Isn't that kind of the reason to run the scan in the first place? To what is open..................
steve -----Original Message----- From: Michael Scheidell [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 17, 2002 3:18 PM To: Gary Flynn; [EMAIL PROTECTED] Subject: Re: Newbie: NT Administrator Rights for Scans ----- Original Message ----- From: "Gary Flynn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 2:40 PM Subject: Re: Newbie: NT Administrator Rights for Scans > Michael Scheidell wrote: > > > > in the 'login configuration' add in an administrator username and password > > (note, this is sent in plain text, so create a temp one) > > YIKES! Does this depend upon the test being performed or the > negotiated authentication protocol (LM, NTLM, NTLMv2, HTTP > basic, etc.)? Is there a way to prevent exposure by configuring > the scanner only to attempt authentication to clients supporting > a certain level of authentication protection? no. nessus is using raw smb_ calls (you can see (and edit them if you like) in smb_nt.inc. > > -- > Gary Flynn > Security Engineer - Technical Services > James Madison University > > Please R.U.N.S.A.F.E. > http://www.jmu.edu/computing/runsafe >
