So, You need to secure setting to disallow anonymous connections to IPC$ share.
-- Eero 2016-08-09 9:21 GMT+03:00 Corti Matteo (ID BD) <[email protected]>: > Thanks, indeed! > > smbclient //*/IPC$ -U admin%admin > Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] > smb: \> > > > Matteo > > On 08 Aug 2016, at 23:19, Eero Volotinen <[email protected]> wrote: > > try this > > smbclient //ipaddress/IPC$ -U admin%admin > > > > 2016-08-08 23:11 GMT+03:00 Eero Volotinen <[email protected]>: > >> This plugin is used to detect issue: >> >> http://plugins.openvas.org/nasl.php?oid=804449 >> >> Looks like it's connecting to IPC$ share. >> >> -- >> Eero >> >> 2016-08-08 22:01 GMT+03:00 Corti Matteo (ID BD) <[email protected]>: >> >>> Dear Eero >>> >>> I appreciate the help but the question is not how to secure/firewall the >>> server. The question is why OpenVAS is telling that is possible to connect >>> as admin:admin and I cannot verify the problem. >>> >>> What is tested? How can I reproduce the problem? I checked the >>> configuration and the admin password is *not* admin. >>> >>> Could it be that the plugin is reporting a false positive? >>> >>> Matteo >>> >>> On 08 Aug 2016, at 20:49 , Eero Volotinen <[email protected]> wrote: >>> >>> Well. exposing samba protocol to internet without ipsec is not wise >>> thing to do. It might be also problem with NVT. >>> >>> Eero >>> >>> 2016-08-08 21:45 GMT+03:00 Corti Matteo (ID BD) <[email protected]>: >>> >>>> Hi >>>> >>>> On 08 Aug 2016, at 16:42 , Eero Volotinen <[email protected]> >>>> wrote: >>>> >>>> You are sensoring the input, so it's bit hard to guess the parameters. >>>> >>>> >>>> Just the IP address. If the server is really vulnerable it would be >>>> unwise to tell it to the whole world >>>> >>>> >>>> try something like smbclient //ip.address/sharename -U admin%admin or >>>> smbclient //ip.address/c$ -U admin%admin >>>> >>>> >>>> $ smbclient //*/climbing -U admin%admin >>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>> $ smbclient //*/c$ -U admin%admin >>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>> tree connect failed: NT_STATUS_BAD_NETWORK_NAME >>>> >>>> It is not a problem with the smbclient syntax. I can also try to mount >>>> the share with an OS X or Windows machine. >>>> >>>> Same result. >>>> >>>> Matteo >>>> >>>> >>>> 2016-08-08 17:22 GMT+03:00 Corti Matteo (ID BD) <[email protected]>: >>>> >>>>> Hi >>>>> >>>>> it is strange but OK according to the man page >>>>> >>>>> smbclient {servicename} [password] [-b <buffer size>] [-d >>>>> debuglevel] [-e] [-D Directory] [-U username] [-W workgroup] [-M <netbios >>>>> name>] [-m maxprotocol] [-A authfile] [-N] [-C] [-g] >>>>> [-l log-basename] [-I destinationIP] [-E] [-c <command >>>>> string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve >>>>> order>] [-s <smb config file>] [-t <per-operation timeout in seconds>] >>>>> [-T<c|x>IXFqgbNan] [-k] >>>>> >>>>> In any case also supplying the password manually gives the same result >>>>> >>>>> $ smbclient //*/climbing -U admin >>>>> Enter admin's password: >>>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>>> >>>>> Matteo >>>>> >>>>> >>>>> On 08 Aug 2016, at 16:18, Eero Volotinen <[email protected]> >>>>> wrote: >>>>> >>>>> Your smbclient syntax looks incorrect. Please check out the manpage.. >>>>> >>>>> Eero >>>>> >>>>> 8.8.2016 5.14 ip. "Corti Matteo (ID BD)" <[email protected]> kirjoitti: >>>>> >>>>>> Hi >>>>>> >>>>>> a recent scan shows a lot of hosts with >>>>>> >>>>>> SMB Brute Force Logins With Default Credentials (OID: >>>>>> 1.3.6.1.4.1.25623.1.0.804449) >>>>>> <https://matteo.ethz.ch:9392/omp?cmd=get_info&info_type=nvt&info_id=1.3.6.1.4.1.25623.1.0.804449&token=8625b2bf-59ca-4554-917f-e9d27a4e09c4> >>>>>> >>>>>> with the following result >>>>>> >>>>>> *Vulnerability Detection Result* >>>>>> >>>>>> It was possible to login with the following credentials via the SMB >>>>>> protocol. <User>:<Pass↵ >>>>>> word> >>>>>> >>>>>> admin:admin >>>>>> >>>>>> >>>>>> I am trying to check with smbclient and I don’t succeed >>>>>> >>>>>> $ smbclient //***.***.***.***/climbing admin -U admin >>>>>> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >>>>>> tree connect failed: NT_STATUS_ACCESS_DENIED >>>>>> >>>>>> What am I missing? >>>>>> >>>>>> Regards >>>>>> >>>>>> Matteo >>>>>> >>>>>> -- >>>>>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>>>>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>>>>> Tel +41 44 63 27944, http://www.id.ethz.ch >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Openvas-discuss mailing list >>>>>> [email protected] >>>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>>>>> penvas-discuss >>>>>> >>>>> >>>>> -- >>>>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>>>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>>>> Tel +41 44 63 27944, http://www.id.ethz.ch >>>>> >>>>> >>>> >>>> -- >>>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>>> Tel +41 44 63 27944, http://www.id.ethz.ch >>>> >>>> >>> >>> -- >>> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >>> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >>> Tel +41 44 63 27944, http://www.id.ethz.ch >>> >>> >> > > -- > ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste > STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich > Tel +41 44 63 27944, http://www.id.ethz.ch > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
