Security Basics mailing list archives
How to Configure Nessus3 to use WWW-Authenticate: NTLM credentials
From: spammailme () gmail com
Date: 29 Jan 2008 17:30:33 -0000
All - Is it just me or finding and an example documented on how to configure authentication with Nessus next to impossible? Ok here is what I am trying to do: Scanning a single host which requires WWW-Authenticate: NTLM. I want the scan to pass the credentials and login. Is this possible? How? Do I use the web tab? If so do I need to add domain\username in the HTTP account? Or am I to use SMB fields in 'Credentials' tab? Is is it somewhere in the plugin family? Extra credit. I also have have systems which require HTTP form based auth. I assume this is done on the 'Web' tab yet what do you do? Let say we are testing gmail.com auth (an an example) HTTP account = username HTTP password (sent without encryption) = pwd cgi_path = path-to-login? would I enter /accounts/ServiceLoginAuth?service=mail Thanks for your time. Don W.
Current thread:
- How to Configure Nessus3 to use WWW-Authenticate: NTLM credentials spammailme (Jan 29)