Credential scanning in Nessus involves using valid login credentials to assess a system's security. It is crucial because it provides a more comprehensive evaluation of vulnerabilities by accessing deeper system information and enables the identification of risks that might be missed in non-credential scans. This approach enhances security assessments, aids in accurate risk prioritization, and helps organizations proactively address potential threats.
We will incorporate credentials into our Windows Scan saved on Nessus to enhance the depth of information retrieved during the scanning process.
Navigate to My Scans and select the Windows saved scan.
- On the top right corner of the page, Click on "Configure".
- Click on the "Credentials" section.
- Select "Windows" under SSH.
- When configurating Windows Credentials, there are four different authentication methods to choose from stated below.
- Password method: Requires the administrator or user password to be provided for authentication.
- Kerberos method: Used when the target system is joined to a domain.
- LM Hash and NTLM Hash Method: Used to perform authenticated scans.
- We will look at the Password method for now.
- We will need to fill in our username, password and domain name of our VM then click Save.
If you forgot your username and domain name for your VM.
- You can go to command prompt on Window VM and type in: whoami
A notification that the account used doesn't have the necessary privileges might appear if you try to run the scan.
This occurs because the non-default administrator account is automatically included in the local administrators group but lacks the necessary permissions to access all system files and settings.
You will need to apply these steps for Nessus to work.
- Go to the Windows VM > Go to the Windows Start Menu and search for services.
- Scroll down and find "Remote Registry" and click on it.
- Change the Startup type from "Disable" to "Automatic". Then Click Apply and OK.
- Go to the Windows Start Menu and search for "Change User Account Control settings".
- Change the setting to "Never notify". Then OK.
- This will prevent user account control prompts from interrupting our scan.
- Go to the Windows Start Menu and search for "Registry Editor". Right click on it and Run as Administrator.
- Click to expand on HKEY_LOCAL_MACHINE.
- Click to expand on SOFTWARE.
- Click to expand on MICROSOFT.
- Scroll down and click to expand on Windows.
- Click to expand on CurrentVersion.
- Scroll down and click to expand Policies.
- Click to expand on System.
- Go to the right side of screen and right click and click on new > DWORD (32-bit) value.
- This will create a new registry value.
- Rename the new registry value exactly: "LocalAccountTokenFilterPolicy"
- Double click on the DWORD value to change the policy.
- Change the Value data from "0" to "1" then click on OK.
This action activates the local account token filter policy, granting non-administrator accounts permission to access administrative resources within the system. When using remote procedure call.
Restart the VM to ensure the change is made.
Once this adjustment is placed, Nessus will leverage credential scanning capabilities to conduct thorough and comprehensive security assessments of your system.
Configurating The Credentials for Credential Scan
Credential scanning in Nessus involves using valid login credentials to assess a system's security. It is crucial because it provides a more comprehensive evaluation of vulnerabilities by accessing deeper system information and enables the identification of risks that might be missed in non-credential scans. This approach enhances security assessments, aids in accurate risk prioritization, and helps organizations proactively address potential threats.
We will incorporate credentials into our Windows Scan saved on Nessus to enhance the depth of information retrieved during the scanning process.
- On the top right corner of the page, Click on "Configure".
- Click on the "Credentials" section.
- Select "Windows" under SSH.
- When configurating Windows Credentials, there are four different authentication methods to choose from stated below. - Password method: Requires the administrator or user password to be provided for authentication. - Kerberos method: Used when the target system is joined to a domain. - LM Hash and NTLM Hash Method: Used to perform authenticated scans.
- We will look at the Password method for now. - We will need to fill in our username, password and domain name of our VM then click Save.
If you forgot your username and domain name for your VM. - You can go to command prompt on Window VM and type in: whoami
A notification that the account used doesn't have the necessary privileges might appear if you try to run the scan. This occurs because the non-default administrator account is automatically included in the local administrators group but lacks the necessary permissions to access all system files and settings. You will need to apply these steps for Nessus to work. - Go to the Windows VM > Go to the Windows Start Menu and search for services.- Scroll down and find "Remote Registry" and click on it.
- Change the Startup type from "Disable" to "Automatic". Then Click Apply and OK.
- Go to the Windows Start Menu and search for "Change User Account Control settings".
- Change the setting to "Never notify". Then OK. - This will prevent user account control prompts from interrupting our scan.
- Go to the Windows Start Menu and search for "Registry Editor". Right click on it and Run as Administrator.
- Click to expand on HKEY_LOCAL_MACHINE.
- Click to expand on SOFTWARE.
- Click to expand on MICROSOFT.
- Scroll down and click to expand on Windows.
- Click to expand on CurrentVersion.
- Scroll down and click to expand Policies.
- Click to expand on System.
- Go to the right side of screen and right click and click on new > DWORD (32-bit) value. - This will create a new registry value.
- Rename the new registry value exactly: "LocalAccountTokenFilterPolicy"
- Double click on the DWORD value to change the policy. - Change the Value data from "0" to "1" then click on OK.
This action activates the local account token filter policy, granting non-administrator accounts permission to access administrative resources within the system. When using remote procedure call. Restart the VM to ensure the change is made. Once this adjustment is placed, Nessus will leverage credential scanning capabilities to conduct thorough and comprehensive security assessments of your system.