GVM 21.4 : authenticated scans of Win10 hosts using 'SMB' ..?

Hello again ,

We’re testing GVM 21.4 (GSE Edition), from sources, on a Debian 10.10 machine.
I’ve recently been trying ‘authenticated scans’.

  • 1st on Linux hosts : protocol ssh, providing a login/password for an existing account
    Of course, authorizing the GVM machine incoming connections on ssh port in ‘ufw’ (local Linux FW).

It works fine => you can actually trace the sessions connexions in ‘lastlog’
And you get valuable informations about the target system in the scan report.

  • 2nd obvious target nowadays, Windows 10 hosts : it (GVM) says : “Use SMB”. hmmm … OK : SMB is quite an old protocol today, but OK, let’s use SMB (anyway, there’s nothing else : like NTLM, etc). So, providing a login/password for an existing Win10 host account in a GVM ‘Credentials’ profile. AND, because Win10 default protection is quite tight nowadays with Windows Defender, set 2 new rules in the target Win10 FW : allow incoming TCP connections on port 445 and 139 (from anywhere : no source IP restriction, not even demanding tunnel encryption). (note: it’s a test Win10 VM, no harm).

It just doesn’t work AT ALL : the Win10 machine is still completely “locked”, the scan exits almost immediately at 0% completion.
Finally, the only way I could perform a GVM scan on this Win10 was to COMPLETELY DISABLE Windows Defender. Which is not at all the way we want to procede on operational systems …

So … ?
Q : what are all the requirements to perform GVM scans of Win10 hosts with ‘authenticated connections’ ? Is it seriously documented ? What ports range(s) have to be opened on Win10 hosts ?

many thanks for any answer, regards , J. Le Moigne ( jean.le-moigne [at] inrae [dot] fr )

GVM versions

**gsad: Greenbone Security Assistant 21.04.0~git
**gvmd: Greenbone Vulnerability Manager 21.4.0, Manager DB revision 242
Copyright © 2009-2021 Greenbone Networks GmbH
**openvas-scanner: OpenVAS 21.4.0
**gvm-libs: gvm-libs 21.4.0

Environment

  • Debian 10.10 VM (hosted on a VMware vCenter)
  • Kernel : Linux 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux
    *Installation method / source: compiled from sources ‘GVM v21.4’ (from GitHub)

Windows 10 target system

  • Windows 10 Pro 64 v20H2 build 19042.1237

Hi @jlemoigne,

If you try to scan the new windows 11 Pro you will see the same issue, and what i did to bypass that, i changed the Alive Test to Consider alive so before start the scan it won’t test if the host is online or not but will start away.

Best

The related documentation around this topic can be found here:

https://docs.greenbone.net/GSM-Manual/gos-21.04/en/scanning.html#requirements-on-target-systems-with-microsoft-windows

Some more related info can be found here:

1 Like

Hi , thanks to everybody for your answers, most particularly ‘cfi’ for the direct link to the detailed documentation.
So I missed almost everything about the proper configuration of Windows hosts to perform authenticated scans … (I’m working on it)
regards, J. Le Moigne ( jean.le-moigne [at] inrae [dot] fr )

1 Like