Windows authenticated scan

I have openvas installed on my Raspberry Pi 4 using apt get and I’m not sure how to do an authenticated scan on my Windows 10 PC to check for installed software vulnerabilities. I created a local account on the Windows machine, added those credentials to openvas and specified to use those credentials in the task with the PC’s IP but I’m not seeing any software vulnerabilities. I only see this result below. What do I need to do to show outdated versions with vulnerabilities of chrome browser, adobe, etc ?

0.0 (Log)
80% 10.10.10.41 general/tcp Add NoteAdd Override
Summary
This script consolidates various technical information about authenticated scans via SMB for Windows targets.

Vulnerability Detection Result
Description (Knowledge base entry) Value/Content


Access to the registry possible (SMB/registry_access) : FALSE
Access via WMI possible (WMI/access_successful) : FALSE
Architecture of the OS (SMB/Windows/Arch) : Empty/None
Build number of the OS (SMB/WindowsBuild) : Empty/None
Disable file search via WMI on Windows (win/lsc/disable_wmi_search) : FALSE
Disable the usage of win_cmd_exec for remote commands on Windows (win/lsc/disable_win_cmd_exec) : FALSE
Domain used for authenciated scans (kb_smb_domain()) : Empty/None
Enable Detection of Portable Apps on Windows (win/lsc/search_portable_apps) : FALSE
Enable NTLMSSP (SMB/NTLMSSP) : TRUE
Extended SMB support available via openvas-smb module (Tools/Present/smb) : FALSE
Extended WMI support available via openvas-smb module (Tools/Present/wmi) : FALSE
Login via SMB failed (login/SMB/failed) : FALSE
Login via SMB successful (login/SMB/success) : TRUE
Missing access permissions to the registry (SMB/registry_access_missing_permissions) : FALSE
Name of the most recent service pack installed (SMB/CSDVersion) : Empty/None
Never send SMB credentials in clear text (SMB/dont_send_in_cleartext) : TRUE
Only use NTLMv2 (SMB/dont_send_ntlmv1) : FALSE
Path to the OS SystemRoot (smb_get_systemroot()) : Empty/None
Path to the OS SystemRoot for 32bit (smb_get_system32root()) : Empty/None
Port configured for authenciated scans (kb_smb_transport()) : 445/tcp
Port used for the successful login via SMB : 445/tcp
Product name of the OS (SMB/WindowsName) : Empty/None
SMB name used for authenciated scans (kb_smb_name()) : 10.10.10.41
User used for authenciated scans (kb_smb_login()) : openvas
Version number of the OS (SMB/WindowsVersion) : Empty/None
Workgroup of the SMB server (SMB/workgroup) : HOMENET

It was not possible to connect to the PIPE\winreg on the remote host. If you intend to use the Scanner to perform registry-based checks, the registry checks will not work because the ‘Remote Registry’ service is not running or has been disabled on the remote host.

Please either:

  • configure the ‘Startup Type’ of the ‘Remote Registry’ service on the target host to ‘Automatic’.
  • configure the NVT ‘Windows Services Start’ (OID: 1.3.6.1.4.1.25623.1.0.804786) to start this service automatically.

It seems the used packages are not build/linked against the openvas-smb module which is required for authenticated Windows scans.

Please contact the maintainer of the uses packages to get the openvas-smb module packaged. As an alternative you could also build GVM from the source code.

1 Like

Is there no way to add the openvas-smb module after installing from precompiled package?

No this needs to be integrated during compile time. Otherwise the hooks and code integration is missing. Please get back to your packet provider we can´t help you here or compile it self from the source.

1 Like

Hi. Tell please, where i can find this type of logs? I checked ospd-scanner.log, openvas.log, gvmd.log, gsad.log but there is nothing like that.

This is the output of the Windows SMB/LSC Authenticated Scan Info Consolidation VT described here:

Thanks a lot