Hello all,
I have a couple of questions that I hope the masses can assist me with. First,
I am running:
This is Nessus 2.0.10 for Linux 2.4.21-9.ELsmp
compiled with gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-20)
Current setup :
Experimental session-saving : enabled
Experimental KB saving : enabled
Thread manager : fork
nasl : 2.0.10
libnessus : 2.0.10
SSL support : enabled
SSL is used for client / server communication
Running as euid : 0
I am using the Hydra plugin against Windows 2000 and XP systems (via SMB login) with
a userlist of two different userids and a password list of five passwords. With this,
I am seeing some unusual false positives (validated with LC4 on the suspect machines).
For example, the result might indicate a brute force success, but might show me the
wrong
userid, or the wrong password, or both. Has anyone else seen this? I haven't run the
stand
alone version of Hydra, but I guess that might be a good next step.
Also, I am seeing an annoying number of positive results for Null sessions under XP,
although
RA is set to 2, the description still reads as if RA is set to 1. I don't see much
discussion
about this bother, so I assume it must be something I've overlooked.
Any insight is appreciated.
-Ds
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
