hi i am network administrator in my organization . I want to use nessus NASL script for finding out network shares in my local area network . But the problem is that nessus script for smb share is dependent for other nessus scripts like
netbious-name_get.nasl smb_login.nasl cifs445.nasl smbnativlanman.nasl logins.nasl find_service.nasl all these nessus plugins are inter-independent can somebody help to find out the way so that i can scan scan open share with NASL . THANK U. On Nov 14, 2007 10:30 PM, <[EMAIL PROTECTED]> wrote: > Send Nessus mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.nessus.org/mailman/listinfo/nessus > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Nessus digest..." > > > Today's Topics: > > 1. Vista and MS06-035, MS06-040 (Doty, Timothy T.) > 2. Re: Vista and MS06-035, MS06-040 (Renaud Deraison) > 3. Re: Nikto on Nessus 3 Client? (Ramos, Jaime J.) > 4. LDAP allows anonymous binds (PJ Bender) > 5. Re: Nikto on Nessus 3 Client? (George A. Theall) > 6. Re: LDAP allows anonymous binds (George A. Theall) > 7. implications/feasibility of running nessus with higher > privilege levels (SantoshKumar_Mishra) > 8. Re: implications/feasibility of running nessus with higher > privilege levels (Doug Nordwall) > 9. Plugin 26919 (Nelson, C.M.) > 10. Re: LDAP allows anonymous binds ([EMAIL PROTECTED]) > 11. Re: Plugin 26919 (Ron Gula) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 13 Nov 2007 11:49:36 -0600 > From: "Doty, Timothy T." <[EMAIL PROTECTED]> > Subject: Vista and MS06-035, MS06-040 > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > I have at least one system on our network that is reported as being > vulnerable to MS06-035 and MS06-040. However, the computer is supposedly > running Vista which is not listed as being affected. All I've managed to > find with Google is an indication that Vista beta 2 build 5381 didn't crash > so that Vista may be unaffected. > > Is there any more information? > > Tim Doty > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: smime.p7s > Type: application/x-pkcs7-signature > Size: 7362 bytes > Desc: not available > Url : > http://mail.nessus.org/pipermail/nessus/attachments/20071113/2eade36a/attachment-0001.bin > > ------------------------------ > > Message: 2 > Date: Tue, 13 Nov 2007 18:53:58 +0100 > From: Renaud Deraison <[EMAIL PROTECTED]> > Subject: Re: Vista and MS06-035, MS06-040 > To: Nessus List <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed > > > Hi Tim, > > On Nov 13, 2007, at 6:49 PM, Doty, Timothy T. wrote: > > > I have at least one system on our network that is reported as being > > vulnerable to MS06-035 and MS06-040. However, the computer is > > supposedly > > running Vista which is not listed as being affected. All I've > > managed to > > find with Google is an indication that Vista beta 2 build 5381 > > didn't crash > > so that Vista may be unaffected. > > > > Is there any more information? > > The plugins should not have fired, since the remote host is running > Vista. Could you send us the kb of the tested host ? > > > -- Renaud > > > ------------------------------ > > Message: 3 > Date: Tue, 13 Nov 2007 11:06:51 -0800 > From: "Ramos, Jaime J." <[EMAIL PROTECTED]> > Subject: Re: Nikto on Nessus 3 Client? > To: <[EMAIL PROTECTED]> > Cc: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > There is no option as you described under the "Advanced" tab. The only > option I see under "Advanced" regarding Nikto is: > > 1. Under the top drop-down box > > 2. Select HTTP NIDS evasion > > 3. At the bottom of window there is "Random case sensitivity (Nikto > only) > > > > Nessus Client v3.0.0 (build 2G161_Q) > > > > I described my setup incorrectly; I corrected it below... > > > > ************************** > > > > I'm having problems obtaining a Nikto Report from the NessusClient > v3.0.0 (GUI) > > .... Here's the setup: Scanning an XP SP2 machine w/ IIS. > > Nessus 3.0.6 Build 283 for Linux on my CentOS 4.4 machine with Nikto > integration. > > NessusClient v3.0.0 on the CentOS and XP SP2 machines > > Nessus Console v.1.4.5 on a Win XP SP2 machine. > > > > I can run a scan from the XP SP2 machine using the Nessus Console 1.4.5 > and the report will show the "Nikto Report" just fine but I do not get > anything that even looks like a Nikto report when scanning from the > CentOS or XP machine using the NessusClient v3.0.0 > > > > NessusClient v3.0.0 > > Using the Default policy I enabled all plugins, (seen Nikto there and > checked), CGI scanning, thorough and experimental scanning. > > > > If you need any additional information let me know... > > > > ****Your reply was...Under the "Advanced" tab, select the "Nikto (NASL > wrapper)" pull-down and make sure "Enable Nikto" is checked. > > > > George > > -- > > [EMAIL PROTECTED] > > > > > > Jaime Ramos > > Engineering > > OEM-NST > > 559-292-1981 > > ex: 6215 > > > > > > Confidentiality Notice: > The information contained in this transmission is legally > privileged and confidential, intended only for the use of the > individual(s) or entities named above. This email and any files > transmitted with it are the property of Pelco. If the reader of > this message is not the intended recipient, or an employee or agent > responsible for delivering this message to the intended recipient, > you are hereby notified that any review, disclosure, copying, > distribution, retention, or any action taken or omitted to be taken > in reliance on it is prohibited and may be unlawful. If you receive > this communication in error, please notify us immediately by > telephone call to +1-559-292-1981 or forward the e-mail to > [EMAIL PROTECTED] and then permanently delete the e-mail and > destroy all soft and hard copies of the message and any > attachments. Thank you for your cooperation. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20071113/6658b43c/attachment-0001.html > > ------------------------------ > > Message: 4 > Date: Tue, 13 Nov 2007 09:30:15 -0800 > From: "PJ Bender" <[EMAIL PROTECTED]> > Subject: LDAP allows anonymous binds > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > When Nessus was run against our two Domain Controllers, we received the > following report: > Synopsis: It is possible to disclose LDAP information. > > Description: Improperly configured LDAP servers will allow any user to > connect to > the server and query it for information. > > Solution: Disable NULL BIND on your LDAP server > > Risk Factor : Medium / CVSS Base Score : 5.0 > (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) > CVE : CVE-1999-0385 > BID : 503 > Now when we look for a method to disable the null bind on out LDAP server, we > are directed to a Microsoft update for MS Exchange 5.5. Since, we do use > Exchange 5.5, I don't think it is this problem. > Can someone let me know where I can go to find a method(s) to disable the > null bind on my Windows 2003 LDAP server(s)? > Thank you > > > P. J. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20071113/99dece10/attachment-0001.html > > ------------------------------ > > Message: 5 > Date: Tue, 13 Nov 2007 16:08:17 -0500 > From: "George A. Theall" <[EMAIL PROTECTED]> > Subject: Re: Nikto on Nessus 3 Client? > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=windows-1252; format=flowed > > On 11/13/07 14:06, Ramos, Jaime J. wrote: > > > There is no option as you described under the ?Advanced? tab. The only > > option I see under ?Advanced? regarding Nikto is: > ... > > 3. At the bottom of window there is ?Random case sensitivity (Nikto only) > > Really? If that's true, you must be connecting to a Nessus 2.x server as > plugin #10890 (http_ids_evasion.nasl) is disabled in Nessus 3.x. > > > George > -- > [EMAIL PROTECTED] > > > ------------------------------ > > Message: 6 > Date: Tue, 13 Nov 2007 21:52:10 -0500 > From: "George A. Theall" <[EMAIL PROTECTED]> > Subject: Re: LDAP allows anonymous binds > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=windows-1252; format=flowed > > On 11/13/07 12:30, PJ Bender wrote: > > > When Nessus was run against our two Domain Controllers, we received > > the following report: > > > > *Synopsis*: It is possible to disclose LDAP information. > ... > > *Solution*: Disable NULL BIND on your LDAP server > ... > > I don?t think it is this problem. > > FWIW, the plugin actually tries to query a server without authenticating > (ie, a "NULL BIND") and checks for a response. So it might be useful to > capture packets to/from the affected LDAP services and see what is being > returned. > > > Can someone let me know where I can go to find a method(s) to disable > > the null bind on my Windows 2003 LDAP server(s)? > > Have you searched Microsoft's site? For example: check out the > discussion of "dsHeuristics" in: > > http://support.microsoft.com/kb/326690/ > > George > -- > [EMAIL PROTECTED] > > > ------------------------------ > > Message: 7 > Date: Wed, 14 Nov 2007 13:01:05 +0530 > From: "SantoshKumar_Mishra" <[EMAIL PROTECTED]> > Subject: implications/feasibility of running nessus with higher > privilege levels > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Dear All, > > Can you please suggest the implications/feasibility of running nessus with > higher privilege levels which include 'local checks'. > > Appreciate if can reply a bit early. > > > > Thanks, > > Santosh > > > > > DISCLAIMER: > This email (including any attachments) is intended for the sole use of the > intended recipient/s and may contain material that is CONFIDENTIAL AND > PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or > distribution or forwarding of any or all of the contents in this message is > STRICTLY PROHIBITED. If you are not the intended recipient, please contact > the sender by email and delete all copies; your cooperation in this regard is > appreciated. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20071114/6b7e6c8b/attachment-0001.html > > ------------------------------ > > Message: 8 > Date: Wed, 14 Nov 2007 06:00:56 -0800 > From: "Doug Nordwall" <[EMAIL PROTECTED]> > Subject: Re: implications/feasibility of running nessus with higher > privilege levels > To: SantoshKumar_Mishra <[EMAIL PROTECTED]> > Cc: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > well, i'm not sure exactly in what context you are "running nessus" from. If > you are referring to running the local checks as someone with higher > privileges, then I can say that is how they are designed to run. Most of the > information that comes out of them is supposed to be administrator/root > level. > > If you are talking about running the client as root, then it's not a big > deal. i've done it. > > The server needs to be run as rot, IIRC. > > On Nov 13, 2007 11:31 PM, SantoshKumar_Mishra < > [EMAIL PROTECTED]> wrote: > > > Dear All, > > > > Can you please suggest the* implications/feasibility of running nessus > > with higher privilege levels which include 'local checks'.* > > > > Appreciate if can reply a bit early. > > > > > > > > Thanks, > > > > Santosh > > > > > > > > DISCLAIMER: > > This email (including any attachments) is intended for the sole use of the > > intended recipient/s and may contain material that is CONFIDENTIAL AND > > PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or > > distribution or forwarding of any or all of the contents in this message is > > STRICTLY PROHIBITED. If you are not the intended recipient, please contact > > the sender by email and delete all copies; your cooperation in this regard > > is appreciated.. > > > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > > > > -- > Doug Nordwall > Unix, Network, and Security Administrator > You mean the vision is subject to low subscription rates?!!? - Scott Stone, > on MMORPGs > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20071114/489fc7ef/attachment-0001.html > > ------------------------------ > > Message: 9 > Date: Wed, 14 Nov 2007 14:50:00 -0000 > From: "Nelson, C.M." <[EMAIL PROTECTED]> > Subject: Plugin 26919 > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > Plugin 26919 says: > > ........ > Synopsis : It is possible to log into the remote host. Description : The > remote host is running one of the Microsoft Windows operating systems. It was > possible to log into it as a guest user using a random account. > > In the group policy change the setting for 'Network access: Sharing and > security model for local accounts' from 'Guest only - local users > authenticate as Guest' to 'Classic - local users authenticate as themselves'. > / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) > ........ > > > Could someone explain what the significance or seriousness of this is? Does > it suggest a remote or local exploit is possible? If so what can be achieved > and how can I confirm that the report is correct? > > -- > Carl Nelson, > Information Security Office, > IT Services, > University of Leicester, Leicester, LE1 7RH, U.K. > Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027 > > > ------------------------------ > > Message: 10 > Date: Wed, 14 Nov 2007 08:35:18 -0700 > From: [EMAIL PROTECTED] > Subject: Re: LDAP allows anonymous binds > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="iso-8859-1" > > I did some research on the issue and the information for me was > inconclusive -- > > I found this post: > http://www.derkeiler.com/Newsgroups/microsoft.public.win2000.security/2005-10/0239.html > > Date: Wed, 19 Oct 2005 12:07:35 -0400 > > You can't disable anonymous/NULL bind. LDAP V3 requires it for the > rootdse. > However, a null bind doesn't necessarily give you access to domain or > config > data. In fact, if you are running Windows Server 2003 AD you have to > specifically enable anonymous access on the ACLs to retrieve data > > Here's a kb article about anonymous ldap operations: > http://support.microsoft.com/kb/326690 > Anonymous LDAP operations to Active Directory are disabled on Windows > Server 2003 domain controllers > > SUMMARY > By default, anonymous Lightweight Directory Access Protocol (LDAP) > operations to Active Directory, other than rootDSE searches and binds, are > not permitted in Microsoft Windows Server 2003. > > There's another nice article here: > http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm > > Based on that information, I'm not convinced it's a great concern on > Win2k3. I would be interested in the impact of disabling it, per the > information provided. I'm a bit concerned about the possible fallout from > a change. > > Thanks, > > Mike > > > > > "George A. Theall" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 11/13/2007 07:52 PM > > To > [email protected] > cc > > Subject > Re: LDAP allows anonymous binds > > > > > > > On 11/13/07 12:30, PJ Bender wrote: > > > When Nessus was run against our two Domain Controllers, we received > > the following report: > > > > *Synopsis*: It is possible to disclose LDAP information. > ... > > *Solution*: Disable NULL BIND on your LDAP server > ... > > I don?t think it is this problem. > > FWIW, the plugin actually tries to query a server without authenticating > (ie, a "NULL BIND") and checks for a response. So it might be useful to > capture packets to/from the affected LDAP services and see what is being > returned. > > > Can someone let me know where I can go to find a method(s) to disable > > the null bind on my Windows 2003 LDAP server(s)? > > Have you searched Microsoft's site? For example: check out the > discussion of "dsHeuristics" in: > > http://support.microsoft.com/kb/326690/ > > George > -- > [EMAIL PROTECTED] > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20071114/c0cae2fd/attachment-0001.html > > ------------------------------ > > Message: 11 > Date: Wed, 14 Nov 2007 11:13:57 -0500 > From: Ron Gula <[EMAIL PROTECTED]> > Subject: Re: Plugin 26919 > To: "Nelson, C.M." <[EMAIL PROTECTED]> > Cc: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi Carl, > > >From where you performed your Nessus scan against this Windows host, > anyone with network access to that system can log into it with a bogus > account. > > If this system is outisde of a firewall or reachable by just about > anyone in your organization, this could be a serious problem for you. If > you had to go through extraordinary effort to scan this box (plug in to > a DMZ, get the IT guys to open firewall ports, .etc) this is something > that should be fixed, but won't be as serious. > > If your system has any other vulnerabilities, such as a locally > exploitable vulnerability, it may be possible for a remote user to > connect with a guest account and then attempt to become an > administrator. Of course, if the system isn't really hardened, a guest > account might be all the access that a remote user would need to read > files, install a backdoor, turn the system into a bot, launch attacks > against other systems and so on. > > To verify that remote access is allowed by this host, you could try > using the smbshell tool from Tenable: > > http://cgi.tenablesecurity.com/tenable/smbshell.php > > Keep in mind that Windows has many different types of access control for > file access and program execution. The plugin said that it could log in. > Your IT people may have put some level of security of hardening for > 'Guest' users or they may not have. > > Ron Gula > Tenable Network Security > > > > Nelson, C.M. wrote: > > Hi, > > > > Plugin 26919 says: > > > > ........ > > Synopsis : It is possible to log into the remote host. Description : The > > remote host is running one of the Microsoft Windows operating systems. It > > was possible to log into it as a guest user using a random account. > > > > In the group policy change the setting for 'Network access: Sharing and > > security model for local accounts' from 'Guest only - local users > > authenticate as Guest' to 'Classic - local users authenticate as > > themselves'. / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) > > ........ > > > > > > Could someone explain what the significance or seriousness of this is? Does > > it suggest a remote or local exploit is possible? If so what can be > > achieved and how can I confirm that the report is correct? > > > > -- > > Carl Nelson, > > Information Security Office, > > IT Services, > > University of Leicester, Leicester, LE1 7RH, U.K. > > Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027 > > _______________________________________________ > > Nessus mailing list > > [email protected] > > http://mail.nessus.org/mailman/listinfo/nessus > > > > > > ------------------------------ > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > End of Nessus Digest, Vol 49, Issue 8 > ************************************* > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
