I am trying to scan 2     win2k machines (one patched and one 
not) to get comfortable with Nessus before     putting it into production.  
Here's what I've done, after doing some     research:

1)  Installed NessusClient and Nessus on a Fedora Core 6     machine.
2)  Disabled "Safe Checks" and "Optimize the test" in     NessusClient.
3)  Disabled the *nix related tests since I'm scanning     Win2k.
4)  Created a Nessus user on the win2k machines and gave     him/her 
administrative privledges (I'll change this by editing the winreg key     once 
I have this working)
5)  Entered the credentials for this user in     NessusClient. I tried using 
hostname\user and just user as the     username.

My problem is that it appears that I am not attempting to     authenticate at 
all.  The Event viewer on the Win2k machines do not even     show an attempted 
login.  The "Local Checks Failed" plugin is active but     does not give me 
anything in the report.

Any ideas?  Should I just     re-install Nessus?  Thanks in advance.

Beau Nuanes         


          

      _____  

      

_______________________________________________
Nessus mailing     list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus      
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Scanning Win2k with Nessus [SPAM], Beau Nuanes <=
Previous by Date:  Scanning Win2k with Nessus, Beau Nuanes
Next by Date:  Re: Scanning Win2k with Nessus, George A. Theall
Previous by Thread:  Scanning Win2k with Nessus, Beau Nuanes
Next by Thread:  Nessus 3.0.5 released, Renaud Deraison
Indexes:  [Date] [Thread] [Top] [All Lists]