Nessus does not check the Guest account but checks if remote users are authenticated as guest. It is done by creating a random user account. So when this property is enabled (ie Guest account) then when you connect with an administrator account you are in fact logged as Guest and it is not possible to check if the admin account has a password or not.
Nicolas On Apr 14, 2008, at 8:48 PM, Adam Campbell wrote: > I was referring to the local guest user account on the server. If the > local guest account is enabled on the server, this plugin flags the > issue but the local administrator password being blank doesn't flag an > issue. If I disable the local guest account, it will alert me that > the > local administrator password is blank. > > Adam Campbell > MIS Department > a la mode, inc. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, April 12, 2008 11:00 AM > To: [email protected] > Subject: Nessus Digest, Vol 54, Issue 11 > > Send Nessus mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.nessus.org/mailman/listinfo/nessus > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Nessus digest..." > > > Today's Topics: > > 1. Administrator and Guest Accounts (Adam Campbell) > 2. Re: Administrator and Guest Accounts (George A. Theall) > 3. Re: Host identification b/w workstation and server( or > internet facing system) (Chak Kevin) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 11 Apr 2008 14:22:57 -0500 > From: "Adam Campbell" <[EMAIL PROTECTED]> > Subject: Administrator and Guest Accounts > To: <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > I am new to Nessus and am running some basic scans to get a grasp on > it. > I have two plugins enabled(SMB blank administrator password and SMB > guest account for all users) but I am only getting results for one. > If > I check the log it says "required key missing" on the plugin that > didn't > run. Here is my targeted server configuration and the nessus output. > > > > > > Blank admin password and guest enabled = Results for SMB guest account > for all users > > Blank admin password and guest disabled = Results for SMB blank > administrator password > > > > > > > > Adam Campbell > > MIS Department > > a la mode, inc. > > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.nessus.org/pipermail/nessus/attachments/20080411/a010136d/at > tachment-0001.html > > ------------------------------ > > Message: 2 > Date: Fri, 11 Apr 2008 20:04:45 -0400 > From: "George A. Theall" <[EMAIL PROTECTED]> > Subject: Re: Administrator and Guest Accounts > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=WINDOWS-1252; format=flowed; > delsp=yes > > On Apr 11, 2008, at 3:22 PM, Adam Campbell wrote: > >> I am new to Nessus and am running some basic scans to get a grasp on >> it. I have two plugins enabled(SMB blank administrator password and >> SMB guest account for all users) but I am only getting results for >> one. If I check the log it says ?required key missing? on the >> plugin that didn?t run. > > In the case of these two plugins, you'll see this message in the log > if you have optimization turned on and the plugin doesn't report a > problem. > >> Here is my targeted server configuration and the nessus output. >> >> >> Blank admin password and guest enabled = Results for SMB guest >> account for all users >> Blank admin password and guest disabled = Results for SMB blank >> administrator password > > With the "Guest only" module for local accounts, aren't network logons > are automatically mapped to the guest account? How would you be able > to determine if a particular local user, such as Administrator, is > missing a password in that case? > > George > -- > [EMAIL PROTECTED] > > > > > > ------------------------------ > > Message: 3 > Date: Sat, 12 Apr 2008 01:00:38 -1000 > From: Chak Kevin <[EMAIL PROTECTED]> > Subject: Re: Host identification b/w workstation and server( or > internet facing system) > To: Nessus Discussion Board <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="big5" > > > Thank you Mr. Theall. So, actually, how Nessus perform the particular > process after finish loading a plugin? For example, like you said > before, they send request to a port. How Nessus do this kind of > sending? > Which part do this, Nessus or plugin? Thanks~ > > > Kevin > > > > > Message: 19 > Date: Wed, 26 Mar 2008 07:34:10 -0400 > From: "George A. Theall" > Subject: Re: Host identification b/w workstation and server( or > internet facing system) > To: [email protected] > Message-ID: > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes > > On Mar 26, 2008, at 4:45 AM, Chak Kevin wrote: > >> I am trying to understand how Nessus identify a host is a web server >> (or internet facing system) or just a regular workstation. Have this >> identification been implemented in the source code? Or Nessus do >> this by using some specific plugins? > > Service detection isn't as black and white as this -- a host isn't > identified as being a web server or workstation. Instead, Nessus > attempts to identify the services running on the various ports(s) > being scanned so in theory it will catch the web server running along > with MySQL, SSH, and SMTP. > > Nessus uses plugins for this. Some such as #10330, #17975, and #11153 > are fairly general - they send a request to a port and make a > determination based on the banner or the results returned. Others are > specific to a single application / protocol. > > > > > _________________________________________________________________ > 5 GB ???? ????????????????? ? ???? Windows Live Hotmail > http://mail.live.com > > > ------------------------------ > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > > End of Nessus Digest, Vol 54, Issue 11 > ************************************** > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
