Hi all, I'm trying to run a credentialed scan against a Windows Server
2008 machine from a box running Nessus 3.2.1. I initially was doing
this from NessusClient, but am testing with nasl as follows:
./nasl -T /tmp/hi.log -X -t 10.49.102.75 \
/opt/nessus/lib/nessus/plugins/compliance_check.nbin
Then providing a valid SMB account as prompted.
The problem is that none of the credentialed checks appear to be
succeeding. I have verified that the account supplied is in the local
Administrators group, and I can remote desktop into the machine as that
user just fine.
Output from the nasl command is as follows:
There was an error during compliance check initialization. Nessus returned
the following error message :
Some errors occurred when attempting to perform the compliance checks :
can't initialize the audit engine: AUDIT_ERROR_NO_SOCKET: an error happened
while opening a socket
I did a tcpdump while running the above command and noticed that
Windows responds with a 'reset' packet in response to Nessus' initial
packet to port 445 -- almost like a firewall. However, the firewall is
disabled on this machine.
Also, I am unable to connect to the default shares on the machine using
smbclient (C$, ADMIN$). I get the following error there:
$ smbclient //STDBSTG/C$ -I 10.49.102.175 -U nessus
Password:
Domain=[STDBSTG] OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack 1]
Server=[Windows Server (R) 2008 Enterprise 6.0]
tree connect failed: NT_STATUS_ACCESS_DENIED
Perhaps this is related.
Anyone have any suggestions? I figure this must be some security
setting in 2008...
Thanks,
Ray
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
