Enumerating enitre windows user/group browse list

Matt matt at est.ibm.com
Mon Nov 22 11:00:44 EST 2004 

Hi,

Thanks, i actually tried this at the time and it was only able to pull 
the local user list down off the box where as Nessus was able to pull 
the host SID that could be used to enumerate the names of the local 
users on the host and the domain SID that could be used to enumerate the 
names of the users on the domain.

I was not able to pull down the domain list from the box using 
dumpsec... Nessus connected to the remote host using a NULL session.

Any advice or tips/techniques?

Many thanks

~ Matt.

JBRATTON at torchmarkcorp.com wrote:

>Hi Matt-
>
>>From Windows try "Net view \\computername " or "Net view /Domain:<insert
>domain here>"
>
>You may also want to try DumpACL (now called dumpsec), which can be had for
>free at http://systemtools.com/somarsoft.  This tool works pretty well
>although some of the functionality is broken and some won't work for
>anything besides NT4.
>
>If you're running with an admin ID on your local network this is probably
>normal and OK for your average Win server - if you're getting this from the
>outside you're in trouble.
>
>
>
>
>
>
>  
>
>>-----Original Message-----
>>From: nessus-bounces at list.nessus.org [mailto:nessus-
>>bounces at list.nessus.org] On Behalf Of Matt
>>Sent: Monday, November 22, 2004 8:26 AM
>>To: nessus at list.nessus.org
>>Subject: Enumerating enitre windows user/group browse list
>>
>>Hi,
>>
>>While enumerating a domain with a large browse list on the remote host
>>Nessus came up with the below on the report ::
>>
>>"Warning  -   microsoft-ds (445/tcp)"
>>"Here is the browse list of the remote host :
>>WARNING - LARGE BROWSE LIST.
>>Only the first 165 names enumerated"
>>
>>Is it possible for Nessus to display the entire browse list? I am
>>assuming this is a plugin change or modification as i can not find any
>>information on obtaining the full browse list as this would of been
>>useful for reporting.
>>
>>It would be nice to enumerate the entire list unless someone can suggest
>>another method of doing this and displaying it...
>>
>>Many Thanks
>>
>>~ Matt.
>>_______________________________________________
>>Nessus mailing list
>>Nessus at list.nessus.org
>>http://mail.nessus.org/mailman/listinfo/nessus
>>    
>>
>----------------------------------------------------------------------------
>This message contains information which is privileged and confidential and
>is solely for the use of the intended recipient.  If you are not the
>intended recipient, be aware that any review, disclosure, copying,
>distribution, or use of the contents of this message is strictly prohibited.
>If you have received this in error, please destroy it immediately and notify
>us at PrivacyAct at torchmarkcorp.com.
>_______________________________________________
>Nessus mailing list
>Nessus at list.nessus.org
>http://mail.nessus.org/mailman/listinfo/nessus
>  
>

More information about the Nessus mailing list