smbclient is an optional component just providing some minor additional information about the remote SMB server. It doesn’t add any additional value to vulnerability scanning (the provided info isn’t used by other VTs) and is also not required for authenticated scans.
If your authenticated scans are failing its more likely that the target doesn’t provide all requirements for such authenticated scans. To debug your issue and to verify the requirements of the remote target have a look at the following thread and the linked documentation within it.
Thanks CFI. I see your point when you say that atuhenticated scan does not add VTs and so on, but I’d like to have that part available for some tests.
Now, I verified and it seems the target requirements for authenticated scans are met. The target is a Windows 10. Sorry, I don’t understand: how can the SMB authenticated scan work without an smbclient? I don’t see any log of failed authentication. The only relevant log says that none of the tests using SMB client have been performed. And I don’t see any Log in the report showing patch level of the target system or things like that. So it seems to me that no authenticated scan has been performed.
Any thought on that?
On the GCE the smbclient is probably not available at all. If you want to make that part available it might be required that you need to go for a source installation of GVM instead.
There is no single test using the information so not sure if it makes much sense to try to get it to work.
The authentication and scanning is done via various NASL scripts (using smb_nt.inc and similar .inc files shipped within the feed) with the support of https://github.com/greenbone/openvas-smb (pre-installed on the GCE)
All currently known thoughts on the authenticated scans and how to debug not working ones are collected at the linked thread. Have you tried to look at the mentioned information there (e.g. the mentioned VTs are printing out if the login was successful or failed)?
Thank you very much. After further reading of Logs I finally found the failed authentication:
Access to the registry possible (SMB/registry_access)
So, it looks like a registry access issue, but Remote Registry service is running and File and Printer sharing is activated. I’m using a Domain Administrator account for scanning credentials. So, I should have met all the requirements specified in the thread you mentioned.
Do you maybe have any other idea?
Thank you so much for you help,
Thanks Luka, I know that. I’m just testing a GCE installation and the scanned device is my own PC. If I can’t manage to perform an authenticated scan with Domain Admins credentials, I won’t be able to do it with other accounts. Reading at my previous posts, do you have any idea why Registry cannot be accessed (I think I met usual requirements). Thanks, Andrea
I followed every requirements but I still see Logs like:
Access to the registry possible (SMB/registry_access): FALSE
Access via WMI possible (WMI/access_successful): FALSE
Architecture of the OS (SMB/Windows/Arch): Empty/None
Build number of the OS (SMB/WindowsBuild): Empty/None
Disable the usage of win_cmd_exec for remote commands on Windows (win/lsc/disable_win_cmd_exec): FALSE
Domain used for authenciated scans (kb_smb_domain()): GF-GROUP
Enable Detection of Portable Apps on Windows (win/lsc/search_portable_apps): FALSE
Enable NTLMSSP (SMB/NTLMSSP): TRUE
Extended SMB support available via openvas-smb module (Tools/Present/smb): TRUE
Extended WMI support available via openvas-smb module (Tools/Present/wmi): TRUE
Login via SMB failed: TRUE
Login via SMB successful: FALSE
Missing access permissions to the registry (SMB/registry_access_missing_permissions): FALSE
Name of the most recent service pack installed (SMB/CSDVersion): Empty/None
Never send SMB credentials in clear text (SMB/dont_send_in_cleartext): TRUE