Guess not. Would be mighty useful: Disabling the storage of the LM Hash may not be applied properly on all PCs -- would be great to identify those.
Retrieving the hash would confirm that. Doing so in Nessus would allow it to be incorporated into regular scanning processes. Been doing a lot of research on the Pass the Hash type attacks, and their maturation lately. Between bacK|Track, core's PTH toolkit, anyone with physical access to a machine in your network can quickly leverage it to elevate their access. Identifying at-risk PCs would be nice. My 2 cents. If anyone undertakes the writing of this -- if it's possible -- would love to hear about it/test it out. Thanks, Mike On Mon, Aug 18, 2008 at 9:56 AM, Mike Vasquez <[EMAIL PROTECTED]>wrote: > Wondering if there are any NASL scripts to check if: > > a) A workstation is storing the LM hash > b) Retrieve the LM / NTLM hash for local user accounts > > Thanks, > Mike >
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
