imanilsaini at gmail
Nov 14, 2007, 9:24 PM
Post #1 of 1
(122 views)
Permalink
|
|
Re: Nessus Digest, Vol 49, Issue 8
|
|
hi i am network administrator in my organization . I want to use
nessus NASL script for finding out network shares in my local area
network . But the problem is that nessus script for smb share is
dependent for other nessus scripts like
netbious-name_get.nasl
smb_login.nasl
cifs445.nasl
smbnativlanman.nasl
logins.nasl
find_service.nasl
all these nessus plugins are inter-independent
can somebody help to find out the way so that i can scan scan open
share with NASL .
THANK U.
On Nov 14, 2007 10:30 PM, <nessus-request[at]list.nessus.org> wrote:
> Send Nessus mailing list submissions to
> nessus[at]list.nessus.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mail.nessus.org/mailman/listinfo/nessus
> or, via email, send a message with subject or body 'help' to
> nessus-request[at]list.nessus.org
>
> You can reach the person managing the list at
> nessus-owner[at]list.nessus.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nessus digest..."
>
>
> Today's Topics:
>
> 1. Vista and MS06-035, MS06-040 (Doty, Timothy T.)
> 2. Re: Vista and MS06-035, MS06-040 (Renaud Deraison)
> 3. Re: Nikto on Nessus 3 Client? (Ramos, Jaime J.)
> 4. LDAP allows anonymous binds (PJ Bender)
> 5. Re: Nikto on Nessus 3 Client? (George A. Theall)
> 6. Re: LDAP allows anonymous binds (George A. Theall)
> 7. implications/feasibility of running nessus with higher
> privilege levels (SantoshKumar_Mishra)
> 8. Re: implications/feasibility of running nessus with higher
> privilege levels (Doug Nordwall)
> 9. Plugin 26919 (Nelson, C.M.)
> 10. Re: LDAP allows anonymous binds (Mike.Vasquez[at]cityofmesa.org)
> 11. Re: Plugin 26919 (Ron Gula)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 13 Nov 2007 11:49:36 -0600
> From: "Doty, Timothy T." <tdoty[at]umr.edu>
> Subject: Vista and MS06-035, MS06-040
> To: <Nessus[at]list.nessus.org>
> Message-ID:
> <400F112177526C4589D2971B414956675DD4[at]MST-VMAIL3.srv.mst.edu>
> Content-Type: text/plain; charset="us-ascii"
>
> I have at least one system on our network that is reported as being
> vulnerable to MS06-035 and MS06-040. However, the computer is supposedly
> running Vista which is not listed as being affected. All I've managed to
> find with Google is an indication that Vista beta 2 build 5381 didn't crash
> so that Vista may be unaffected.
>
> Is there any more information?
>
> Tim Doty
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/x-pkcs7-signature
> Size: 7362 bytes
> Desc: not available
> Url : http://mail.nessus.org/pipermail/nessus/attachments/20071113/2eade36a/attachment-0001.bin
>
> ------------------------------
>
> Message: 2
> Date: Tue, 13 Nov 2007 18:53:58 +0100
> From: Renaud Deraison <deraison[at]nessus.org>
> Subject: Re: Vista and MS06-035, MS06-040
> To: Nessus List <Nessus[at]list.nessus.org>
> Message-ID: <4517BC4A-9C02-4E9F-B29A-06C9683E27E4[at]nessus.org>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
>
> Hi Tim,
>
> On Nov 13, 2007, at 6:49 PM, Doty, Timothy T. wrote:
>
> > I have at least one system on our network that is reported as being
> > vulnerable to MS06-035 and MS06-040. However, the computer is
> > supposedly
> > running Vista which is not listed as being affected. All I've
> > managed to
> > find with Google is an indication that Vista beta 2 build 5381
> > didn't crash
> > so that Vista may be unaffected.
> >
> > Is there any more information?
>
> The plugins should not have fired, since the remote host is running
> Vista. Could you send us the kb of the tested host ?
>
>
> -- Renaud
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 13 Nov 2007 11:06:51 -0800
> From: "Ramos, Jaime J." <jjramos[at]pelco.com>
> Subject: Re: Nikto on Nessus 3 Client?
> To: <theall[at]tenablesecurity.com>
> Cc: nessus[at]list.nessus.org
> Message-ID:
> <609E6C541B96344484A45ED7B6275D7A0384322E[at]CA-EVS02.pelco.org>
> Content-Type: text/plain; charset="us-ascii"
>
> There is no option as you described under the "Advanced" tab. The only
> option I see under "Advanced" regarding Nikto is:
>
> 1. Under the top drop-down box
>
> 2. Select HTTP NIDS evasion
>
> 3. At the bottom of window there is "Random case sensitivity (Nikto
> only)
>
>
>
> Nessus Client v3.0.0 (build 2G161_Q)
>
>
>
> I described my setup incorrectly; I corrected it below...
>
>
>
> **************************
>
>
>
> I'm having problems obtaining a Nikto Report from the NessusClient
> v3.0.0 (GUI)
>
> .... Here's the setup: Scanning an XP SP2 machine w/ IIS.
>
> Nessus 3.0.6 Build 283 for Linux on my CentOS 4.4 machine with Nikto
> integration.
>
> NessusClient v3.0.0 on the CentOS and XP SP2 machines
>
> Nessus Console v.1.4.5 on a Win XP SP2 machine.
>
>
>
> I can run a scan from the XP SP2 machine using the Nessus Console 1.4.5
> and the report will show the "Nikto Report" just fine but I do not get
> anything that even looks like a Nikto report when scanning from the
> CentOS or XP machine using the NessusClient v3.0.0
>
>
>
> NessusClient v3.0.0
>
> Using the Default policy I enabled all plugins, (seen Nikto there and
> checked), CGI scanning, thorough and experimental scanning.
>
>
>
> If you need any additional information let me know...
>
>
>
> ****Your reply was...Under the "Advanced" tab, select the "Nikto (NASL
> wrapper)" pull-down and make sure "Enable Nikto" is checked.
>
>
>
> George
>
> --
>
> theall[at]tenablesecurity.com
>
>
>
>
>
> Jaime Ramos
>
> Engineering
>
> OEM-NST
>
> 559-292-1981
>
> ex: 6215
>
>
>
>
>
> Confidentiality Notice:
> The information contained in this transmission is legally
> privileged and confidential, intended only for the use of the
> individual(s) or entities named above. This email and any files
> transmitted with it are the property of Pelco. If the reader of
> this message is not the intended recipient, or an employee or agent
> responsible for delivering this message to the intended recipient,
> you are hereby notified that any review, disclosure, copying,
> distribution, retention, or any action taken or omitted to be taken
> in reliance on it is prohibited and may be unlawful. If you receive
> this communication in error, please notify us immediately by
> telephone call to +1-559-292-1981 or forward the e-mail to
> administrator[at]pelco.com and then permanently delete the e-mail and
> destroy all soft and hard copies of the message and any
> attachments. Thank you for your cooperation.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mail.nessus.org/pipermail/nessus/attachments/20071113/6658b43c/attachment-0001.html
>
> ------------------------------
>
> Message: 4
> Date: Tue, 13 Nov 2007 09:30:15 -0800
> From: "PJ Bender" <PBender[at]bannerbank.com>
> Subject: LDAP allows anonymous binds
> To: <nessus[at]list.nessus.org>
> Message-ID:
> <FB0DACE37FB9FB4C8EDD7FAEAA8B28CA0D48C5[at]SVEXC000010.corp.bannerbank.com>
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
> When Nessus was run against our two Domain Controllers, we received the following report:
> Synopsis: It is possible to disclose LDAP information.
>
> Description: Improperly configured LDAP servers will allow any user to connect to
> the server and query it for information.
>
> Solution: Disable NULL BIND on your LDAP server
>
> Risk Factor : Medium / CVSS Base Score : 5.0
> (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
> CVE : CVE-1999-0385
> BID : 503
> Now when we look for a method to disable the null bind on out LDAP server, we are directed to a Microsoft update for MS Exchange 5.5. Since, we do use Exchange 5.5, I don't think it is this problem.
> Can someone let me know where I can go to find a method(s) to disable the null bind on my Windows 2003 LDAP server(s)?
> Thank you
>
>
> P. J.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mail.nessus.org/pipermail/nessus/attachments/20071113/99dece10/attachment-0001.html
>
> ------------------------------
>
> Message: 5
> Date: Tue, 13 Nov 2007 16:08:17 -0500
> From: "George A. Theall" <theall[at]tenablesecurity.com>
> Subject: Re: Nikto on Nessus 3 Client?
> To: nessus[at]list.nessus.org
> Message-ID: <473A1241.1060705[at]tenablesecurity.com>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
> On 11/13/07 14:06, Ramos, Jaime J. wrote:
>
> > There is no option as you described under the ?Advanced? tab. The only
> > option I see under ?Advanced? regarding Nikto is:
> ...
> > 3. At the bottom of window there is ?Random case sensitivity (Nikto only)
>
> Really? If that's true, you must be connecting to a Nessus 2.x server as
> plugin #10890 (http_ids_evasion.nasl) is disabled in Nessus 3.x.
>
>
> George
> --
> theall[at]tenablesecurity.com
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 13 Nov 2007 21:52:10 -0500
> From: "George A. Theall" <theall[at]tenablesecurity.com>
> Subject: Re: LDAP allows anonymous binds
> To: nessus[at]list.nessus.org
> Message-ID: <473A62DA.7090001[at]tenablesecurity.com>
> Content-Type: text/plain; charset=windows-1252; format=flowed
>
> On 11/13/07 12:30, PJ Bender wrote:
>
> > When Nessus was run against our two Domain Controllers, we received
> > the following report:
> >
> > *Synopsis*: It is possible to disclose LDAP information.
> ...
> > *Solution*: Disable NULL BIND on your LDAP server
> ...
> > I don?t think it is this problem.
>
> FWIW, the plugin actually tries to query a server without authenticating
> (ie, a "NULL BIND") and checks for a response. So it might be useful to
> capture packets to/from the affected LDAP services and see what is being
> returned.
>
> > Can someone let me know where I can go to find a method(s) to disable
> > the null bind on my Windows 2003 LDAP server(s)?
>
> Have you searched Microsoft's site? For example: check out the
> discussion of "dsHeuristics" in:
>
> http://support.microsoft.com/kb/326690/
>
> George
> --
> theall[at]tenablesecurity.com
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 14 Nov 2007 13:01:05 +0530
> From: "SantoshKumar_Mishra" <SantoshKumar_Mishra[at]satyam.com>
> Subject: implications/feasibility of running nessus with higher
> privilege levels
> To: <nessus[at]list.nessus.org>
> Message-ID:
> <6B3162E26E189F4EB74B8FB9345ED4FD050F65C1[at]certsrv.satyam.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Dear All,
>
> Can you please suggest the implications/feasibility of running nessus with higher privilege levels which include 'local checks'.
>
> Appreciate if can reply a bit early.
>
>
>
> Thanks,
>
> Santosh
>
>
>
>
> DISCLAIMER:
> This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mail.nessus.org/pipermail/nessus/attachments/20071114/6b7e6c8b/attachment-0001.html
>
> ------------------------------
>
> Message: 8
> Date: Wed, 14 Nov 2007 06:00:56 -0800
> From: "Doug Nordwall" <raleel[at]gmail.com>
> Subject: Re: implications/feasibility of running nessus with higher
> privilege levels
> To: SantoshKumar_Mishra <SantoshKumar_Mishra[at]satyam.com>
> Cc: nessus[at]list.nessus.org
> Message-ID:
> <752305c00711140600j644f0d77o2502cd0f6105061[at]mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> well, i'm not sure exactly in what context you are "running nessus" from. If
> you are referring to running the local checks as someone with higher
> privileges, then I can say that is how they are designed to run. Most of the
> information that comes out of them is supposed to be administrator/root
> level.
>
> If you are talking about running the client as root, then it's not a big
> deal. i've done it.
>
> The server needs to be run as rot, IIRC.
>
> On Nov 13, 2007 11:31 PM, SantoshKumar_Mishra <
> SantoshKumar_Mishra[at]satyam.com> wrote:
>
> > Dear All,
> >
> > Can you please suggest the* implications/feasibility of running nessus
> > with higher privilege levels which include 'local checks'.*
> >
> > Appreciate if can reply a bit early.
> >
> >
> >
> > Thanks,
> >
> > Santosh
> >
> >
> >
> > DISCLAIMER:
> > This email (including any attachments) is intended for the sole use of the
> > intended recipient/s and may contain material that is CONFIDENTIAL AND
> > PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or
> > distribution or forwarding of any or all of the contents in this message is
> > STRICTLY PROHIBITED. If you are not the intended recipient, please contact
> > the sender by email and delete all copies; your cooperation in this regard
> > is appreciated..
> >
> > _______________________________________________
> > Nessus mailing list
> > Nessus[at]list.nessus.org
> > http://mail.nessus.org/mailman/listinfo/nessus
> >
>
>
>
> --
> Doug Nordwall
> Unix, Network, and Security Administrator
> You mean the vision is subject to low subscription rates?!!? - Scott Stone,
> on MMORPGs
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mail.nessus.org/pipermail/nessus/attachments/20071114/489fc7ef/attachment-0001.html
>
> ------------------------------
>
> Message: 9
> Date: Wed, 14 Nov 2007 14:50:00 -0000
> From: "Nelson, C.M." <cmn[at]leicester.ac.uk>
> Subject: Plugin 26919
> To: <Nessus[at]list.nessus.org>
> Message-ID:
> <9B71985304C4914AACE30A5BD6A087710A895AEC[at]sumac.cfs.le.ac.uk>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> Plugin 26919 says:
>
> ........
> Synopsis : It is possible to log into the remote host. Description : The remote host is running one of the Microsoft Windows operating systems. It was possible to log into it as a guest user using a random account.
>
> In the group policy change the setting for 'Network access: Sharing and security model for local accounts' from 'Guest only - local users authenticate as Guest' to 'Classic - local users authenticate as themselves'. / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
> ........
>
>
> Could someone explain what the significance or seriousness of this is? Does it suggest a remote or local exploit is possible? If so what can be achieved and how can I confirm that the report is correct?
>
> --
> Carl Nelson,
> Information Security Office,
> IT Services,
> University of Leicester, Leicester, LE1 7RH, U.K.
> Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027
>
>
> ------------------------------
>
> Message: 10
> Date: Wed, 14 Nov 2007 08:35:18 -0700
> From: Mike.Vasquez[at]cityofmesa.org
> Subject: Re: LDAP allows anonymous binds
> To: nessus[at]list.nessus.org
> Message-ID:
> <OF127AC5B3.63A18A4E-ON07257393.0054BDDC-07257393.0055A100[at]cityofmesa.org>
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I did some research on the issue and the information for me was
> inconclusive --
>
> I found this post:
> http://www.derkeiler.com/Newsgroups/microsoft.public.win2000.security/2005-10/0239.html
>
> Date: Wed, 19 Oct 2005 12:07:35 -0400
>
> You can't disable anonymous/NULL bind. LDAP V3 requires it for the
> rootdse.
> However, a null bind doesn't necessarily give you access to domain or
> config
> data. In fact, if you are running Windows Server 2003 AD you have to
> specifically enable anonymous access on the ACLs to retrieve data
>
> Here's a kb article about anonymous ldap operations:
> http://support.microsoft.com/kb/326690
> Anonymous LDAP operations to Active Directory are disabled on Windows
> Server 2003 domain controllers
>
> SUMMARY
> By default, anonymous Lightweight Directory Access Protocol (LDAP)
> operations to Active Directory, other than rootDSE searches and binds, are
> not permitted in Microsoft Windows Server 2003.
>
> There's another nice article here:
> http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm
>
> Based on that information, I'm not convinced it's a great concern on
> Win2k3. I would be interested in the impact of disabling it, per the
> information provided. I'm a bit concerned about the possible fallout from
> a change.
>
> Thanks,
>
> Mike
>
>
>
>
> "George A. Theall" <theall[at]tenablesecurity.com>
> Sent by: nessus-bounces[at]list.nessus.org
> 11/13/2007 07:52 PM
>
> To
> nessus[at]list.nessus.org
> cc
>
> Subject
> Re: LDAP allows anonymous binds
>
>
>
>
>
>
> On 11/13/07 12:30, PJ Bender wrote:
>
> > When Nessus was run against our two Domain Controllers, we received
> > the following report:
> >
> > *Synopsis*: It is possible to disclose LDAP information.
> ...
> > *Solution*: Disable NULL BIND on your LDAP server
> ...
> > I don?t think it is this problem.
>
> FWIW, the plugin actually tries to query a server without authenticating
> (ie, a "NULL BIND") and checks for a response. So it might be useful to
> capture packets to/from the affected LDAP services and see what is being
> returned.
>
> > Can someone let me know where I can go to find a method(s) to disable
> > the null bind on my Windows 2003 LDAP server(s)?
>
> Have you searched Microsoft's site? For example: check out the
> discussion of "dsHeuristics" in:
>
> http://support.microsoft.com/kb/326690/
>
> George
> --
> theall[at]tenablesecurity.com
> _______________________________________________
> Nessus mailing list
> Nessus[at]list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://mail.nessus.org/pipermail/nessus/attachments/20071114/c0cae2fd/attachment-0001.html
>
> ------------------------------
>
> Message: 11
> Date: Wed, 14 Nov 2007 11:13:57 -0500
> From: Ron Gula <rgula[at]tenablesecurity.com>
> Subject: Re: Plugin 26919
> To: "Nelson, C.M." <cmn[at]leicester.ac.uk>
> Cc: Nessus[at]list.nessus.org
> Message-ID: <473B1EC5.3050808[at]tenablesecurity.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi Carl,
>
> >From where you performed your Nessus scan against this Windows host,
> anyone with network access to that system can log into it with a bogus
> account.
>
> If this system is outisde of a firewall or reachable by just about
> anyone in your organization, this could be a serious problem for you. If
> you had to go through extraordinary effort to scan this box (plug in to
> a DMZ, get the IT guys to open firewall ports, .etc) this is something
> that should be fixed, but won't be as serious.
>
> If your system has any other vulnerabilities, such as a locally
> exploitable vulnerability, it may be possible for a remote user to
> connect with a guest account and then attempt to become an
> administrator. Of course, if the system isn't really hardened, a guest
> account might be all the access that a remote user would need to read
> files, install a backdoor, turn the system into a bot, launch attacks
> against other systems and so on.
>
> To verify that remote access is allowed by this host, you could try
> using the smbshell tool from Tenable:
>
> http://cgi.tenablesecurity.com/tenable/smbshell.php
>
> Keep in mind that Windows has many different types of access control for
> file access and program execution. The plugin said that it could log in.
> Your IT people may have put some level of security of hardening for
> 'Guest' users or they may not have.
>
> Ron Gula
> Tenable Network Security
>
>
>
> Nelson, C.M. wrote:
> > Hi,
> >
> > Plugin 26919 says:
> >
> > ........
> > Synopsis : It is possible to log into the remote host. Description : The remote host is running one of the Microsoft Windows operating systems. It was possible to log into it as a guest user using a random account.
> >
> > In the group policy change the setting for 'Network access: Sharing and security model for local accounts' from 'Guest only - local users authenticate as Guest' to 'Classic - local users authenticate as themselves'. / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
> > ........
> >
> >
> > Could someone explain what the significance or seriousness of this is? Does it suggest a remote or local exploit is possible? If so what can be achieved and how can I confirm that the report is correct?
> >
> > --
> > Carl Nelson,
> > Information Security Office,
> > IT Services,
> > University of Leicester, Leicester, LE1 7RH, U.K.
> > Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027
> > _______________________________________________
> > Nessus mailing list
> > Nessus[at]list.nessus.org
> > http://mail.nessus.org/mailman/listinfo/nessus
> >
>
>
>
> ------------------------------
>
> _______________________________________________
> Nessus mailing list
> Nessus[at]list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
> End of Nessus Digest, Vol 49, Issue 8
> *************************************
>
_______________________________________________
Nessus mailing list
Nessus[at]list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|
