Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Scanning a x64 bit system

from [jfvanmeter] Network Security [Permanent Link]
Subject: Scanning a x64 bit system
Date: Wed, 23 May 2007 12:29:18 +0000 
Has anyone had any problems scanning a X64 Windows 2003 SP2 R2 Server?

Here is the problem I'm having:

Security is set on the server using .inf files to per configure various 
security settings.  As a example 

a inf file is ran at the end of the build to configure telnet to have the 
following  ACL Admininstrators - Full and System - Full
"%SystemRoot%\system32\telnet.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"

I also have a .audit file that checks the file perms

<file_acl: "2">

<user: "Administrators">
        acl_inheritance: "not inherited"
        acl_apply: "This folder, subfolders and files"
        acl_allow: "full control" 
        </user>

<user: "SYSTEM">
        acl_inheritance: "not inherited"
        acl_apply: "This folder, subfolders and files"
        acl_allow: "full control" 
        </user>

</acl>

<custom_item>
      type: FILE_PERMISSIONS
      description: "%SystemRoot%\system32\telnet.exe"
      value_type: FILE_ACL
      value_data: "1"
      file: "%SystemRoot%\system32\telnet.exe"
</item>

When I scan a 32 bit version of WIndows the out is what I would expect. 

When I scan a 64 bit version of Windows I get the following

general/tcp High "%SystemRoot%\system32\telnet.exe" : [FAILED]
[0] Administrators (1-5-32-544)
type: Allow
Apply To: "this folder, subfolders and files"
Inheritance: "not inherited"
Permission: "Special"

[1] SYSTEM (1-5-18)
type: Allow
Apply To: "this folder, subfolders and files"
Inheritance: "not inherited"
Permission: "Special"

[2] Administrators (1-5-32-544)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[3] CREATOR OWNER (1-3-0)
type: Allow
Apply To: "subfolders only"
Inheritance: "not inherited"
Permission: "Special"

[4] SYSTEM (1-5-18)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[5] Users (1-5-32-545)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[6] Everyone (1-1-0)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[7] Everyone (1-1-0)
type: Deny
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

When I manual check the ACL on c:\winnt\system32\Telnet.exe it shows 
Administrators - Full and System - Full .

 Could this be a issue casued by the WOW32 envirnment and the system32 
directory that gets remapped. Also whole parts of the registry and other system 
folders as well;



Thank You, again I'm sorry for the long email, and that I may have over load 
the info

Take Care and Have Fun --John



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  GUI client for linux nessus 3, miraj
Next by Date:  Re: Scanning a x64 bit system, Nicolas Pouvesle
Previous by Thread:  NessusWX Timeout, Carl Agbayani
Next by Thread:  Re: Scanning a x64 bit system, Nicolas Pouvesle
Indexes:  [Date] [Thread] [Top] [All Lists]