Penetration Testing mailing list archives
Re: nessus exceptions
From: "Chris McNab" <chris.mcnab () trustmatta com>
Date: Wed, 4 Aug 2004 19:44:54 +0100
Hi, Recently we've have a lot of experience in this field (by analysing and benchmarking various vulnerability assessment tools), and I can tell you that Nessus, and other automated tools, have mixed results when: - Identifying MSRPC issues. Nessus lists the endpoints from TCP/135 and then lists them as all 'low-risk' issues. Here you'd set up some accessible MSRPC interface endpoints (TCP 1026, 1029, 1035, UDP 1028, etc.), but filter access to the portmapper on TCP and UDP port 135, and watch Nessus miss the vulnerable endpoints. - Identifying custom web application issues. Set up some simple accessible PHP or CGI script on a web service that allows you to list directories and open files on the operating system (http://1.2.3.4/cgi/images.php?dir=images/) and see if they try setting that dir to /etc/ or others. - Enumerating valid user accounts. There are a buckletload of ways to enumerate valid user accounts, including Sendmail EXPN/VRFY/RCPT TO, Solaris FTP globbing, Apache /~user testing, etc. I haven't seen any automated systems do this well. These type of elements seperate professional hands-on testers from clonws that just run vulnerability scanning software. Nessus, ISS Internet Scanner, eEye Retina, all have their strengths and weaknesses, but it's often about how the tester uses the data thats spat out, and qualifies issues manually. Hope this helps, Chris Chris McNab Technical Director Matta Consulting Limited 18 Noel Street London W1F 8GN 08700 77 11 00
Current thread:
- Re: nessus exceptions, (continued)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- RE: nessus exceptions R. DuFresne (Aug 09)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- Re: nessus exceptions Pete Herzog (Aug 05)
- Re: nessus exceptions Chris McNab (Aug 05)
- Re: nessus exceptions H Carvey (Aug 05)
- RE: nessus exceptions Strand, John (Aug 09)