How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Michael Hannigan Your Own Question

Michael Hannigan
Michael Hannigan, Engineer
Category: Computer Hardware
Satisfied Customers: 11190
Experience:  25+ Years Experience in Computer Hardware. MCSE, MCP, ICCP - Asus, Acer, Dell, HP, Compaq, Sony, Alienware, Lenovo.
23511658
Type Your Computer Hardware Question Here...
Michael Hannigan is online now
A new question is answered every 9 seconds

I have Kali 2.0, OpenVAS 8, OpenVAS Manager v 6.0.1, OpenVAS

Customer Question

I have Kali 2.0, OpenVAS 8, OpenVAS Manager v 6.0.1, OpenVAS Scanner 5.0.1 (DB rev 146), Greenbone, that I’ve downloaded from the Kali VMWare page, running in one VMWare Player and a Windows 7 target in a second VMWare Player and I’m trying to do an external credentialed scan.
I disabled the Firewall in the Windows 7 target and set up an Administrator account with no password ***** make sure I had an obvious vulnerability which would only be seen by a credentialed scan. I also enabled the Guest account.
I can ping the Windows 7 target from Kali Linux so I know there’s a connection.
I then went to Scan Management -> Purple Wand -> Advanced Task Wizard to create a number of tasks with the above credential selected under SMB credential. I also created and downloaded an autogenerated credential which I copied over and ran as Administrator on the Windows 7 target. I tried all combinations of SMB credential, autogenerated SMB credential, Full and Very Fast, Full and Very Fast Ultimate, Full and Very Deep, and Full and Very Deep Ultimate.
The credentialed scans created the exact same number of vulnerabilities as a non-credentialed scans except that it said that it was able to login to the remote host using the SMB protocol (“SMB log in”) and found “Microsoft Windows SMB Accessible Shares” but it did not pick up on the admin account without a password ***** Guest account. The only vulnerabilities it found were only related to the Firewall being turned off, so it appears to me that while it can login, it is not really doing a credentialed scan. At best it had a log of 12 findings, I would expect to see maybe 45 findings like I used to see when I was doing Nessus PCI scans.
Submitted: 1 year ago.
Category: Computer Hardware
Expert:  Michael Hannigan replied 1 year ago.

Hello. My name is***** can help you with your question. I did read through the information here. So we are on the same page, can you please sum up what you're asking for from me with a one sentence question?