GVM versions
gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0.1
Environment
Operating system: Linux
Kernel: Linux RicohSecurity 5.2.14-arch2-1-ARCH #1 SMP PREEMPT Thu Sep 12 10:42:38 UTC 2019 x86_64 GNU/Linux
Installation method / source: pacman
====================================================================
Dear all,
I’m trying to perform authenticated scans with SMB credentials targeting windows hosts. I’m able to perform the scan and get a “SMB Successful Login” when targeting non-associated domain accounts. But I always get “SMB Failed Login” once the target is associated to a domain.
Please find below my SMB authenticated outputs in these 2 cases:
a) Targeting a host NOT assigned to a domain account:
Access to the registry possible (SMB/registry_access) : TRUE
Access via WMI possible (WMI/access_successful) : FALSE
Architecture of the OS (SMB/Windows/Arch) : Empty/None
Build number of the OS (SMB/WindowsBuild) : 17134
Disable file search via WMI on Windows (win/lsc/disable_wmi_search) : FALSE
Disable the usage of win_cmd_exec for remote commands on Windows (win/lsc/disable_win_cmd_exec) : FALSE
Domain used for authenciated scans (kb_smb_domain()) : Empty/None
Enable Detection of Portable Apps on Windows (win/lsc/search_portable_apps) : FALSE
Enable NTLMSSP (SMB/NTLMSSP) : TRUE
Extended SMB support available via openvas-smb module (Tools/Present/smb) : FALSE
Extended WMI support available via openvas-smb module (Tools/Present/wmi) : FALSE
Login via SMB failed (login/SMB/failed) : FALSE
Login via SMB successful (login/SMB/success) : TRUE
Missing access permissions to the registry (SMB/registry_access_missing_permissions) : TRUE
Name of the most recent service pack installed (SMB/CSDVersion) : Empty/None
Never send SMB credentials in clear text (SMB/dont_send_in_cleartext) : TRUE
Only use NTLMv2 (SMB/dont_send_ntlmv1) : FALSE
Path to the OS SystemRoot (smb_get_systemroot()) : Empty/None
Path to the OS SystemRoot for 32bit (smb_get_system32root()) : Empty/None
Port configured for authenciated scans (kb_smb_transport()) : 445/tcp
Port used for the successful login via SMB : 445/tcp
Product name of the OS (SMB/WindowsName) : Windows 10 Enterprise
SMB name used for authenciated scans (kb_smb_name()) : 192.168.71.30
User used for authenciated scans (kb_smb_login()) : MyUser
Version number of the OS (SMB/WindowsVersion) : 6.3
Workgroup of the SMB server (SMB/workgroup) : Empty/None
b) Targeting a host assigned to a domain account:
Credentials Username: MYWORKGROUP\MyUser
SMB Test
Error getting SMB-Data -> SESSION SETUP FAILED: NT_STATUS_ACCESS_DENIED
Windows LSC Authenticated Scan Info Consolidation
Description (Knowledge base entry) Value/Content
---------------------------------- -------------
Access to the registry possible (SMB/registry_access) : FALSE
Access via WMI possible (WMI/access_successful) : FALSE
Architecture of the OS (SMB/Windows/Arch) : Empty/None
Build number of the OS (SMB/WindowsBuild) : Empty/None
Disable file search via WMI on Windows (win/lsc/disable_wmi_search) : FALSE
Disable the usage of win_cmd_exec for remote commands on Windows (win/lsc/disable_win_cmd_exec) : FALSE
Domain used for authenciated scans (kb_smb_domain()) : Empty/None
Enable Detection of Portable Apps on Windows (win/lsc/search_portable_apps) : FALSE
Enable NTLMSSP (SMB/NTLMSSP) : TRUE
Extended SMB support available via openvas-smb module (Tools/Present/smb) : FALSE
Extended WMI support available via openvas-smb module (Tools/Present/wmi) : FALSE
Login via SMB failed (login/SMB/failed) : TRUE
Login via SMB successful (login/SMB/success) : FALSE
Missing access permissions to the registry (SMB/registry_access_missing_permissions) : FALSE
Name of the most recent service pack installed (SMB/CSDVersion) : Empty/None
Never send SMB credentials in clear text (SMB/dont_send_in_cleartext) : TRUE
Only use NTLMv2 (SMB/dont_send_ntlmv1) : FALSE
Path to the OS SystemRoot (smb_get_systemroot()) : Empty/None
Path to the OS SystemRoot for 32bit (smb_get_system32root()) : Empty/None
Port configured for authenciated scans (kb_smb_transport()) : 445/tcp
Port used for the failed login via SMB : 445/tcp
Product name of the OS (SMB/WindowsName) : Empty/None
SMB name used for authenciated scans (kb_smb_name()) : 192.168.1.7
User used for authenciated scans (kb_smb_login()) : MYWORKGROUPMyUser
Version number of the OS (SMB/WindowsVersion) : Empty/None
Workgroup of the SMB server (SMB/workgroup) : MYWORKGROUP
I have been following the official documentation and I would need to know the following:
- Is openvas-smb required (mandatory) for SMB authenticated login on Windows hosts associated with a domain account?
- When creating the SMB credential I am passing the user as “MYWORKGROUP\MYUSERNAME”. Is this the proper way of doing it? Is the workgroup required?
- Is there anything else special I would take on consideration for the domain associated accounts?
Kind regards,