Re: Scanning Win2k with Nessus [SPAM]

Tue, 16 Jan 2007 16:36:42 -0800 

Thank you for the info on Event Viewer, I wasn't aware of that so that 
definitely helps.

The only output I am getting in the report that pertains to connecting to the 
win2k host is from the "smb accessible registry" plugin (nessus id 10400).   It 
says the following:

  It was not possible to connect to PIPE\winreg on the remote host.
  If you intend to use Nessus to perform registry-based checks, the
  registry checks will not work because the 'Remote Registry Access'
  service (winreg) has been disabled on the remote host or can not be
  connected to with the supplied credentials.

The Remote Registry Service IS running on my win2k system (target in this 
case).  The user I created is in the Administrators group, so he should not 
have a problem with the credentials being verified.  Is there something else 
that I am missing in the description pasted above?

Thanks,

Beau
  _____  

From: Mikhail Utin [mailto:[EMAIL PROTECTED]
To: Beau Nuanes [mailto:[EMAIL PROTECTED]
Sent: Tue, 16 Jan 2007 16:51:56 -0700
Subject: Re: Scanning Win2k with Nessus [SPAM]

              
Hi,  
Windows loggings registered in the Even Viewer is   different story. It is 
regular Windows login. Nessus uses remote registry access   service to get in 
and check the registry and C$. It should not be in the Event   Viewer. Check 
Nessus report what it say if it was able to get in . You'll easy   find this 
statements.  
   
Mikhail Utin       
----- Original Message -----     
From:     Beau Nuanes         
To: [email protected]     
Sent: Tuesday, January 16, 2007 5:53     PM    
Subject: Scanning Win2k with Nessus    

Hello,

I am new to Nessus, but have been doing     system/network administration for 
about 5 years.  I am trying to scan 2     win2k machines (one patched and one 
not) to get comfortable with Nessus before     putting it into production.  
Here's what I've done, after doing some     research:

1)  Installed NessusClient and Nessus on a Fedora Core 6     machine.
2)  Disabled "Safe Checks" and "Optimize the test" in     NessusClient.
3)  Disabled the *nix related tests since I'm scanning     Win2k.
4)  Created a Nessus user on the win2k machines and gave     him/her 
administrative privledges (I'll change this by editing the winreg key     once 
I have this working)
5)  Entered the credentials for this user in     NessusClient. I tried using 
hostname\user and just user as the     username.

My problem is that it appears that I am not attempting to     authenticate at 
all.  The Event viewer on the Win2k machines do not even     show an attempted 
login.  The "Local Checks Failed" plugin is active but     does not give me 
anything in the report.

Any ideas?  Should I just     re-install Nessus?  Thanks in advance.

Beau Nuanes         


          

      _____  

      

_______________________________________________
Nessus mailing     list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus      
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to