Discussion:
Missing SMB/transport
Muad Dib
2006-01-23 15:10:10 UTC
Permalink
Hi all,
I'm trying to have my nessus check hotfixes on some
win32 boxes.
I'm using auto_dependancies and all plugins
To do that, it requires several keys. What is strange
is that it fails to set the SMB/transport key altough
ports 139,445 are up and running. It seems that
cifs445.nasl is the issuer but i wonder why, i did not
see any error in this plugin.
I'm using nessus from console so I have deleted all
.nessusrc settings to verify : same result.
I wonder if there are special configuration settings
on win boxes i should have missed.
I tested on 2 boxes, xp sp1 & sp2.











___________________________________________________________________________
Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international.
Téléchargez sur http://fr.messenger.yahoo.com
Muad Dib
2006-01-24 21:31:10 UTC
Permalink
I add some information to my issue. Don't know if it helps

Here is my "at_this_time" .nessusrc file (changed many times)
(kb below)


# This file was automagically created by nessus
trusted_ca = /usr/com/nessus/CA/cacert.pem
nessusd_host = 127.0.0.1
nessusd_user = nessus
paranoia_level = 2
ssl_version = sslv3
begin(SCANNER_SET)
10180 = yes
10335 = yes
10796 = yes
11219 = yes
11840 = yes
14259 = yes
14272 = yes
14274 = yes
end(SCANNER_SET)

begin(SERVER_PREFS)
max_hosts = 20
max_checks = 4
log_whole_attack = yes
cgi_path = /cgi-bin:/scripts
port_range = default
optimize_test = yes
language = english
checks_read_timeout = 15
non_simult_ports = 139, 445
plugins_timeout = 60
safe_checks = no
auto_enable_dependencies = yes
silent_dependencies = yes
use_mac_addr = no
save_knowledge_base = yes
kb_restore = no
only_test_hosts_whose_kb_we_dont_have = no
only_test_hosts_whose_kb_we_have = no
kb_dont_replay_scanners = no
kb_dont_replay_info_gathering = no
kb_dont_replay_attacks = no
kb_dont_replay_denials = no
kb_max_age = 864000
plugin_upload = no
plugin_upload_suffixes = .nasl, .inc
slice_network_addresses = no
ssl_version = sslv3
email = root
per_user_base = /var/lib/nessus/users
delay_between_tests = 1
test_file = /etc/passwd
ping_hosts = yes
reverse_lookup = no
host_expansion = dns;ip
subnet_class = C
scan_level = normal
outside_firewall = no
track_iothreads = yes
cookie_logpipe_suptmo = 2
non_simul_ports = 139, 445
end(SERVER_PREFS)

begin(PLUGINS_PREFS)
Unknown CGIs arguments torture[checkbox]:Send POST requests = no
SNMP settings[entry]:Community name : = public
SNMP settings[entry]:UDP port : = 161
Login configurations[entry]:FTP account : = anonymous
Login configurations[password]:FTP password (sent in clear) : =
***@nessus.org
Login configurations[entry]:FTP writeable directory : = /incoming
Login configurations[entry]:SMB account : = ******
Login configurations[password]:SMB password : = ******
Login configurations[checkbox]:Never send SMB credentials in clear text
= yes
Login configurations[checkbox]:Only use NTLMv2 = no
HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET = no
HTTP NIDS evasion[radio]:URL encoding = none
HTTP NIDS evasion[radio]:Absolute URI type = none
HTTP NIDS evasion[radio]:Absolute URI host = none
HTTP NIDS evasion[checkbox]:Double slashes = no
HTTP NIDS evasion[radio]:Reverse traversal = none
HTTP NIDS evasion[checkbox]:Self-reference directories = no
HTTP NIDS evasion[checkbox]:Premature request ending = no
HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator = no
HTTP NIDS evasion[checkbox]:Parameter hiding = no
HTTP NIDS evasion[checkbox]:Dos/Windows syntax = no
HTTP NIDS evasion[checkbox]:Null method = no
HTTP NIDS evasion[checkbox]:TAB separator = no
HTTP NIDS evasion[checkbox]:HTTP/0.9 requests = no
HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) = no
HTTP login page[entry]:Login page : = /
HTTP login page[entry]:Login form fields : = user=%USER%&pass=%PASS%
SMB Scope[checkbox]:Request information about the domain = yes
Web mirroring[entry]:Number of pages to mirror : = 200
Web mirroring[entry]:Start page : = /
SMB use domain SID to enumerate users[entry]:Start UID : = 1000
SMB use domain SID to enumerate users[entry]:End UID : = 1200
Kerberos configuration[entry]:Kerberos KDC Port : = 88
Kerberos configuration[radio]:Kerberos KDC Transport : = udp
NIDS evasion[radio]:TCP evasion technique = none
NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection
= no
SMB use host SID to enumerate local users[entry]:Start UID : = 1000
SMB use host SID to enumerate local users[entry]:End UID : = 1200
SSH settings[entry]:SSH user name : = root
Ping the remote host[entry]:TCP ping destination port(s) : = built-in
Ping the remote host[checkbox]:Do a TCP ping = no
Ping the remote host[checkbox]:Do an ICMP ping = no
Ping the remote host[entry]:Number of retries (ICMP) : = 6
Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) = no
Ping the remote host[checkbox]:Make the dead hosts appear in the report
= no
Ping the remote host[checkbox]:Log live hosts in the report = no
SMTP settings[entry]:Third party domain : = example.com
SMTP settings[entry]:From address : = ***@example.com
SMTP settings[entry]:To address : = postmaster@[AUTO_REPLACED_IP]
Misc information on News server[entry]:From address : = Nessus
<***@listme.dsbl.org>
Misc information on News server[entry]:Test group name regex : =
f[a-z]\.tests?
Misc information on News server[entry]:Max crosspost : = 7
Misc information on News server[checkbox]:Local distribution = yes
Misc information on News server[checkbox]:No archive = no
Nmap (NASL wrapper)[radio]:TCP scanning technique : = SYN scan
Nmap (NASL wrapper)[checkbox]:UDP port scan = no
Nmap (NASL wrapper)[checkbox]:Service scan = no
Nmap (NASL wrapper)[checkbox]:RPC port scan = no
Nmap (NASL wrapper)[checkbox]:Identify the remote OS = no
Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote
OS = no
Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) = no
Nmap (NASL wrapper)[checkbox]:Get Identd info = no
Nmap (NASL wrapper)[checkbox]:Do not randomize the order in which
ports are scanned = no
Nmap (NASL wrapper)[radio]:Timing policy : = Auto (nessus specific!)
Nmap (NASL wrapper)[checkbox]:Do not scan targets not in the file = no
Nmap (NASL wrapper)[checkbox]:Run dangerous port scans even if safe
checks are set = yes
Global variable settings[checkbox]:Enable CGI scanning = yes
Global variable settings[radio]:Network type = Mixed (use RFC 1918)
Global variable settings[checkbox]:Enable experimental scripts = yes
Global variable settings[checkbox]:Thorough tests (slow) = no
Global variable settings[radio]:Report verbosity = Normal
Global variable settings[radio]:Report paranoia = Normal
Global variable settings[radio]:Log verbosity = Normal
Global variable settings[entry]:Debug level = 0
Services[entry]:Number of connections done in parallel : = 6
Services[entry]:Network connection timeout : = 5
Services[entry]:Network read/write timeout : = 5
Services[entry]:Wrapped service read timeout : = 2
Services[radio]:Test SSL based services = Known SSL ports
Nmap (NASL wrapper)[entry]:Host Timeout (ms) : = 200
ftp writeable directories[radio]:How to check if directories are
writeable : = Trust the permis
sions (drwxrwx---)
Login configurations[entry]:SMB domain (optional) : = ******
Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : =
Kerberos configuration[entry]:Kerberos Realm (SSH only) : =
Nmap (NASL wrapper)[entry]:Source port : =
Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) : =
Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) : =
Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) =
Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) =
Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) =
Nmap (NASL wrapper)[file]:File containing grepable results : =
Nmap (NASL wrapper)[entry]:Data length : =
Services[file]:SSL certificate : =
Services[file]:SSL private key : =
Services[password]:PEM password : =
Services[file]:CA file : =
HTTP NIDS evasion[entry]:HTTP User-Agent =
HTTP NIDS evasion[entry]:Force protocol string : =
SSH settings[password]:SSH password (unsafe!) : =
SSH settings[file]:SSH public key to use : =
SSH settings[file]:SSH private key to use : =
SSH settings[password]:Passphrase for SSH key : =
Login configurations[entry]:HTTP account : =
Login configurations[password]:HTTP password (sent in clear) : =
Login configurations[entry]:NNTP account : =
Login configurations[password]:NNTP password (sent in clear) : =
Login configurations[entry]:POP2 account : =
Login configurations[password]:POP2 password (sent in clear) : =
Login configurations[entry]:POP3 account : =
Login configurations[password]:POP3 password (sent in clear) : =
Login configurations[entry]:IMAP account : =
Login configurations[password]:IMAP password (sent in clear) : =
Login configurations[entry]:Additional SMB account (1) : =
Login configurations[password]:Additional SMB password (1) : =
Login configurations[entry]:Additional SMB domain (optional) (1) : =
Login configurations[entry]:Additional SMB account (2) : =
Login configurations[password]:Additional SMB password (2) : =
Login configurations[entry]:Additional SMB domain (optional) (2) : =
Login configurations[entry]:Additional SMB account (3) : =
Login configurations[password]:Additional SMB password (3) : =
Login configurations[entry]:Additional SMB domain (optional) (3) : =
HTTP login page[entry]:Login form : =
end(PLUGINS_PREFS)

begin(SERVER_INFO)
server_info_nessusd_version = 2.2.6
server_info_libnasl_version = 2.2.6
server_info_libnessus_version = 2.2.6
server_info_thread_manager = fork
server_info_os = Linux
server_info_os_version = 2.6.14-2-686
end(SERVER_INFO)

begin(RULES)
end(RULES)

begin(PLUGIN_SET)
10001 = yes
.....



Here is the kb


1138133194 3 Launched/14273=1
1138133194 3 Launched/10796=1
1138133194 3 Launched/11840=1
1138133201 3 Launched/10180=1
1138133201 3 Launched/19762=1
1138133201 3 Launched/14259=1
1138133203 3 Launched/14274=1
1138133203 3 Launched/11219=1
1138133203 3 Launched/14272=1
1138133239 3 Host/scanners/synscan=1
1138133239 3 Launched/10335=1
1138133294 3 Ports/tcp/139=1
1138133294 3 TCPScanner/CnxTime1000/139=8024
1138133294 3 TCPScanner/CnxTime/139=8
1138133294 3 Ports/tcp/445=1
1138133294 3 TCPScanner/CnxTime1000/445=8421
1138133294 3 TCPScanner/CnxTime/445=8
1138133325 3 TCPScanner/OpenPortsNb=2
1138133325 3 TCPScanner/FilteredPortsNb=161
1138133325 3 Host/scanned=1
1138133325 3 Host/scanners/nessus_tcp_scanner=1
1138133325 3 Launched/10870=1
1138133325 3 Launched/11038=1
1138133325 3 Launched/12288=1
1138133325 3 Launched/10890=1
1138133325 3 Launched/12241=1
1138133325 1 SMTP/headers/From=***@example.com
1138133325 1 SMTP/headers/To=postmaster@[192.168.0.76]
1138133325 3 Launched/10308=1
1138133325 1 ftp/writeable_dir=/incoming
1138133325 1 ftp/login=anonymous
1138133325 1 ftp/password=***@nessus.org
1138133325 3 SMB/dont_send_in_cleartext=1
1138133325 1 SMB/login_filled/0=******
1138133325 1 SMB/password_filled/0=******
1138133325 1 SMB/domain_filled/0=******
1138133325 3 Launched/17351=1
1138133325 1 /Settings/Whisker/NIDS=X
1138133325 3 Launched/10917=1
1138133325 1 global_settings/experimental_scripts=yes
1138133325 1 global_settings/thorough_tests=no
1138133325 1 global_settings/report_verbosity=Normal
1138133325 1 global_settings/log_verbosity=Normal
1138133325 1 global_settings/report_paranoia=Normal
1138133325 1 global_settings/network_type=Mixed (use RFC 1918)
1138133325 3 Launched/10889=1
1138133325 3 SMB/test_domain=1
1138133325 3 Launched/11933=1
1138133325 3 Launched/10330=1
1138133325 3 Launched/10223=1
1138133325 3 Launched/10714=1
1138133325 3 Launched/10800=1
1138133325 3 Launched/11292=1
1138133325 3 Launched/10884=1
1138133325 1 SSL/password=
1138133325 3 Launched/12218=1
1138133330 3 Launched/12634=1
1138133330 3 Launched/13571=1
1138133330 3 Launched/12676=1
1138133330 3 Launched/14764=1
1138133330 3 Launched/18800=1
1138133330 3 Launched/16534=1
1138133330 3 Launched/15588=1
1138133333 3 Launched/11011=1
1138133333 3 Launched/10757=1
1138133333 3 Launched/17975=1
1138133340 3 Launched/15700=1
1138133340 3 Launched/13023=1
1138133340 3 Launched/12959=1
1138133340 3 Launched/20403=1
1138133340 3 Launched/19813=1
1138133340 3 Launched/16590=1
1138133340 3 Launched/16925=1
1138133340 3 Launched/20269=1
1138133340 3 Launched/20684=1
1138133340 3 Launched/15234=1
1138133340 3 Launched/16218=1
1138133340 3 Launched/14735=1
1138133340 3 Launched/13086=1
1138133340 3 Launched/19712=1
1138133340 3 Launched/18625=1
1138133340 3 Launched/16697=1
1138133340 3 Launched/14773=1
1138133340 3 Launched/14772=1
1138133340 3 Launched/10582=1
1138133340 3 Launched/11149=1
1138133340 3 Launched/11689=1
1138133340 3 Launched/19559=1
1138133340 3 Launched/18219=1
1138133340 3 Launched/17244=1
1138133340 3 Launched/15614=1
1138133355 3 Launched/15615=1
1138133355 3 Launched/17200=1
1138133355 3 Launched/10135=1
1138133355 3 Launched/18533=1
1138133355 3 Launched/18178=1
1138133355 3 Launched/18177=1
1138133363 3 Launched/14644=1
1138133370 3 Launched/18100=1
1138133370 3 Launched/18141=1
1138133370 3 Launched/10746=1
1138133370 3 Launched/11111=1
1138133370 3 Launched/10736=1
1138133370 3 Launched/11153=1
1138133370 3 Launched/12534=1
1138133370 3 Launched/20077=1
1138133370 3 Launched/16934=1
1138133370 3 Launched/13556=1
1138133370 3 Launched/18748=1
1138133370 3 Launched/12432=1
1138133370 3 Launched/12527=1
1138133370 3 Launched/17568=1
1138133370 3 Launched/12443=1
1138133370 3 Launched/18802=1
1138133370 3 Launched/16748=1
1138133370 3 Launched/12924=1
1138133370 3 Launched/13435=1
1138133370 3 Launched/17264=1
1138133370 3 Launched/17181=1
1138133370 3 Launched/16785=1
1138133370 3 Launched/20539=1
1138133370 3 Launched/19465=1
1138133370 3 Launched/16613=1
1138133370 3 Launched/15800=1
1138133370 3 Launched/19286=1
1138133370 3 Launched/14043=1
1138133370 3 Launched/19097=1
1138133370 3 Launched/16819=1
1138133370 3 Launched/16645=1
1138133370 3 Launched/19929=1
1138133370 3 Launched/12467=1
1138133370 3 Launched/17407=1
1138133370 3 Launched/16569=1
1138133370 3 Launched/20721=1
1138133370 3 Launched/18791=1
1138133370 3 Launched/19133=1
1138133370 3 Launched/13893=1
1138133370 3 Launched/10150=1
1138133370 3 Launched/12266=1
1138133370 3 SMB/NetBIOS/137=1
1138133370 1 SMB/mac_addr=00:a0:44:55:66:77
1138133370 1 SentData/10150/NOTE=\nSynopsis :\n\nIt is possible to
obtain the network name of th
e remote host.\n\nDescription :\n\nThe remote host listens on udp port
137 and replies to NetBIO
S\nnbtscan requests.\nBy sending a wildcard request it is possible to
obtain the name of\nthe re
mote system and the name of its domain.\n\nRisk factor
:\n\nNone\n\nPlugin output :\n\nThe follo
wing 6 NetBIOS names have been gathered :\n\n ****** =
Computer name\n ******
= Workgroup / Domain name\n ****** = File Server Service\n
****** = Browse
r Service Elections\n ****** = Master Browser\n __MSBROWSE__
= Master Browser\n\nT
he remote host has the following MAC address on its adapter :\n
00:a0:c9:45:0a:9c
1138133370 3 Success/10150=1
1138133370 1 SMB/name=******
1138133370 3 SMB/netbios_name=1
1138133370 1 SMB/workgroup=******
1138133370 3 Launched/10785=1
1138133385 3 Launched/19067=1
.....
Post by Muad Dib
Hi all,
I'm trying to have my nessus check hotfixes on some
win32 boxes.
I'm using auto_dependancies and all plugins
To do that, it requires several keys. What is strange
is that it fails to set the SMB/transport key altough
ports 139,445 are up and running. It seems that
cifs445.nasl is the issuer but i wonder why, i did not
see any error in this plugin.
I'm using nessus from console so I have deleted all
.nessusrc settings to verify : same result.
I wonder if there are special configuration settings
on win boxes i should have missed.
I tested on 2 boxes, xp sp1 & sp2.
___________________________________________________________________________
Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international.
Téléchargez sur http://fr.messenger.yahoo.com
_______________________________________________
Nessus mailing list
http://mail.nessus.org/mailman/listinfo/nessus
Loading...