How to scan a VirtualBox Windows 10 (host) with authentication from Linux (guest)

GVM versions

gsa: 8.0.1
gvm: 8.0.1
openvas-scanner: 6.0.1
gvm-libs: 10.0

Environment

Operating system: Arch Linux
Kernel: 5.2.15-arch2-1-ARCH
Installation method / source: pacman

Dear all,

I was wondering if anyone in the community has ever tried to audit a Windows 10 (or any other version) machine from a virtualized Linux running on top of it via VirtualBox.

I have been following the steps defined at:

https://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html#requirements-on-target-systems-with-microsoft-windows

and here:

Unfortunately I am not able to perform a successful login.

Thanks in advance for your answers.

Hello there,

I am still attempting to authenticate into a Windows 10 box.

I have changed my host from Arch to Debian 9.7 (Greenbone version repositories are the same as listed in the first message).

I have included some snapshots to clarify the steps I am following.

File and printer sharing:

smb_4

Remote Registry configuration:

smb_3
smb_1 smb_2

Registry:

smb_6

Scanning results:
(Not shown here, but NVT SMB Remote Version Detection finds versions 1 and 2)

smb_5

I am pretty sure there still is a small detail missing in the whole picture:)

Any help will be appreciated.

Regards.

Dear all,

I finally managed to make this work.

The problem is shown in the next snapshot:

computer_management_2

When trying to authenticate with SMB credentials I was using the value from the Full Name column as the username, when I should be using the one from the Name column.

The reason of this misunderstanding is that the value in the Full name column is the one shown in the Windows login screen as “your user name”. See the following image (where Jack is the username):

Additionally, I would like to point out that the openvas-smb package is not required for Windows authentication.

While reading the threads from other users regarding this topic I have realized this issue might not be clearly explained in the docs, in my humble opinion.

Kind regards.