RE: Windows Patch Auditing & "File and Print Sharing" disabled



Hi Mike,

I tried to post this reply couple days ago, but it seems like it bounced
back...

Anyway, It seems like the scanner is unable to authenticate to the
domain.

Windows Patch assessment scan requires that the scanner (in your case
nessus) at least be able to read registry of the systems being scanned.
In other words you may need to pass along domain credentials in nessus,
when scanning.

Hope this helps,

Best Regards,

Saurabh Thakrar
Email: sthakrar12@xxxxxxxxx

Best Regards,

Saurabh A. Thakrar
Integration & Security Consultant - IT Products

Roche Diagnostics Corporation
9115 Hague Road, Bldg-L14
Indianapolis, Indiana 46250-0457 USA

Phone: +1 317-521-4092
Mobile: +1 317-372-9178
mailto:saurabh.thakrar@xxxxxxxxx
P Please consider the environment before printing this e-mail



Confidentiality Note: This message is intended only for the use of the
named recipient(s) and may contain confidential and/or proprietary
information. If you are not the intended recipient, please contact the
sender and delete this message. Any unauthorized use of the information
contained in this message is prohibited.
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of intel96
Sent: Thursday, May 14, 2009 3:17 PM
To: marcelo carvalho
Cc: pen-test list
Subject: Re: Windows Patch Auditing & "File and Print Sharing" disabled

Something simple:

You could script something that calls systeminfo.exe.

http://technet.microsoft.com/en-us/library/bb491007.aspx

Something more advance:

You could write something in C# that queries the registry for missing
patches?

The registry key on my system that contains this information is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP


marcelo carvalho wrote:

Do y try null section Netbios with MBSA Analayzer?
--------------------------------------------------
From: "Mike Drugov" <DRUGOVM@xxxxxxxxxx>
Sent: Thursday, April 30, 2009 1:01 PM
To: <pen-test@xxxxxxxxxxxxxxxxx>
Subject: Windows Patch Auditing & "File and Print Sharing" disabled

Hello list,

I need some advise

I'm trying to scan a Windows Network where all end nodes except
Domain Controller have "File & Print Sharing" disabled.

What I'm trying to get a list of Microsoft Updates that are missing.


So far I tried Nessus & Foundstone and none of them are able to
provide a report with missing patches.(I'm able to get a report from
Domain Controller)

Nessus support stated that "File & Print Sharing" is required for
patch auditing


What is my other options?

Thanks


-----------------------------------------
Visit www.nyc.gov/hhc

CONFIDENTIALITY NOTICE: The information in this E-Mail may be
confidential and may be legally privileged. It is intended solely
for the addressee(s). If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to
be taken in reliance on this e-mail, is prohibited and may be
unlawful. If you have received this E-Mail message in error, notify
the sender by reply E-Mail and delete the message.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your
own exploits?
InfoSec Institute's Advanced Ethical Hacking class teaches you how to
write stack and heap buffer overflow exploits for Windows and Linux.
Gain your Certified Expert Penetration Tester (CEPT) cert as well.


http://www.infosecinstitute.com/courses/advanced_ethical_hacking_trainin
g.html


------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org

------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------