🤓
TurvSec Wiki
  • 👨‍💻Who is Mr Turvey
  • Blogs and Notes
    • Techie Blogs
      • Troubleshooting Nessus
      • Bypassing CAPTCHA
      • How to Proxy Linux Traffic
    • Miscellaneous Blogs
      • PSD2 and Open Banking
      • Cheap Pen Testing
      • Top 10 Pen Testing Tools
      • Scoping Web Applications
  • Web App Testing
    • 🌍Content Discovery
      • 🔎Subdomain Enumeration
      • 📃Dir & Page Enumeration
    • 💉Injections
      • CSV Injection
    • 🕸️JSON WEB TOKENS
    • 🔏Testing SSL/TLS
    • 📮Testing APIs with POSTMAN
  • Offensive Security
    • 🎣Phishing with Evilginx2
    • 🔐WPA2 Cracking
  • Physical Security
    • 👨‍✈️Social Engineering
  • Tools
    • Burp2API - BurpSuite to JSON
    • allthewayback - Search Wayback
    • Thicc - Thick App Testing Aid
Powered by GitBook
On this page
  • Windows
  • Windows Firewall
  • Windows Services
  • Registry Keys and Local Security Policy
  • SMB 1.0
  • Linux
  • SUDO vs Root
  • SSHD_CONFIG
  • Hosts.Allow
  1. Blogs and Notes
  2. Techie Blogs

Troubleshooting Nessus

How to solve various Nessus credentialed audit problems.

PreviousTechie BlogsNextBypassing CAPTCHA

Last updated 2 years ago

When you are trying to use Nessus to perform a credentialed audit of a Linux or Windows host, you may run into an issue where Nessus will not fully perform the credentialed audit.

You may see an error like this:

Don't worry! Here's a list of things you can do to prevent this error and perform the full scan.

Windows

Windows Firewall

If you're scanning a Windows host, one of the most likely blockers is Windows Firewall.

On the Windows host, firstly open the firewalls "inbound rules" settings, shown above

Then ALLOW all services for ports 137, 139 and 445

Windows Services

If you're scanning a Windows host, another likely blocker is a Windows service not running. There are two services that need to be running, so open up Windows services and lets search:

The first service you need to check is the "Remote Registry" service:

If the service is not running, double click it and select startup type "disabled". Then press "start"

The second service you need to check is the "WMI" service:

Registry Keys and Local Security Policy

If you're scanning a Windows host, another likely blocker is registry keys. There are two keys that sometimes need to be set, so open up regedit and let's set them:

The first registry key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SmbServerNameHardeningLevel = 1

The next registry key is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy = 1

Finally, go to the Local Security Policy show below and set "Server SPN target name validation level" to "Required from client":

SMB 1.0

If you're scanning a Windows host, an unlikely blocker is the SMB v1 service not running. This should never be a problem but it's something to try. To turn SMBv1 on, go to Windows Features and check the "SMB 1.0/CIFS File Sharing Support" box:

Linux

SUDO vs Root

To perform a nessus audit on Linux, the user must be root or in the SUDO group, Take a look at /etc/sudoers to ensure the user you are using is present.

SSHD_CONFIG

To perform a nessus audit on Linux, Nessus needs to login using SSH. Take a look at the following file to ensure that there are no blockers etc/ssh/sshd_config mentioned below:

If your user is the root user, "PermitRootLogin" must be set to "yes":

If you are trying to login with a password, "PasswordAuthentication" must be set to "yes":

Hosts.Allow

To perform a nessus audit on Linux, Nessus needs to login using SSH. There is a file called etc/hosts.allow that is sometimes used on Linux hosts to restrict access. In this instance, you will need to set the IP Address of the connecting Nessus host in this file:

If you want to see these tips in practice, take a look at the video below:

Nessus "Authentication Failure" error.
Firewall settings.
All ports using 137.
All ports using 139.
All ports using 445.
Remote Registry service is running.
Starting the Remote Registry service.
WMI service is running.
Setting SmbServerNameHardeningLevel to 1.
Setting LocalAccountTokenFilterPolicy to 1.
Local Security Policy settings.
Enabling SMB1.0.
pentest user has full "ALL" access to the host.
PermitRootLogin set to yes.
Password authentication set to yes.
Setting nessus IP address.