Accessed using the SMB protocol (with user credentials) to check installed software on the system as well as the patch levels.
Accessed using SSH with user credentials or SSH key.
- To access the Windows registry properly, the target system needs to have the Remote Registry service enabled and running.
- Open the Control Panel.
- Select Administrative Tools.
- Select Services.
- Right-click the Remote Registry Service and select Properties.
- Under Startup Type select Automatic from the drop-down menu.
- Check that the Remote Procedure Call service is also configured to startup automatically.
- For standalone target systems, that are not included in a local domain, it is important to set this registry key:
DWORD: LocalAccountTokenFilterPolicy = 1
- Have the File and Printer Sharing service enabled.
- If you are scanning multiple servers within a domain it is recommended to set up a user in the "Domain Administrators group". This will make it easier to manage permissions for the scanning centrally. External link:
How to setup a domain user account
- Set the SMB EncryptData to false.
In powershell , to list SMB configuration use following command
Get-SmbServerConfigurationTo set the SMB configuration to false, use the following command:
Set-SmbServerConfiguration -EncryptData $false
There are two ways to authenticate a Linux/UNIX system.
1. Using username and password. In order to use that option, you need to enable SSH Password Authentication. You must SSH in as root to edit the following file:
Then, change the line
2. Using username and RSA private key. You need to have a RSA private key and it's associated public key inside
/etc/ssh file. You should also have the associated public key inside
home/user/.ssh/authorized_keys. Also, when you provide the RSA private key, include the first line
-----BEGIN RSA PRIVATE KEY----- and the last line
-----END RSA PRIVATE KEY----- .