Discussion:
Openvas 7 and scanning Windows hosts
Tom Powers
2014-08-13 21:58:09 UTC
Permalink
[cid:***@46e85c9f.4685fae3]
Sound Solutions, Inc.
8400 Highland Dr.
Wausau, WI 54401
Tel: 715-842-7665
Fax: 715-842-7620


Hello Openvas..


I have a fresh build of Open Vas 7 running on Ubuntu 14.04. Installed from sources. Install went great.

Current versions of each app are:

Libraries 7.01
Scanner 4.01
Manager 5.0
GSAD 5.0
CLI 1.30


When I scan a windows host, I get results, but they are basically the same as what the discovery is giving me. I use Full and Fast or Ultimate, it doesn’t seem to matter. I get about 7 log entries and that’s it.

I have SMB credentials entered and I’m firing this at a server that when I use Openvas 3 finds loads of issues. Openvas 7 finds nothing.

Where have I gone off the rails here?

Thanks

Tom P

________________________________
Sound Solutions, Inc. - Since 1995
We Appreciate Your Business and Referrals


This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored.

Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
Benoît Allard
2014-08-14 08:31:36 UTC
Permalink
Post by Tom Powers
Hello Openvas..
I have a fresh build of Open Vas 7 running on Ubuntu 14.04.
Installed from sources. Install went great.
Libraries 7.01 Scanner 4.01 Manager 5.0 GSAD 5.0 CLI 1.30
When I scan a windows host, I get results, but they are basically
the same as what the discovery is giving me. I use Full and Fast or
Ultimate, it doesn’t seem to matter. I get about 7 log entries and
that’s it.
I have SMB credentials entered and I’m firing this at a server that
when I use Openvas 3 finds loads of issues. Openvas 7 finds
nothing.
Where have I gone off the rails here?
You probably forgot to build 'wmiclient' before libraries.

Instruction here:

https://wald.intevation.org/scm/viewvc.php/tags/openvas-libraries-release-7.0.3/doc/wmi-howto.txt?root=openvas&view=markup

(This file is briefly mentioned in the INSTALL file)

Note that you will need to rebuild your '-libraries' in order to
benefit from the wmi library.

Regards,
Ben

- --
Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net
Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Tom Powers
2014-08-14 15:10:36 UTC
Permalink
Sound Solutions, Inc.
8400 Highland Dr.
Wausau, WI 54401
Tel: 715-842-7665
Fax: 715-842-7620

Very helpful...yes...I did miss that step.

So I followed the instructions below. I did get an error in the "make proto all" step. The error was

Defined(@array) is deprecated at ./pidl/pidl line 583

After some searching, I was able to get it to work by doing a make proto all "CPP=gcc -E -ffreestanding"

I did the recompile of libraries and did successfully get the

-- checking for module 'wmiclient>=1.3.14'
-- found wmiclient, version 1.3.14

I recompiled openvassd and reinstalled and restarted the whole system.

Rescanned windows hosts....but...

Still not seeing any of the windows vulnerabilities like my openvas3 finds.

Where else can I look?

TP

-----Original Message-----
From: Benoît Allard [mailto:***@greenbone.net]
Sent: Thursday, August 14, 2014 3:32 AM
To: Tom Powers; openvas-***@wald.intevation.org
Subject: Re: [Openvas-discuss] Openvas 7 and scanning Windows hosts

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Tom Powers
Hello Openvas..
I have a fresh build of Open Vas 7 running on Ubuntu 14.04.
Installed from sources. Install went great.
Libraries 7.01 Scanner 4.01 Manager 5.0 GSAD 5.0 CLI 1.30
When I scan a windows host, I get results, but they are basically the
same as what the discovery is giving me. I use Full and Fast or
Ultimate, it doesn’t seem to matter. I get about 7 log entries and
that’s it.
I have SMB credentials entered and I’m firing this at a server that
when I use Openvas 3 finds loads of issues. Openvas 7 finds nothing.
Where have I gone off the rails here?
You probably forgot to build 'wmiclient' before libraries.

Instruction here:

https://wald.intevation.org/scm/viewvc.php/tags/openvas-libraries-release-7.0.3/doc/wmi-howto.txt?root=openvas&view=markup

(This file is briefly mentioned in the INSTALL file)

Note that you will need to rebuild your '-libraries' in order to benefit from the wmi library.

Regards,
Ben

- --
Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQEcBAEBAgAGBQJT7HPkAAoJEHZCfVOzCgWwvqoIANY4tLnuMhqnHrB+mRv6CMim
Spe+gto2nV6oKG6IJIV13Av/kR7tzc1bkn6aS+TIMI2i0bTwAQp+cKWxqicafTIP
GDCX939q0ymtZxkbE/KEv0CJlNIPeCyGav74c1waBNs9vTkMQ6K/oRxjzAHBhzPv
jSszgg8TvvfFv+ZCjE34LQZTbjsx4hGVU5cR+w/qT2R8WrNfy35B46ACxE+YmoNp
RxmqkeIvMlpmLlS4NCh2bhviKHvbUpX0aqV7/jR2tLnGkCBhUCefwS1a2AKcB3tx
0XJ+SPgB/9hgdOFXkEAlG2Hq2wJmliJy9YW26D4cEjyNvNkf00XiwWgp5afYAeg=
=FzDf
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Sound Solutions, Inc. - Since 1995
We Appreciate Your Business and Referrals

This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored.

Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
Jan-Oliver Wagner
2014-09-01 21:32:52 UTC
Permalink
Post by Tom Powers
I recompiled openvassd and reinstalled and restarted the whole system.
Rescanned windows hosts....but...
Still not seeing any of the windows vulnerabilities like my openvas3 finds.
Where else can I look?
If you are expecting results based on authenticated scan, perhaps
there is a problem with the credentials.
I you are having no results at all perhaps the target is regarded as dead
and you should change the target configuration to "assume target alive".
--
Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B
202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Loading...