-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ok, one thing I forgot and some questions:
Most of the clients are running german Windows versions. Does this affect the check?
I had a quick look at the nasl files. I have not learned this scripting language, but ...
... TCP/seq_window_flaw must be set for 18028, right? I therefore now also set 12213 to yes (in addition to auto_enable_dependencies). But I do not see any 12213 related log messages in the NBE output file. Should there be any?
... 18027 seems to test port 2103, right? Why this port? It does not seem to be open on my clients.
The 10785 check seems to work fine. There are hosts reported as Windows ~ 5.1.
Thanks, Michael
Michael Redinger wrote: | Hello, | | I tried to check our hosts for the latest remote exploitable Windows | vulnerabilities using the plugins 18027 and 18028 (that's the main | reason why I subscribed to direct feed). But somehow this simply does | not work: | | I previousely scanned for the LSASS vulnerability using plugin 12209 | (smb_kb835732.nasl). This has worked fine for quite some time now. | But the two new ones do not seem to work - no single vulnerability when | scanning many, many hosts (but 12209 is still reported) ... | Do these plugins work for others? Did I obviousely miss something? Eg. | do I need a valid account on the host that should be checked? ... | I also enabled auto_enable_dependencies, just to make sure all necessary | plugins are enabled. | | nessusd -d: | Current setup : | ~ nasl : 2.2.2 | ~ libnessus : 2.2.2 | ~ SSL support : enabled | ~ SSL is used for client / server communication | ~ Running as euid : 0 | ~ Compiled with tcpwrappers support | | | nessus client command line: | nessus -c nessusrc.test -T nbe -q nhost 1241 xxx xxx hostfile outfile | | nessusrc (part): | | trusted_ca = /usr/com/nessus/CA/cacert.pem | nessusd_host = nhost | nessusd_user = xxx | paranoia_level = 3 | begin(SCANNER_SET) | ~ Nmap tcp connect() scan = no | ~ nmap = no | ~ 10180 = yes | ~ 10277 = no | ~ 10278 = no | ~ 10331 = no | ~ 10335 = no | ~ 10841 = no | ~ 10336 = no | ~ 10796 = no | ~ 11219 = no | ~ 11840 = yes | ~ 14259 = no | ~ 14274 = no | ~ 14272 = no | end(SCANNER_SET) | | begin(SERVER_PREFS) | ~ max_threads = 50 | ~ language = english | ~ checks_read_timeout = 5 | ~ auto_enable_dependencies = yes | ~ save_session = no | ~ save_empty_sessions = no | ~ host_expansion = ip | ~ ping_hosts = yes | ~ reverse_lookup = no | ~ optimize_test = yes | ~ safe_checks = yes | ~ use_mac_addr = no | ~ detached_scan = no | ~ continuous_scan = no | ~ unscanned_closed = no | ~ save_knowledge_base = no | ~ only_test_hosts_whose_kb_we_dont_have = no | ~ only_test_hosts_whose_kb_we_have = no | ~ kb_restore = no | ~ kb_dont_replay_scanners = no | ~ kb_dont_replay_info_gathering = no | ~ kb_dont_replay_attacks = no | ~ kb_dont_replay_denials = no | ~ diff_scan = no | ~ kb_max_age = 864000 | ~ log_whole_attack = yes | end(SERVER_PREFS) | | begin(PLUGIN_SET) | # ... | ~ 12209 = yes | ~ 18027 = yes | ~ 18028 = yes | # ... | end(PLUGIN_SET) | | | Thanks, | Michael | | _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
- -- Michael Redinger Zentraler Informatikdienst (Central IT Services) Universitaet Innsbruck Technikerstrasse 13 Tel.: ++43 512 507 2335 6020 Innsbruck Fax.: ++43 512 507 2944 Austria Mail: [EMAIL PROTECTED] BB98 D2FE 0F2C 2658 3780 3CB1 0FD7 A9D9 65C2 C11D http://www.uibk.ac.at/~c102mr/mred-pubkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCX5noD9ep2WXCwR0RApJeAJ4mYAoO+Aegls0D2kzJA2/AuJQnJQCfQP1h 18KZGlAEeZJ6Q9jYODSX2SI= =XLnk -----END PGP SIGNATURE----- _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
