[Openvas-discuss] inconsistent results when doing an external credentialed scan against Windows

Paul J paulj1x at cox.net
Sun Sep 6 11:10:47 CEST 2015


Thanks Eero, I’ve tried them all.

 

From: eero.t.volotinen at gmail.com [mailto:eero.t.volotinen at gmail.com] On Behalf Of Eero Volotinen
Sent: Sunday, September 06, 2015 2:06 AM
To: Paul J <paulj1x at cox.net>
Cc: openvas-discuss at wald.intevation.org
Subject: Re: [Openvas-discuss] inconsistent results when doing an external credentialed scan against Windows

 

Try running other configuration instead of full and fast. Like deep ..

Eero

6.9.2015 11.09 ap. "Paul J" <paulj1x at cox.net <mailto:paulj1x at cox.net> > kirjoitti:

Hi,

I'm new to Kali 2.0, OpenVAS 8, OpenVAS Manager v 6.0.1, OpenVAS Scanner 5.0.1 (DB rev 146), Greenbone.  I’ve downloaded it from the Kali VMWare page, updated it, and I’m running this in one VMWare Player, a Windows 7 target in a second VMWare Player and I’m trying to do an external credentialed scan.

I disabled the Firewall in the Windows 7 target that has not been updated.

I used the Advanced Task Wizard to create a Full and Very Fast task with an SMB credential.  I tried both a standard credential an autogenerated credential.

Without making any changes I get varying results.  Since the Windows 7 image hasn’t been updated, it has a boatload of findings, but these vary anywhere from 155 to 205, but typically 197 high findings (plus other medium and low findings).  Other times it doesn’t get any high findings and will get a medium finding of being able to do an SMB login but it does see any of the rest of the findings that a credentialed scan should see.

 

When it doesn’t get any high findings the openvassd.log lists:

md   main:WARNING:2015-09-05 15h17.50 utc:2512: main: databases are already at the supported version

lib auth:   INFO:2015-09-05 15h19.57 utc:2583: Authentication configuration not found.

lib auth:   INFO:2015-09-05 15h19.58 utc:2590: Authentication configuration not found.

lib auth:   INFO:2015-09-05 15h30.24 utc:7804: Authentication configuration not found.

lib auth:   INFO:2015-09-05 15h30.43 utc:7875: Authentication configuration not found.

lib auth:   INFO:2015-09-05 15h32.19 utc:9888: Authentication configuration not found.

lib auth:   INFO:2015-09-05 15h32.53 utc:12912: Authentication configuration not found.

event lsc_credential:MESSAGE:2015-09-05 15h36.02 UTC:13224: LSC Credential 406cb9c8-cd58-472f-93c3-03be4485040b has been created by admin

event target:MESSAGE:2015-09-05 15h37.16 UTC:13285: Target e85ee1d0-e22d-4f99-a326-7612c49dca08 has been created by admin

event task:MESSAGE:2015-09-05 15h37.16 UTC:13285: Status of task  (d1f649b5-75dd-4b6c-ada9-ded1f31206d4) has changed to New

event task:MESSAGE:2015-09-05 15h37.16 UTC:13285: Task d1f649b5-75dd-4b6c-ada9-ded1f31206d4 has been created by admin

event task:MESSAGE:2015-09-05 15h37.17 UTC:13285: Status of task FF WSUS SMB (d1f649b5-75dd-4b6c-ada9-ded1f31206d4) has changed to Requested

event task:MESSAGE:2015-09-05 15h37.17 UTC:13285: Task d1f649b5-75dd-4b6c-ada9-ded1f31206d4 has been requested to start by admin

event wizard:MESSAGE:2015-09-05 15h37.17 UTC:13285: Wizard quick_task has been run by admin

event task:MESSAGE:2015-09-05 15h37.19 UTC:13291: Status of task FF WSUS SMB (d1f649b5-75dd-4b6c-ada9-ded1f31206d4) has changed to Running

event task:MESSAGE:2015-09-05 15h38.34 UTC:13291: Status of task FF WSUS SMB (d1f649b5-75dd-4b6c-ada9-ded1f31206d4) has changed to Done

 

How can I track down why it is failing?

 

I would desperately appreciate any help!


_______________________________________________
Openvas-discuss mailing list
Openvas-discuss at wald.intevation.org <mailto:Openvas-discuss at wald.intevation.org> 
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150906/cd9b7fd3/attachment.html>


More information about the Openvas-discuss mailing list