Hello again ,
We’re testing GVM 21.4 (GSE Edition), from sources, on a Debian 10.10 machine.
I’ve recently been trying ‘authenticated scans’.
- 1st on Linux hosts : protocol ssh, providing a login/password for an existing account
Of course, authorizing the GVM machine incoming connections on ssh port in ‘ufw’ (local Linux FW).
It works fine => you can actually trace the sessions connexions in ‘lastlog’
And you get valuable informations about the target system in the scan report.
- 2nd obvious target nowadays, Windows 10 hosts : it (GVM) says : “Use SMB”. hmmm … OK : SMB is quite an old protocol today, but OK, let’s use SMB (anyway, there’s nothing else : like NTLM, etc). So, providing a login/password for an existing Win10 host account in a GVM ‘Credentials’ profile. AND, because Win10 default protection is quite tight nowadays with Windows Defender, set 2 new rules in the target Win10 FW : allow incoming TCP connections on port 445 and 139 (from anywhere : no source IP restriction, not even demanding tunnel encryption). (note: it’s a test Win10 VM, no harm).
It just doesn’t work AT ALL : the Win10 machine is still completely “locked”, the scan exits almost immediately at 0% completion.
Finally, the only way I could perform a GVM scan on this Win10 was to COMPLETELY DISABLE Windows Defender. Which is not at all the way we want to procede on operational systems …
So … ?
Q : what are all the requirements to perform GVM scans of Win10 hosts with ‘authenticated connections’ ? Is it seriously documented ? What ports range(s) have to be opened on Win10 hosts ?
many thanks for any answer, regards , J. Le Moigne ( jean.le-moigne [at] inrae [dot] fr )
**gsad: Greenbone Security Assistant 21.04.0~git
**gvmd: Greenbone Vulnerability Manager 21.4.0, Manager DB revision 242
Copyright © 2009-2021 Greenbone Networks GmbH
**openvas-scanner: OpenVAS 21.4.0
**gvm-libs: gvm-libs 21.4.0
- Debian 10.10 VM (hosted on a VMware vCenter)
- Kernel : Linux 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux
*Installation method / source: compiled from sources ‘GVM v21.4’ (from GitHub)
Windows 10 target system
- Windows 10 Pro 64 v20H2 build 19042.1237