Re: [Openvas-discuss] Windows Authenticated Scans

2018-02-27 Thread Christian Fischer 
Hi,

On 20.02.2018 19:19, Ali Khalfan wrote:
> Is there anything else that needs to be done?  Shouldn't the scan at
> least scan the registry/drivers/.net framework/browser for any
> vulnerabilities?

all requirements for successful authenticated scans are documented at
[1]. The following NVTs and their log messages might give some
additional hints:

SMB log in
OID: 1.3.6.1.4.1.25623.1.0.10394

SMB Login Failed For Authenticated Checks
OID: 1.3.6.1.4.1.25623.1.0.106091

Check for SMB accessible registry
OID: 1.3.6.1.4.1.25623.1.0.10400


[1]
http://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html#requirements-on-target-systems-with-windows

Regards,

--

Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-12-21 Thread Lukas Grunwald 
It´s community maintained, after the first couple of deleted 
filesystems, the community might respond ;-)


On 20.12.2015 15:35, Rene Behring wrote:

But they get reviewed that something like "rm -rf /" can´t happen right?

Thanks,
René



--
Regards
Lukas Grunwald



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-12-20 Thread Jan-Oliver Wagner 
Am Dienstag, 10. November 2015, 17:27:02 schrieb Rene Behring:
> > Yes, NVTs are reviewed and tested by GreenBone QA. (I know something about
> > NVT develoment as I developed about 2800 lsc nvt plugins for openvas)
> Ah good to know that even the OpenVAS Feed get reviewed.

actually the OpenVAS feed does not receive the same QA as the Greenbone feed.

Of course we try to avoid syntax errors etc.

However, the digital signature for the OpenVAS NVT feed is only about
transfer integrity.


-- 
Dr. Jan-Oliver Wagner |  +49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Eero Volotinen 
Yes, NVTs are reviewed and tested by GreenBone QA. (I know something about
NVT develoment as I developed about 2800 lsc nvt plugins for openvas)


I think main reason for non-admin is that some-one can compromise your
scanner machine and then run all code as admin ..

--
Eero

2015-11-10 19:07 GMT+03:00 Rene Behring :

> >
> > Maybe you should test it.
> >
>
> Yes i will do that.
>
> > Many of checks just read file versions and registry. I think that works
> on normal account too? It's very dangerous to give admin rights to scanner
> ..
>
> Yes thats why we don’t wanna give the scanner that much rights.
> I don´t know very much about NVT development and deployment. Does the NVTs
> from the OpenVAS NVT Feed gets reviewed?
> Greenbone reviews all the NVTs afaik...
>
> Thanks for your fast response,
> René
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Rene Behring 
> 
> Yes, NVTs are reviewed and tested by GreenBone QA. (I know something about 
> NVT develoment as I developed about 2800 lsc nvt plugins for openvas)
> 

Ah good to know that even the OpenVAS Feed get reviewed.

> 
> I think main reason for non-admin is that some-one can compromise your 
> scanner machine and then run all code as admin ..

For one of my study modules i am trying to hack OpenVAS. (just my local VM…) So 
it could be very interesting if i can make it...

Thanks,
René
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Rene Behring 
> 
> Maybe you should test it.
> 

Yes i will do that.

> Many of checks just read file versions and registry. I think that works on 
> normal account too? It's very dangerous to give admin rights to scanner ..

Yes thats why we don’t wanna give the scanner that much rights.
I don´t know very much about NVT development and deployment. Does the NVTs from 
the OpenVAS NVT Feed gets reviewed?
Greenbone reviews all the NVTs afaik...

Thanks for your fast response,
René
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Eero Volotinen 
Well, you can just root exploit scanning os and then just run unsigned nasl
scripts against your targets :)

--
Eero

2015-11-10 19:27 GMT+03:00 Rene Behring :

> >
> > Yes, NVTs are reviewed and tested by GreenBone QA. (I know something
> about NVT develoment as I developed about 2800 lsc nvt plugins for openvas)
> >
>
> Ah good to know that even the OpenVAS Feed get reviewed.
>
> >
> > I think main reason for non-admin is that some-one can compromise your
> scanner machine and then run all code as admin ..
>
> For one of my study modules i am trying to hack OpenVAS. (just my local
> VM…) So it could be very interesting if i can make it...
>
> Thanks,
> René
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Eero Volotinen 
Err. Normal user rights should be enought? I haven't used credentialed scan
 on windows, but I just looked from sources.

At least 99% should work with normal user rights.

--
Eero

2015-11-10 16:32 GMT+02:00 Rene Behring :

> Hello,
>
> i am trying to rollout windows authenticated scans (first on a few
> systems) in our company but don’t have that much windows background
> knowledge.
> But i and the windows admins have some concerns about using an
> administrator to scan the system. Moreover it should be a domain
> administrator.
> Is there a good reason to use an domain administrator account or is a
> local administrator or even a user account with extended rights enough?
> Which exact rights does the user need? Does he just needs to read the
> registry?!
>
> Thanks for your help,
> René
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Eero Volotinen 
Some of checks read files to check version, some registry. So, it should
work user that can read registry.



--
Eero

2015-11-10 16:36 GMT+02:00 Eero Volotinen :

> Err. Normal user rights should be enought? I haven't used credentialed
> scan  on windows, but I just looked from sources.
>
> At least 99% should work with normal user rights.
>
> --
> Eero
>
> 2015-11-10 16:32 GMT+02:00 Rene Behring :
>
>> Hello,
>>
>> i am trying to rollout windows authenticated scans (first on a few
>> systems) in our company but don’t have that much windows background
>> knowledge.
>> But i and the windows admins have some concerns about using an
>> administrator to scan the system. Moreover it should be a domain
>> administrator.
>> Is there a good reason to use an domain administrator account or is a
>> local administrator or even a user account with extended rights enough?
>> Which exact rights does the user need? Does he just needs to read the
>> registry?!
>>
>> Thanks for your help,
>> René
>> ___
>> Openvas-discuss mailing list
>> Openvas-discuss@wald.intevation.org
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>
>
>
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] windows authenticated scans

2015-11-10 Thread Rene Behring 
> 
> Err. Normal user rights should be enought? I haven't used credentialed scan  
> on windows, but I just looked from sources.
> 


At least 99% should work with normal user rights.Ah well, thats surprising 
because all the documentation insist on using an administrator for 
authenticated scans.

> 
> Some of checks read files to check version, some registry. So, it should work 
> user that can read registry.
> 

Yes we thought so too!

Thanks,
René

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss