search

laustinbam / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Share scanning not working #29

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create Scan profile
2. Start scan on share
3. Scan never starts/stops and I can not remove it from active scans!

What is the expected output? What do you see instead?
Share scan to start, it does not.

What version of the product are you using? On what operating system?
Latest VM image

Please provide any additional information below.

I can give more information if Knew what the logs says, when I go to the logs 
section of the webgui it states invalid name. (we are just trying one share, so 
"\\1.2.3.4\Temp", I even tried "1.2.3.4\Temp" and it still failed.  

I tried searching for this but could not find any issues relating directly to 
this.

Thank you! (great program, I sae your talk in blackhat as well)

Original issue reported on code.google.com by david...@gmail.com on 19 Aug 2011 at 3:24

GoogleCodeExporter commented 8 years ago 
What version of OpenDLP are you using? Is it the VM or is it a standalone 
install?

To access the share, are you using a username and password, a username and 
SMBHash, or no credentials?

Can you access the share from another Windows system with "net use"? For 
example:

net use \\1.2.3.4\Temp "password" /u:"workgroup\username"

Original comment by andrew.O...@gmail.com on 20 Aug 2011 at 2:56

GoogleCodeExporter commented 8 years ago 
Sorry about delay...

What version of OpenDLP are you using? Is it the VM or is it a standalone 
install?

>>Opendlp 0.4.1 running on virutal box VM.

To access the share, are you using a username and password, a username and 
SMBHash, or no credentials?

>>A domain admin account (right now for testing).  Username and password

Can you access the share from another Windows system with "net use"? For 
example:

net use \\1.2.3.4\Temp "password" /u:"workgroup\username"

>>C:\>net use h: \\abcxyz01\Temp PAssword /u:abcd\username
>>The command completed successfully.

I have also attached the screen shots of the steps I followed...

1) Profile configuration:
opendlp_share_profile_config.png

2) Share scan configuration
opendlp_share_scan_config.png

3) shows up in results (notice it has been deploying now for 17 hours!)
opendlp_share_ViewResults.png

4) If I try to look at the logs
opendlp_share_ViewLogs.png

5) I get the invalid name 
opendlp_share_ViewLogs2.png

Original comment by david...@gmail.com on 9 Sep 2011 at 1:18

Attachments:

GoogleCodeExporter commented 8 years ago 
Thanks for the updated screenshots. When I developed this feature, I only used 
an anonymous share to test whether it worked. I will configure a share to 
require credentials and see if I can duplicate the bug of the scan not starting.

I will also look into the bug with viewing logs, thanks.

Original comment by andrew.O...@gmail.com on 9 Sep 2011 at 2:39

GoogleCodeExporter commented 8 years ago 
Is there any way I can try commands on server itself to see what kind of errors 
I get?  (like smbmount or some perl/pythong command the sub-system uses)?  I 
would like to use the same method opendlp is using.

Original comment by david...@gmail.com on 13 Sep 2011 at 3:32

GoogleCodeExporter commented 8 years ago 
Yes. If you are using the OpenDLP VM 0.4.1 or 0.4.2, the Perl script used for 
agentless Windows scans is "/var/www/OpenDLP/bin/agentless.pl". I use the 
Filesys::SmbClient module, not any operating system commands like "smbmount".

The "agentless.pl" script will not work standalone without a bit of 
modification, but all of the code is there.

I have not yet had time to look into these bugs yet, but I should have some 
time in a few days.

Original comment by andrew.O...@gmail.com on 13 Sep 2011 at 5:57

GoogleCodeExporter commented 8 years ago 
I looked into both of these bugs and could not reproduce either of them.

I was able to successfully scan a Windows share on Windows XP 32-bit and 
Windows 7 64-bit using authentication credentials (not an anonymous share). The 
scans both ran fine and without issue.

I could not reproduce the log viewing bug either. I named my scans "at_share" 
and "at_share_win7-64", and I could view both of their logs. I am unsure how 
your scan named "Temporary_Share_Scan" was renamed to "\\1.2.3.4\Temp" (as 
shown in screenshots "opendlp_share_ViewLogs.png" and 
"opendlp_share_ViewLogs2.png".

I will be releasing 0.4.3 in the next week or so, so maybe you can try that 
version to see if it works.

Original comment by andrew.O...@gmail.com on 9 Oct 2011 at 4:37

GoogleCodeExporter commented 8 years ago 
I'm seeing a similar issue with the Virtualbox image - OpenDLP 0.4.2

I can run an Agent-based scan on a Windows machine with no problems at all.

But if I try to run a Windows Filesystem (agentless over SMB) or a Windows 
Share (agentless over SMB) I see the following:

If if go to View Scans/Results, select the scan, and click View Scan Results, 
the 'Step' for the scans is always -1: Deploying (over 24 hours)

I started tcpdump on the OpenDLP system (the Virtualbox guest that is runnning 
OpenDLP) and I do not see any traffic from the OpenDLP system to the Windows 
host at all (I have started multiple agentless scans while running tcpdump).

If I run tcpdump in this manner and start an agent-based scan then, of course, 
I do see the traffic

It appears that OpenDLP is not even attempting to start the agentless scans on 
Windows systems in my environment

Is there something that I am overlooking or a recommended way to debug this?

Thanks

Original comment by hcorb...@gmail.com on 21 Oct 2011 at 12:42

GoogleCodeExporter commented 8 years ago 
Hello hcorbett,

I have still been unable to reproduce this bug against a 32-bit Windows XP 
target and a 64-bit Windows 7 target, so can you answer the following 
questions?  Thanks.

What version is the Windows target system (2000/XP/Vista/7) and is it 32-bit or 
64-bit?

Is this system standalone or part of a domain?

Are you using a username and password to authenticate, or a username and 
SMBhash?

Are you specifying an IP address or a hostname in the OpenDLP target list?

From another Windows system, does the following command work when you replace 
"1.2.3.4" with the target system's real IP address?

net use \\1.2.3.4\C$ "password" /u:domain\username

Original comment by andrew.O...@gmail.com on 21 Oct 2011 at 1:38

GoogleCodeExporter commented 8 years ago 
Hello Andrew,

I have tried Windows Server 2008 (64 bit) and Windows Server 2003 (32 bit) 
target systems

The systems are part of a domain

I am using a username and password - I have tried with an admin user/pw and a 
domain user username/pw

I have tried both the IP address and the hostname in the following forms
hostname
\\hostname
ip_address
\\ip_address
\\hostname\share (for share scan)
\\ip\share (for share scan)

Yes, the net use command completes successfully

I don't think its a permissions problem or anything like that. I'm monitoring 
the traffic (tcpdump) on the OpenDLP box and I never see any traffic to/from 
the IP address that I attempt to scan when I'm doing the Windows agentless 
scans. I do see the traffic when I do a Windows agentbased scan so I know that 
my tcpdump is working

Thanks
Heath

Original comment by hcorb...@gmail.com on 24 Oct 2011 at 2:57

GoogleCodeExporter commented 8 years ago 
Hi David and Heath,

Another user reported a similar bug in issue #36 
(http://code.google.com/p/opendlp/issues/detail?id=36), but he then did some 
digging and found out the error was caused by converting my VirtualBox VM to be 
used as a VMware VM.  Are you guys also using a converted image inside VMware?  
If so, can you try my image in VirtualBox to see if you experience the same 
issue?

If it is a problem with VMware, I will start to release both VirtualBox and 
VMware VMs when I release 0.4.3 or 0.5.

Original comment by andrew.O...@gmail.com on 25 Oct 2011 at 10:05

GoogleCodeExporter commented 8 years ago 
Hi Andrew,

Thanks for the update

I am running the image in VirtualBox 4.1.4 r74291 on an Ubuntu 11.10 32 bit host

I wonder if it has something to do with the version of Virtual Box? I have 
another machine running Ubuntu 10.04 64 bit with Virtual Box version 3.1.6_OSE 
r59338 that I have not tried the OpenDLP image on. I'll shut down the image on 
the newer version of Ubuntu/Virtual Box and try it on the older versions

Heath

Original comment by hstprodu...@gmail.com on 26 Oct 2011 at 12:28

GoogleCodeExporter commented 8 years ago 
Yes it is a Virtual Box image!

-- 
=========
"So we went to Atari and said, 'Hey, we've got this amazing thing, even
built with some of your parts, and what do you think about funding us? Or
we'll give it to you. We just want to do it. Pay our salary, we'll come
work for you.' And they said, 'No.' So then we went to Hewlett-Packard, and
they said, 'Hey, we don't need you. You haven't got through college yet.'"

� Steve Jobs

Original comment by david...@gmail.com on 31 Oct 2011 at 12:01

GoogleCodeExporter commented 8 years ago 
In the OpenDLP profile, what if you do not use whitespace in the profile name? 
Another user was having this issue and he had whitespace characters in his 
profile name. Removing the whitespace characters fixed this issue for him.

Original comment by andrew.O...@gmail.com on 6 Jan 2012 at 9:49

GoogleCodeExporter commented 8 years ago 
I have released OpenDLP 0.4.3, which should fix this bug.

Original comment by andrew.O...@gmail.com on 7 Jan 2012 at 10:36

GoogleCodeExporter commented 8 years ago 
Great! Thank you!

Original comment by david...@gmail.com on 8 Jan 2012 at 2:34