try this smbclient //ipaddress/IPC$ -U admin%admin
2016-08-08 23:11 GMT+03:00 Eero Volotinen <eero.voloti...@iki.fi>: > This plugin is used to detect issue: > > http://plugins.openvas.org/nasl.php?oid=804449 > > Looks like it's connecting to IPC$ share. > > -- > Eero > > 2016-08-08 22:01 GMT+03:00 Corti Matteo (ID BD) <co...@ethz.ch>: > >> Dear Eero >> >> I appreciate the help but the question is not how to secure/firewall the >> server. The question is why OpenVAS is telling that is possible to connect >> as admin:admin and I cannot verify the problem. >> >> What is tested? How can I reproduce the problem? I checked the >> configuration and the admin password is *not* admin. >> >> Could it be that the plugin is reporting a false positive? >> >> Matteo >> >> On 08 Aug 2016, at 20:49 , Eero Volotinen <eero.voloti...@iki.fi> wrote: >> >> Well. exposing samba protocol to internet without ipsec is not wise thing >> to do. It might be also problem with NVT. >> >> Eero >> >> 2016-08-08 21:45 GMT+03:00 Corti Matteo (ID BD) <co...@ethz.ch>: >> >>> Hi >>> >>> On 08 Aug 2016, at 16:42 , Eero Volotinen <eero.voloti...@iki.fi> wrote: >>> >>> You are sensoring the input, so it's bit hard to guess the parameters. >>> >>> >>> Just the IP address. If the server is really vulnerable it would be >>> unwise to tell it to the whole world >>> >>> >>> try something like smbclient //ip.address/sharename -U admin%admin or >>> smbclient //ip.address/c$ -U admin%admin >>> >>> >>> $ smbclient //*/climbing -U admin%admin >>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>> tree connect failed: NT_STATUS_ACCESS_DENIED >>> $ smbclient //*/c$ -U admin%admin >>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>> tree connect failed: NT_STATUS_BAD_NETWORK_NAME >>> >>> It is not a problem with the smbclient syntax. I can also try to mount >>> the share with an OS X or Windows machine. >>> >>> Same result. >>> >>> Matteo >>> >>> >>> 2016-08-08 17:22 GMT+03:00 Corti Matteo (ID BD) <co...@ethz.ch>: >>> >>>> Hi >>>> >>>> it is strange but OK according to the man page >>>> >>>> smbclient {servicename} [password] [-b <buffer size>] [-d >>>> debuglevel] [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios >>>> name>] [-m maxprotocol] [-A authfile] [-N] [-C] [-g] >>>> [-l log-basename] [-I destinationIP] [-E] [-c <command string>] >>>> [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s >>>> <smb config file>] [-t <per-operation timeout in seconds>] >>>> [-T<c|x>IXFqgbNan] [-k] >>>> >>>> In any case also supplying the password manually gives the same result >>>> >>>> $ smbclient //*/climbing -U admin >>>> Enter admin's password: >>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>> >>>> Matteo >>>> >>>> >>>> On 08 Aug 2016, at 16:18, Eero Volotinen <eero.voloti...@iki.fi> wrote: >>>> >>>> Your smbclient syntax looks incorrect. Please check out the manpage.. >>>> >>>> Eero >>>> >>>> 8.8.2016 5.14 ip. "Corti Matteo (ID BD)" <co...@ethz.ch> kirjoitti: >>>> >>>>> Hi >>>>> >>>>> a recent scan shows a lot of hosts with >>>>> >>>>> SMB Brute Force Logins With Default Credentials (OID: >>>>> 1.3.6.1.4.1.25623.1.0.804449) >>>>> <https://matteo.ethz.ch:9392/omp?cmd=get_info&info_type=nvt&info_id=1.3.6.1.4.1.25623.1.0.804449&token=8625b2bf-59ca-4554-917f-e9d27a4e09c4> >>>>> >>>>> with the following result >>>>> >>>>> *Vulnerability Detection Result* >>>>> >>>>> It was possible to login with the following credentials via the SMB >>>>> protocol. <User>:<Pass↵ >>>>> word> >>>>> >>>>> admin:admin >>>>> >>>>> >>>>> I am trying to check with smbclient and I don’t succeed >>>>> >>>>> $ smbclient //***.***.***.***/climbing admin -U admin >>>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>>> >>>>> What am I missing? >>>>> >>>>> Regards >>>>> >>>>> Matteo >>>>> >>>>> -- >>>>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>>>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>>>> Tel +41 44 63 27944, http://www.id.ethz.ch >>>>> >>>>> >>>>> _______________________________________________ >>>>> Openvas-discuss mailing list >>>>> Openvas-discuss@wald.intevation.org >>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>>>> penvas-discuss >>>>> >>>> >>>> -- >>>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>>> Tel +41 44 63 27944, http://www.id.ethz.ch >>>> >>>> >>> >>> -- >>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>> Tel +41 44 63 27944, http://www.id.ethz.ch >>> >>> >> >> -- >> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >> Tel +41 44 63 27944, http://www.id.ethz.ch >> >> >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
