On Thu, Mar 04, 2004 at 09:40:05PM +0000, [EMAIL PROTECTED] wrote:
> Hello all,
> I have a couple of questions that I hope the masses can assist me with. First,
> I am running:
> I am using the Hydra plugin against Windows 2000 and XP systems (via SMB login) with
> a userlist of two different userids and a password list of five passwords. With
> this,
> I am seeing some unusual false positives (validated with LC4 on the suspect
> machines).
Oh, this is a bug, thanks. Windows XP tends to accept any login and
password and treat them as a null session.
> For example, the result might indicate a brute force success, but might show me the
> wrong
> userid, or the wrong password, or both. Has anyone else seen this? I haven't run
> the stand
> alone version of Hydra, but I guess that might be a good next step.
>
> Also, I am seeing an annoying number of positive results for Null sessions under XP,
> although
> RA is set to 2, the description still reads as if RA is set to 1. I don't see much
> discussion
> about this bother, so I assume it must be something I've overlooked.
Make sure that RA is set to 1 as well as RestrictAnonymousSam. Also, I
just noticed a bug in the plugin which will make it appear as a
security_hole instead of a security_note - I've just fixed that in CVS.
Thanks,
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
