Re: [Openvas-discuss] Windows Authenticated Scans
Hi, On 20.02.2018 19:19, Ali Khalfan wrote: > Is there anything else that needs to be done? Shouldn't the scan at > least scan the registry/drivers/.net framework/browser for any > vulnerabilities? all requirements for successful authenticated scans are documented at [1]. The following NVTs and their log messages might give some additional hints: SMB log in OID: 1.3.6.1.4.1.25623.1.0.10394 SMB Login Failed For Authenticated Checks OID: 1.3.6.1.4.1.25623.1.0.106091 Check for SMB accessible registry OID: 1.3.6.1.4.1.25623.1.0.10400 [1] http://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html#requirements-on-target-systems-with-windows Regards, -- Christian Fischer | PGP Key: 0x54F3CE5B76C597AD Greenbone Networks GmbH | http://greenbone.net Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
It´s community maintained, after the first couple of deleted filesystems, the community might respond ;-) On 20.12.2015 15:35, Rene Behring wrote: But they get reviewed that something like "rm -rf /" can´t happen right? Thanks, René -- Regards Lukas Grunwald ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
Am Dienstag, 10. November 2015, 17:27:02 schrieb Rene Behring: > > Yes, NVTs are reviewed and tested by GreenBone QA. (I know something about > > NVT develoment as I developed about 2800 lsc nvt plugins for openvas) > Ah good to know that even the OpenVAS Feed get reviewed. actually the OpenVAS feed does not receive the same QA as the Greenbone feed. Of course we try to avoid syntax errors etc. However, the digital signature for the OpenVAS NVT feed is only about transfer integrity. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
Yes, NVTs are reviewed and tested by GreenBone QA. (I know something about NVT develoment as I developed about 2800 lsc nvt plugins for openvas) I think main reason for non-admin is that some-one can compromise your scanner machine and then run all code as admin .. -- Eero 2015-11-10 19:07 GMT+03:00 Rene Behring: > > > > Maybe you should test it. > > > > Yes i will do that. > > > Many of checks just read file versions and registry. I think that works > on normal account too? It's very dangerous to give admin rights to scanner > .. > > Yes thats why we don’t wanna give the scanner that much rights. > I don´t know very much about NVT development and deployment. Does the NVTs > from the OpenVAS NVT Feed gets reviewed? > Greenbone reviews all the NVTs afaik... > > Thanks for your fast response, > René ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
> > Yes, NVTs are reviewed and tested by GreenBone QA. (I know something about > NVT develoment as I developed about 2800 lsc nvt plugins for openvas) > Ah good to know that even the OpenVAS Feed get reviewed. > > I think main reason for non-admin is that some-one can compromise your > scanner machine and then run all code as admin .. For one of my study modules i am trying to hack OpenVAS. (just my local VM…) So it could be very interesting if i can make it... Thanks, René ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
> > Maybe you should test it. > Yes i will do that. > Many of checks just read file versions and registry. I think that works on > normal account too? It's very dangerous to give admin rights to scanner .. Yes thats why we don’t wanna give the scanner that much rights. I don´t know very much about NVT development and deployment. Does the NVTs from the OpenVAS NVT Feed gets reviewed? Greenbone reviews all the NVTs afaik... Thanks for your fast response, René ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
Well, you can just root exploit scanning os and then just run unsigned nasl scripts against your targets :) -- Eero 2015-11-10 19:27 GMT+03:00 Rene Behring: > > > > Yes, NVTs are reviewed and tested by GreenBone QA. (I know something > about NVT develoment as I developed about 2800 lsc nvt plugins for openvas) > > > > Ah good to know that even the OpenVAS Feed get reviewed. > > > > > I think main reason for non-admin is that some-one can compromise your > scanner machine and then run all code as admin .. > > For one of my study modules i am trying to hack OpenVAS. (just my local > VM…) So it could be very interesting if i can make it... > > Thanks, > René > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
Err. Normal user rights should be enought? I haven't used credentialed scan on windows, but I just looked from sources. At least 99% should work with normal user rights. -- Eero 2015-11-10 16:32 GMT+02:00 Rene Behring: > Hello, > > i am trying to rollout windows authenticated scans (first on a few > systems) in our company but don’t have that much windows background > knowledge. > But i and the windows admins have some concerns about using an > administrator to scan the system. Moreover it should be a domain > administrator. > Is there a good reason to use an domain administrator account or is a > local administrator or even a user account with extended rights enough? > Which exact rights does the user need? Does he just needs to read the > registry?! > > Thanks for your help, > René > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
Some of checks read files to check version, some registry. So, it should work user that can read registry. -- Eero 2015-11-10 16:36 GMT+02:00 Eero Volotinen: > Err. Normal user rights should be enought? I haven't used credentialed > scan on windows, but I just looked from sources. > > At least 99% should work with normal user rights. > > -- > Eero > > 2015-11-10 16:32 GMT+02:00 Rene Behring : > >> Hello, >> >> i am trying to rollout windows authenticated scans (first on a few >> systems) in our company but don’t have that much windows background >> knowledge. >> But i and the windows admins have some concerns about using an >> administrator to scan the system. Moreover it should be a domain >> administrator. >> Is there a good reason to use an domain administrator account or is a >> local administrator or even a user account with extended rights enough? >> Which exact rights does the user need? Does he just needs to read the >> registry?! >> >> Thanks for your help, >> René >> ___ >> Openvas-discuss mailing list >> Openvas-discuss@wald.intevation.org >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] windows authenticated scans
> > Err. Normal user rights should be enought? I haven't used credentialed scan > on windows, but I just looked from sources. > At least 99% should work with normal user rights.Ah well, thats surprising because all the documentation insist on using an administrator for authenticated scans. > > Some of checks read files to check version, some registry. So, it should work > user that can read registry. > Yes we thought so too! Thanks, René ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss