Scanning a x64 bit system

To:	nessus@list.nessus.org (Nessus)
Subject:	Scanning a x64 bit system
From:	jfvanmeter@comcast.net
Date:	Wed, 23 May 2007 12:29:18 +0000
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	nessus-list1@securepoint.com
Delivered-to:	nessus@list.nessus.org
List-archive:	<http://mail.nessus.org/pipermail/nessus>
List-help:	<mailto:nessus-request@list.nessus.org?subject=help>
List-id:	Discussion of Nessus software <nessus.list.nessus.org>
List-post:	<mailto:nessus@list.nessus.org>
List-subscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=subscribe>
List-unsubscribe:	<http://mail.nessus.org/mailman/listinfo/nessus>, <mailto:nessus-request@list.nessus.org?subject=unsubscribe>
Sender:	nessus-bounces@list.nessus.org

Has anyone had any problems scanning a X64 Windows 2003 SP2 R2 Server?

Here is the problem I'm having:

Security is set on the server using .inf files to per configure various 
security settings.  As a example 

a inf file is ran at the end of the build to configure telnet to have the 
following  ACL Admininstrators - Full and System - Full
"%SystemRoot%\system32\telnet.exe",2,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"

I also have a .audit file that checks the file perms

<file_acl: "2">

<user: "Administrators">
        acl_inheritance: "not inherited"
        acl_apply: "This folder, subfolders and files"
        acl_allow: "full control" 
        </user>

<user: "SYSTEM">
        acl_inheritance: "not inherited"
        acl_apply: "This folder, subfolders and files"
        acl_allow: "full control" 
        </user>

</acl>

<custom_item>
      type: FILE_PERMISSIONS
      description: "%SystemRoot%\system32\telnet.exe"
      value_type: FILE_ACL
      value_data: "1"
      file: "%SystemRoot%\system32\telnet.exe"
</item>

When I scan a 32 bit version of WIndows the out is what I would expect. 

When I scan a 64 bit version of Windows I get the following

general/tcp High "%SystemRoot%\system32\telnet.exe" : [FAILED]
[0] Administrators (1-5-32-544)
type: Allow
Apply To: "this folder, subfolders and files"
Inheritance: "not inherited"
Permission: "Special"

[1] SYSTEM (1-5-18)
type: Allow
Apply To: "this folder, subfolders and files"
Inheritance: "not inherited"
Permission: "Special"

[2] Administrators (1-5-32-544)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[3] CREATOR OWNER (1-3-0)
type: Allow
Apply To: "subfolders only"
Inheritance: "not inherited"
Permission: "Special"

[4] SYSTEM (1-5-18)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[5] Users (1-5-32-545)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[6] Everyone (1-1-0)
type: Allow
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

[7] Everyone (1-1-0)
type: Deny
Apply To: "this folder and subfolders"
Inheritance: "not inherited"
Permission: "Special"

When I manual check the ACL on c:\winnt\system32\Telnet.exe it shows 
Administrators - Full and System - Full .

 Could this be a issue casued by the WOW32 envirnment and the system32 
directory that gets remapped. Also whole parts of the registry and other system 
folders as well;



Thank You, again I'm sorry for the long email, and that I may have over load 
the info

Take Care and Have Fun --John



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

<Prev in Thread]	Current Thread	[Next in Thread>
Scanning a x64 bit system, jfvanmeter <= Re: Scanning a x64 bit system, Nicolas Pouvesle

Previous by Date:	GUI client for linux nessus 3, miraj
Next by Date:	Re: Scanning a x64 bit system, Nicolas Pouvesle
Previous by Thread:	NessusWX Timeout, Carl Agbayani
Next by Thread:	Re: Scanning a x64 bit system, Nicolas Pouvesle
Indexes:	[Date] [Thread] [Top] [All Lists]