Dailydave mailing list archives
Nessus + Authentication = Root?
From: Dave Aitel <dave () immunitysec com>
Date: Sun, 11 Sep 2005 18:30:43 -0400
Hmm. http://www.nessus.org/documentation/nessus_domain_whitepaper.pdfSo a lot of Nessus's new checks require Nessus to log in remotely to machines using administrator passwords. It uses this to read the registry or check for installed RPMs or whatnot. They recommend opening up a domain administrator account that has minimal privs, but my guess is that you could use this domain administrator account to connect to named pipes and render otherwise post-auth bugs quite useful.
So my question to the list is this: Does anyone with experience using Nessus use this functionality, and if so, are you worried about someone in the scanning range playing with the cryptography (aka downgrading to plain text authentication, mitm, weak IV, etc) to get the Nessus Test Domain Admin account from you in order to exploit the rest of the network?
Perhaps some testers are not smart enough to use a restricted access domain administrator account? I know Tenable is on this list - what's the story on this stuff?
-dave
Current thread:
- Nessus + Authentication = Root? Dave Aitel (Sep 11)
- Re: Nessus + Authentication = Root? Ron Gula (Sep 11)
- Re: Nessus + Authentication = Root? Dave Aitel (Sep 13)
- Re: Nessus + Authentication = Root? Nicolas Pouvesle (Sep 13)
- Re: Nessus + Authentication = Root? Dave Aitel (Sep 13)
- Re: Nessus + Authentication = Root? Ron Gula (Sep 11)