-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rochford, Paul
Sent: Tuesday, October 28, 2003 9:53 PM
To: [EMAIL PROTECTED]
Subject: RE: :: Unable to access registry of Windows 2000, XP and 2003I managed to do this by editing smb_login.nasl and putting the username and password in there in place of the default ones.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sun
Sent: 27 October 2003 06:23
To: [EMAIL PROTECTED]
Subject: :: Unable to access registry of Windows 2000, XP and 2003
Hi there.
I have been using Nessus for quite some time now. Recently I went through
the article :"Utilizing Domain Credentials to Enhance Nessus Scans" (Nessus'
website)I carried out all those steps on a Windows Server 2003 (domain controller)
(creating a nessustest user in Nessus Test Account and giving it READ access
to the registry key:
HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winregI put the SMB login name: nessustest and the corresponding password in
Nessus 2.0.8. All plugins were selected. Now when I run the test, I get
Success Event IDs 680, 576, 540 and 538 in the Event Log. The user is able
to log in successfully (as reported by Event Viewer)However, I get no information about my registry in the report.
On closer examination of the log: nessusd.messages, I have found many places
where it says key xxx is missing, e.g. key SMB/test_domain is missing,
SMB/domain_sid is missing, SMB/registry_access is missing,
SMB/registry_full_access is missing.My question is why is Nessus unable to access the registry when I have given
the right credentials.I even tried with Domain Admin Rights, but the result is the same. I even
tried giving full access to winreg key to nessustest/Nessus Test Account.The result is always the same (with login credentials and without it).
I even tried it against a Windows 2000 server (Domain Controller) and
Windows XP Professional.If someone has successfully been able to audit the registry, please let me
know.Also, the Windows Server 2003 was out-of-the box. No hardening done. Also,
Remote Registry service is Automatic and Started.Am I missing something?
Regards
Sunil Vakharia
sun AT rocketnet DOT org
********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please
notify us immediately at [EMAIL PROTECTED] and delete this E-mail
from your system. Thank you.
It is possible for data transmitted by email to be deliberately or
accidentally corrupted or intercepted. For this reason, where the
communication is by email, the Bank of Ireland Group does not accept
any responsibility for any breach of confidence which may arise
through the use of this medium.
This footnote also confirms that this email message has been swept
for the presence of known computer viruses.
********************************************************************
Title: Message
Thanks for that
piece of information, although even that didn't help.
I put my password
in smb_login.nasl and even in logins.nasl.
But still no
change. (Do I have to do anything besides saving those *.nasl
files?)
Anyway, I tried
registry access on another network and it worked.
Maybe *this*
particular Nessus installation had some problem.
Will need to
clean that and reinstall and try again.
--Sunil
Vakharia
