Thanks, indeed! smbclient //*/IPC$ -U admin%admin Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] smb: \>
Matteo > On 08 Aug 2016, at 23:19, Eero Volotinen <[email protected]> wrote: > > try this > > smbclient //ipaddress/IPC$ -U admin%admin > > > > 2016-08-08 23:11 GMT+03:00 Eero Volotinen <[email protected] > <mailto:[email protected]>>: > This plugin is used to detect issue: > > http://plugins.openvas.org/nasl.php?oid=804449 > <http://plugins.openvas.org/nasl.php?oid=804449> > > Looks like it's connecting to IPC$ share. > > -- > Eero > > 2016-08-08 22:01 GMT+03:00 Corti Matteo (ID BD) <[email protected] > <mailto:[email protected]>>: > Dear Eero > > I appreciate the help but the question is not how to secure/firewall the > server. The question is why OpenVAS is telling that is possible to connect as > admin:admin and I cannot verify the problem. > > What is tested? How can I reproduce the problem? I checked the configuration > and the admin password is *not* admin. > > Could it be that the plugin is reporting a false positive? > > Matteo > >> On 08 Aug 2016, at 20:49 , Eero Volotinen <[email protected] >> <mailto:[email protected]>> wrote: >> >> Well. exposing samba protocol to internet without ipsec is not wise thing to >> do. It might be also problem with NVT. >> >> Eero >> >> 2016-08-08 21:45 GMT+03:00 Corti Matteo (ID BD) <[email protected] >> <mailto:[email protected]>>: >> Hi >> >>> On 08 Aug 2016, at 16:42 , Eero Volotinen <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> You are sensoring the input, so it's bit hard to guess the parameters. >> >> Just the IP address. If the server is really vulnerable it would be unwise >> to tell it to the whole world >>> >>> try something like smbclient //ip.address/sharename -U admin%admin or >>> smbclient //ip.address/c$ -U admin%admin >> >> $ smbclient //*/climbing -U admin%admin >> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >> tree connect failed: NT_STATUS_ACCESS_DENIED >> $ smbclient //*/c$ -U admin%admin >> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >> tree connect failed: NT_STATUS_BAD_NETWORK_NAME >> >> It is not a problem with the smbclient syntax. I can also try to mount the >> share with an OS X or Windows machine. >> >> Same result. >> >> Matteo >> >>> >>> 2016-08-08 17:22 GMT+03:00 Corti Matteo (ID BD) <[email protected] >>> <mailto:[email protected]>>: >>> Hi >>> >>> it is strange but OK according to the man page >>> >>> smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] >>> [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m >>> maxprotocol] [-A authfile] [-N] [-C] [-g] >>> [-l log-basename] [-I destinationIP] [-E] [-c <command string>] [-i >>> scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb >>> config file>] [-t <per-operation timeout in seconds>] >>> [-T<c|x>IXFqgbNan] [-k] >>> >>> In any case also supplying the password manually gives the same result >>> >>> $ smbclient //*/climbing -U admin >>> Enter admin's password: >>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>> tree connect failed: NT_STATUS_ACCESS_DENIED >>> >>> Matteo >>> >>> >>>> On 08 Aug 2016, at 16:18, Eero Volotinen <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Your smbclient syntax looks incorrect. Please check out the manpage.. >>>> >>>> Eero >>>> >>>> >>>> 8.8.2016 5.14 ip. "Corti Matteo (ID BD)" <[email protected] >>>> <mailto:[email protected]>> kirjoitti: >>>> Hi >>>> >>>> a recent scan shows a lot of hosts with >>>> >>>> SMB Brute Force Logins With Default Credentials (OID: >>>> 1.3.6.1.4.1.25623.1.0.804449) >>>> <https://matteo.ethz.ch:9392/omp?cmd=get_info&info_type=nvt&info_id=1.3.6.1.4.1.25623.1.0.804449&token=8625b2bf-59ca-4554-917f-e9d27a4e09c4> >>>> >>>> with the following result >>>> >>>> Vulnerability Detection Result >>>> It was possible to login with the following credentials via the SMB >>>> protocol. <User>:<Pass↵ >>>> word> >>>> >>>> admin:admin >>>> >>>> I am trying to check with smbclient and I don’t succeed >>>> >>>> $ smbclient //***.***.***.***/climbing admin -U admin >>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>> >>>> What am I missing? >>>> >>>> Regards >>>> >>>> Matteo >>>> >>>> -- >>>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>>> Tel +41 44 63 27944, http://www.id.ethz.ch <http://www.id.ethz.ch/> >>>> >>>> _______________________________________________ >>>> Openvas-discuss mailing list >>>> [email protected] >>>> <mailto:[email protected]> >>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>>> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> >>> >>> -- >>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>> Tel +41 44 63 27944, http://www.id.ethz.ch <http://www.id.ethz.ch/> >>> >> >> >> -- >> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >> Tel +41 44 63 27944, http://www.id.ethz.ch <http://www.id.ethz.ch/> >> > > -- > ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste > STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich > Tel +41 44 63 27944, http://www.id.ethz.ch <http://www.id.ethz.ch/> > > -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
