Is there a .log file I can check to see because I KNOW my credentials work. I have tested them with another system and verified they work remotely. I also already did everything on that website as well as a test, and still getting same results. ☹ I need to see or have a debug option turned on so I can see what’s going on.
From: Antu Sanadi [mailto:[email protected]] Sent: Monday, September 22, 2014 9:01 AM To: Turner, Jonas; [email protected] Subject: Re: [Openvas-discuss] Plugins Question On Monday 22 September 2014 05:56 PM, Turner, Jonas wrote: I have tried four different credentials on MANY different machines and even a local laptop with a VERY generic password. Results are always the same and never do anything differently. I do see a 2014 and 2013 folder in the plugins folder. Do those get used? Are those for the 3rd party and windows updates? I think its not able login to the target machine, If its able to login then sure it will detect all new and outdated vulnerable versions. Please have a look at, http://www.greenbone.net/learningcenter/auth_scans.html Whatever sub directories are present in plugins directory those will be get used, These are the only conventions to plugins which are developed in respective year. Your report should have the following(if login success) WINDOWS: Summary This script attempts to logon into the remote host using login/password credentials. Vulnerability Detection Result It was possible to log into the remote host using the SMB protocol. Log Method Details: SMB log in (OID: 1.3.6.1.4.1.25623.1.0.10394) LINUX: Summary This script tries to login with provided credentials. If the login was successful, it marks this port as available for any authenticated tests. Vulnerability Detection Result It was possible to login using the provided SSH credentials. Hence authenticated checks are enabled. Log Method Details: SSH Authorization Check (OID: 1.3.6.1.4.1.25623.1.0.90022) Please let me if it not works. Thanks, Antu Sanadi From: Openvas-discuss [mailto:[email protected]] On Behalf Of Antu Sanadi Sent: Monday, September 22, 2014 4:33 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Openvas-discuss] Plugins Question Hello, Yes, OpenVAS will detect for the outdated versions of 3rd party softwares. May be you are scan-config for credential scans in not proper. are you able to login to the target machine? Thanks, Antu Sanadi On Friday 19 September 2014 07:52 PM, Turner, Jonas wrote: Do the plugins scan for outdated versions of 3rd party software and missing OS patches? I would assume the credentialed scans would detect those missing and I would see results. Reason why I ask is because this is why I assume my credentialed scans don’t work. I am not seeing any of this information and my non-credentialed and credentialed scans report back the same results. Jonas Turner │ Security Analyst II Ph: 419.254.4890│Fax: 419.252.5557 E-mail: [email protected]<mailto:[email protected]> CONFIDENTIALITY NOTICE The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this information, do not review, retransmit, disclose, disseminate, use, or take any action in reliance upon, this information. If you received this transmission in error, please contact the sender, destroy all printed copies, and delete the material from all computers. _______________________________________________ Openvas-discuss mailing list [email protected]<mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Saner Personal A free vulnerability mitigation software. Build strong defense. http://www.secpod.com/saner-personal.html CONFIDENTIALITY NOTICE The information contained in this transmission is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this information, do not review, retransmit, disclose, disseminate, use, or take any action in reliance upon, this information. If you received this transmission in error, please contact the sender, destroy all printed copies, and delete the material from all computers. -- Saner Personal A free vulnerability mitigation software. Build strong defense. http://www.secpod.com/saner-personal.html
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
