Re: Authentication in SMB/MSRPC

[Fyodor <fyodor () insecure org>]

On Tue, Oct 07, 2008 at 05:36:25AM -0500, Ron wrote:
> David Fifield wrote:
> > On Mon, Oct 06, 2008 at 05:54:35PM -0500, Ron wrote:
>
> If the scripts are expanded to the point where they can do deeper 
> vulnerability assessments, being able to use passwords found could be 
> very valuable, especially if you're scanning a couple thousand hosts.

I agree.  Though we do need to be careful not to exceed the
intrusiveness level desired by the user.  So it can be a tough balance
to strike.

Serious brute force scripts are generally not going to be default
anyway.  So if someone specifies those (along with other scripts),
they may very well be doing so in order that found credentials can be
used in the scan.

If there is a lockout, it will generally happen during the brute force
session, not in subsequent logins.

So if we don't let scripts used discovered (by whatever mechanism)
authentication credentials by default, we should at least provide an
option to do so IMHO.

If Nessus determines authentication credentials, does it automatically
use them?

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org