Vulners
Lucene search
Login configurations
#TRUSTED 4c4467afd2d9ba6ab57f22d25084ff2db5ff5d88f3ef75db3e7fd8dac7ce5f24afc78451a25cc6515e3498cd8ae29ff7509bad34e854eb2fcaa8e96444e953e17394edbee7a454b46be9a6c8375b2ecd19a506397440e20010637a5e110f08baeba1d039c20a34673f7965f8f51a2c72639746c29282a1e39e3d8cbafc92c6d212044b63a1372cdda319986956f2c978c86e0c8b27453dca1e8eed222b43e38b35ac89aa018124231d326706f637c2df5c8516d7e82112e2cd935b3dcfa2174f5a3c45061047c5367062310802d498720e7d314f9a66b3ea5fcd5dcd79bddd2c37719c137ecf7f8a9db7f6f637a2b5da2cd851a813a6a02cf5fc16c5bd5cf9ec418c9e644ba32220609966d873e1c1c961f9cd5b081dcf814c2ba3d555758233c6b46be7ddc3078a5c8c59e3070aa59b313704238e5679f55db912b6177fa05f78110d6a7d51bff017b408b5d5e896c99498e4b047f2b1c417214888310d078bcc10f9525d6ee4c6189256a8aee87649eab9515d6892719eeda6dd6ab94e21cfc8b13e18a6089b9cc52851f085d2cd41433e50cdaf998a95a74cc8f3a39271b6f4ac042c42211eb6a89aadb70e514dabd79666bca097d80e7b7256fe6bb97b63346bc0dc7ff9c936210f921e0bc1fc49216a30acb4929b1b1aaa5535faf132702ad0a9114732c8ecc4dd5f6ff106273e72073f1200856f2a526380262ec4ca45
#TRUST-RSA-SHA256 8e1cfb66edefb07ec38090f8e39104fc20c5a9eb1bd174a4c913719aa602fb995b81c056ef6bc38cc650c0a5ddadd085b36018bfa8ea58729cec32085b9f90681a03695e0d2821f8e4666d0a292b9abfaecbb8a663d865ffd921651d946278fca393f90182475c10225a2bd6e41ed2edc8cc2dcb63464695bab26883084247d0397cb8afe94d941609517add0711af0d12d401ca545c9cb9bd4e502231562895e75154c0768094d110bcb3cc3b79ab5d4ded0ee24a1227155f78a04cc5c083466a3983d972dd07b089aac6d0c9dc2cc559adf87bddd9424c7ec7665cc483f4f140461b572977fdf4788c6afbe9ccf08776621a3853910f820a5d821bf91fdc67f64a45e2a328b9cdbf92592224fb6cbf668cdae023bc9ec78c2d398b28d7015ec8638171dbc60a3f437f55f400d3aa531d6c4a519c0541a1cd2cd7f0210c513a9b97ae28ecb93f1bb16e0e3cfd4902fb8e6d497101bcbfcdc83a85a90e632efa867cc9ce4e43dd36ce8fdf8dbc1a22e14e736a344fff69cf0305025305253fbae7130993d39fe7af60fb4a958bace1b5e4d79265b4edfb3b6ab0edb1883e55e343556d2e62f62723926f26e85c9307805add593afb7c63e1cdc495d6f0599f32f0df7329ab0ccd59ea1a747888befde87be35f133ab8e3525d988d3c76ff3ecb63dc3f5b42d3cad42dc49958b5383e8c97d89c49e7c9a5e8cbaae65b3fe5d2f7
#
# (C) Tenable Network Security, Inc.
#
# @PREFERENCES@
include("compat.inc");
global_var MAX_ADDITIONAL_SMB_LOGINS;
MAX_ADDITIONAL_SMB_LOGINS = 3;
if (description)
{
script_id(10870);
script_version("1.117");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/13");
script_name(english:"Login configurations");
script_summary(english:"Logins for HTTP, FTP, NNTP, POP2, POP3, IMAP, IPMI, and SMB.");
script_set_attribute(attribute:"synopsis", value:
"Miscellaneous credentials.");
script_set_attribute(attribute:"description", value:
"This plugin provides the username and password credentials for common
servers, such as HTTP, FTP, NNTP, POP2, POP3, IMAP, IPMI, and SMB
(NetBios).
Some plugins will use those credentials when needed. If you do not
provide the credentials, those plugins will not be able to run.
Note that this plugin does not do any security checks.");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2002/03/04");
script_set_attribute(attribute:"plugin_type", value:"settings");
script_end_attributes();
script_category(ACT_SETTINGS);
script_family(english:"Settings");
script_dependencies("datapower_settings.nasl");
script_copyright(english:"This script is Copyright (C) 2015-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_add_preference(name:"HTTP account :", type:"entry", value:"");
script_add_preference(name:"HTTP password (sent in clear) :", type:"password", value:"");
script_add_preference(name:"NNTP account :", type:"entry", value:"");
script_add_preference(name:"NNTP password (sent in clear) :", type:"password", value:"");
script_add_preference(name:"FTP account :", type:"entry", value:"anonymous");
script_add_preference(name:"FTP password (sent in clear) :", type:"password", value:"[email protected]");
script_add_preference(name:"FTP writeable directory :", type:"entry", value: "/incoming");
script_add_preference(name:"POP2 account :", type:"entry", value:"");
script_add_preference(name:"POP2 password (sent in clear) :", type:"password", value:"");
script_add_preference(name:"POP3 account :", type:"entry", value:"");
script_add_preference(name:"POP3 password (sent in clear) :", type:"password", value:"");
script_add_preference(name:"IMAP account :", type:"entry", value:"");
script_add_preference(name:"IMAP password (sent in clear) :", type:"password", value:"");
script_add_preference(name:"IPMI account :", type:"entry", value:"");
script_add_preference(name:"IPMI password (sent in clear) :", type:"password", value:"");
script_add_preference(name:"SMB account :", type:"entry", value:"");
script_add_preference(name:"SMB password :", type:"password", value:"");
script_add_preference(name:"SMB domain (optional) :", type:"entry", value:"");
script_add_preference(name:"SMB password type :", type:"radio", value:"Password;LM Hash;NTLM Hash");
for(var i=1 ; i <= MAX_ADDITIONAL_SMB_LOGINS ; i++)
{
script_add_preference(name:"Additional SMB account (" + i + ") :", type:"entry", value:"");
script_add_preference(name:"Additional SMB password (" + i + ") :", type:"password", value:"");
script_add_preference(name:"Additional SMB domain (optional) (" + i + ") :", type:"entry", value:"");
}
if(defined_func("MD5")) script_add_preference(name:"Never send SMB credentials in clear text", type:"checkbox", value:"yes");
if(defined_func("MD5")) script_add_preference(name:"Only use NTLMv2", type:"checkbox", value:"no");
script_add_preference(name:"Only use Kerberos authentication for SMB", type:"checkbox", value:"no");
script_dependencies("kerberos.nasl", "pam_smb_auto_collect.nbin", "wmi_windows_laps.nbin");
exit(0);
}
include('http_semantics.inc');
include("ssl_funcs.inc");
include("cyberark.inc");
include("cyberarkrest.inc");
include("beyondtrust.inc");
include("lieberman.inc");
include("hashicorp.inc");
include("arcon.inc");
include("thycotic.inc");
include("centrify.inc");
include("wallix.inc");
include("delinea.inc");
include("senhasegura.inc");
include("qianxin.inc");
include("fudo.inc");
include("cyberark_secretsmgr.inc");
include("ms_graph_api.inc");
include("debug.inc");
global_var result_list;
result_list = make_list();
if (get_kb_item("TEST/is_test"))
{
result_list = get_kb_item("TEST/test_list");
if (result_list)
result_list = deserialize(result_list);
else
result_list = make_list();
}
#####
### Credential Values
#####
##
# HTTP
##
function http_credential_setup()
{
var http_login, http_password, authstr;
http_login = script_get_preference("HTTP account :");
http_password = script_get_preference("HTTP password (sent in clear) :");
if (http_login && http_password)
{
set_kb_item(name:http::KB_USERNAME, value:string(http_login));
set_kb_item(name:http::KB_PASSWORD, value:string(http_password));
authstr = http::build_basic_auth(username:http_login, password:http_password);
# An error should never occur here but let's exercise caution just in case.
if (dbg::is_error(authstr))
{
dbg::log_error(msg:'An error occurred while trying to create the Basic auth KB item.');
return NULL;
}
authstr = "Authorization: " + authstr;
set_kb_item(name:"http/auth", value:authstr);
}
return NULL;
}
##
# NNTP
##
function nntp_credential_setup()
{
local_var nntp_login, nntp_password;
# NNTP
nntp_login = script_get_preference("NNTP account :");
nntp_password = script_get_preference("NNTP password (sent in clear) :");
if (nntp_login)
{
if(nntp_password)
{
set_kb_item(name:"nntp/login", value:nntp_login);
set_kb_item(name:"nntp/password", value:nntp_password);
}
}
}
##
# FTP
##
function ftp_credential_setup()
{
local_var ftp_login, ftp_password, ftp_w_dir, ftp_auth_info;
# FTP
ftp_login = script_get_preference("FTP account :");
ftp_password = script_get_preference("FTP password (sent in clear) :");
ftp_w_dir = script_get_preference("FTP writeable directory :");
ftp_auth_info = ftp_login+ftp_password;
if (supplied_logins_only && ftp_auth_info == "[email protected]")
{
return NULL;
}
else
{
if (!ftp_w_dir) ftp_w_dir=".";
set_kb_item(name:"ftp/writeable_dir", value:ftp_w_dir);
if(ftp_login)
{
if(ftp_password)
{
set_kb_item(name:"ftp/login", value:ftp_login);
set_kb_item(name:"ftp/password", value:ftp_password);
}
}
}
}
##
# pop2
##
function pop2_credential_setup()
{
local_var pop2_login, pop2_password;
# POP2
pop2_login = script_get_preference("POP2 account :");
pop2_password = script_get_preference("POP2 password (sent in clear) :");
if(pop2_login)
{
if(pop2_password)
{
set_kb_item(name:"pop2/login", value:pop2_login);
set_kb_item(name:"pop2/password", value:pop2_password);
}
}
}
##
# POP3
##
function pop3_credential_setup()
{
local_var pop3_login, pop3_password;
pop3_login = script_get_preference("POP3 account :");
pop3_password = script_get_preference("POP3 password (sent in clear) :");
if(pop3_login)
{
if(pop3_password)
{
set_kb_item(name:"pop3/login", value:pop3_login);
set_kb_item(name:"pop3/password", value:pop3_password);
}
}
}
##
# IMAP
##
function imap_credential_setup()
{
local_var imap_login, imap_password;
imap_login = script_get_preference("IMAP account :");
imap_password = script_get_preference("IMAP password (sent in clear) :");
if(imap_login)
{
if(imap_password)
{
set_kb_item(name:"imap/login", value:imap_login);
set_kb_item(name:"imap/password", value:imap_password);
}
}
}
##
# IPMI
##
function ipmi_credential_setup()
{
local_var ipmi_login, ipmi_password;
ipmi_login = script_get_preference("IPMI account :");
ipmi_password = script_get_preference("IPMI password (sent in clear) :");
if(ipmi_login)
{
if(ipmi_password)
{
set_kb_item(name:"ipmi/login", value:ipmi_login);
set_kb_item(name:"ipmi/password", value:ipmi_password);
}
}
}
##
# SMB
##
function smb_credential_setup()
{
local_var smb_login, smb_password, smb_password_type, results_array,
p_type, smb_domain, smb_ctxt, smb_ntv1, kdc_host, kdc_port,
kdc_transport, kdc_use_tcp, j, i, smb_creds_prefix, smb_creds_postfix;
var only_ntlmv2 = get_preference("Login configurations[checkbox]:Only use NTLMv2");
var never_cleartext = get_preference("Login configurations[checkbox]:Never send SMB credentials in clear text");
if(only_ntlmv2 == "yes" || never_cleartext == "yes")
set_kb_item(name:"SMB/dont_send_in_cleartext", value:TRUE);
if(only_ntlmv2 == "yes")
set_kb_item(name:"SMB/dont_send_ntlmv1", value:TRUE);
j = 0;
for ( i = 0 ; i <= MAX_ADDITIONAL_SMB_LOGINS || (defined_func("nasl_level") && nasl_level() >= 6000); i ++ )
{
# The loop condition will succeed if i is less than MAX_ADDITIONAL_SMB_LOGINS or the nessus version is greater
# than 6.0 . This work with a check at the end of the loop to verify that if it is greater than 6.0 we break
# on the first set of null credentials.
if (i > 0)
{
smb_creds_prefix = "Additional ";
smb_creds_postfix = " (" + i + ") :";
}
else
{
smb_creds_prefix = "";
smb_creds_postfix = " :";
}
smb_login = script_get_preference(smb_creds_prefix+"SMB account"+smb_creds_postfix);
smb_password = script_get_preference(smb_creds_prefix+"SMB password"+smb_creds_postfix);
smb_domain = script_get_preference(smb_creds_prefix+"SMB domain (optional)"+smb_creds_postfix);
# In nessus >= 6 there can be different kerberos settings for each set of creds.
# if nessus < 6, data read by kerberos.nasl is used for all creds
kdc_host = script_get_preference(smb_creds_prefix+"SMB Kerberos KDC"+smb_creds_postfix);
kdc_port = script_get_preference(smb_creds_prefix+"SMB Kerberos KDC Port"+smb_creds_postfix);
kdc_transport = script_get_preference(smb_creds_prefix+"SMB Kerberos KDC Transport"+smb_creds_postfix);
kdc_use_tcp = FALSE;
if (!kdc_transport || ";" >< kdc_transport || kdc_transport == "tcp")
kdc_use_tcp = TRUE;
# this new preferences will be introduced along with Nessus 6. in order to
# maintain backwards compatibility with policies created under older scanners,
# the password type set by the original preference (see SMB/password_type/0 above)
# will be used as the default value for all additional SMB accounts
if (script_get_preference(smb_creds_prefix+"SMB password type"+smb_creds_postfix))
{
smb_password_type = script_get_preference(smb_creds_prefix+"SMB password type"+smb_creds_postfix);
}
else
{
smb_password_type = "";
}
if ("Password" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"Password");
p_type = 0;
}
else if ("NTLM Hash" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"NTLM Hash");
p_type = 2;
}
else if ("LM Hash" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"LM Hash");
p_type = 1;
}
else if (cyberark_secretsmgr::auth_string_is_secretsmgr(smb_password_type))
{
set_kb_item(name:"target/auth/method", value:"CyberArk Secrets Manager");
smb_creds_prefix += "SMB PAM ";
p_type = 0;
# 'CyberArk Secrets Manager' aka 'conjur'
var secretsmgr_result = cyberark_secretsmgr::get_credential(prefix:smb_creds_prefix, postfix:smb_creds_postfix, domain:smb_domain);
if (dbg::is_error(secretsmgr_result))
{
dbg::log_error(msg:"Failed to retrieve CyberArk Secrets Manager PAM SMB credentials.");
}
else
{
dbg::detailed_log(lvl:2, src:SCRIPT_NAME, msg:
"Successfully retrieved CyberArk Secrets Manager PAM SMB credentials."
);
smb_login = secretsmgr_result.username;
smb_password = secretsmgr_result.password;
if (secretsmgr_result.domain)
{
smb_domain = secretsmgr_result.domain;
}
}
}
else if ("CyberArk" >< smb_password_type)
{
if (script_get_preference(smb_creds_prefix+"SMB CyberArk Host"+smb_creds_postfix))
{
set_kb_item(name:"target/auth/method", value:"CyberArk");
smb_password = cark_get_password(login:smb_login, domain:smb_domain, prefix:smb_creds_prefix + "SMB ", postfix:smb_creds_postfix);
p_type = 0;
}
else if ("Auto-Discovery" >< smb_password_type)
{
var pam = cyberark_auto_collect::pam;
var kb_path = "/auto_smb/";
# set parameter vars for AIM Webservice query to fetch password
var object = get_kb_item(pam + kb_path + "object");
var safe = get_kb_item(pam + kb_path + "safe");
var address = get_kb_item(pam + kb_path + "address");
smb_domain = get_kb_item(pam + kb_path + "domain");
smb_login = get_kb_item(pam + kb_path + "username");
if (empty_or_null(object) || empty_or_null(safe) || empty_or_null(address))
{
spad_log(message:"Host did not contain 1 or more CyberArk query parameter values. Will not attempt to retrieve password.");
}
else
{
var ca_result = cyberark_auto_collect::get_AIM_secret(settings:"Login configurations", prefix:smb_creds_prefix + "SMB ", postfix:smb_creds_postfix, safe:safe, username:smb_login, address:address, object:object);
if (!ca_result.success)
{
spad_log(message:"Failed to retrieve password for CyberArk Windows Host.");
}
else
{
smb_password = ca_result.password;
p_type = 0;
}
}
}
else
{
set_kb_item(name:"target/auth/method", value:"CyberArk REST");
local_var cyberark_result;
smb_creds_prefix += "SMB PAM ";
cyberark_result = cyberark::cyberark_rest_get_credential(username:smb_login, domain:smb_domain, prefix:smb_creds_prefix, postfix:smb_creds_postfix);
if (cyberark_result.success)
{
smb_password = cyberark_result.password;
smb_login = cyberark_result.username;
smb_domain = cyberark_result.domain;
}
p_type = 0;
}
}
else if ("Thycotic" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"Thycotic");
smb_password = thycotic_smb_get_password(account:smb_login, prefix:smb_creds_prefix, postfix:smb_creds_postfix);
p_type = 0;
}
else if ("BeyondTrust" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"BeyondTrust");
var beyondtrust_result;
beyondtrust_result = beyondtrust::get_password(login:smb_login, prefix:smb_creds_prefix + "SMB ", postfix:smb_creds_postfix);
if(beyondtrust_result.success)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Successfully retrieved BeyondTrust PAM SMB credentials.");
smb_password = beyondtrust_result.body;
if (beyondtrust_result.domain)
{
smb_domain = beyondtrust_result.domain;
}
p_type = 0;
}
else
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Failed to retrieve BeyondTrust PAM SMB credentials.");
}
}
else if ("Lieberman" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"Lieberman");
smb_password = lieberman_get_password(login:smb_login, type: "OS_Windows", domain:smb_domain, prefix:smb_creds_prefix + "SMB ", postfix:smb_creds_postfix);
smb_password = smb_password.body.Password;
p_type = 0;
}
else if ("Centrify" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"Centrify");
local_var centrify_result;
centrify_result = centrify_get_credential(username:smb_login,prefix:smb_creds_prefix+"SMB ",postfix:smb_creds_postfix);
if (centrify_result.success){
smb_password = centrify_result.password;
smb_login = centrify_result.username;
p_type = 0;
}
}
else if ("Hashicorp" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"Hashicorp");
local_var hashicorp_result;
hashicorp_result = hashicorp::get_credential(username:smb_login,prefix:smb_creds_prefix+"SMB ",postfix:smb_creds_postfix);
if (hashicorp_result.success){
smb_password = hashicorp_result.password;
smb_login = hashicorp_result.username;
if (!empty_or_null(hashicorp_result.domain)) smb_domain = hashicorp_result.domain;
p_type = 0;
}
}
else if ("Arcon" >< smb_password_type)
{
set_kb_item(name:"target/auth/method", value:"Arcon");
local_var arcon_result;
arcon_result = arcon::get_credential(username:smb_login, prefix:smb_creds_prefix+"SMB ", postfix:smb_creds_postfix, type:'Windows');
if (arcon_result.success){
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Successfully retrieved Arcon PAM SMB credentials.");
if(arcon_result.password)
{
smb_password = arcon_result.password;
}
if(arcon_result.username)
{
smb_login = arcon_result.username;
}
if(arcon_result.domain)
{
smb_domain = arcon_result.domain;
}
p_type = 0;
}
}
else if ("Wallix" >< smb_password_type)
{
set_kb_item(name: "target/auth/method", value:"Wallix");
var wallix_result;
wallix_result = wallix::rest_get_credential(prefix: smb_creds_prefix+"SMB ", postfix: smb_creds_postfix);
if (wallix_result.success)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Successfully retrieved Wallix PAM SMB credentials.");
if (wallix_result.password)
{
smb_password = wallix_result.password;
}
if (wallix_result.username)
{
smb_login = wallix_result.username;
}
if (wallix_result.domain)
{
smb_domain = wallix_result.domain;
}
p_type = 0;
}
else
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Failed to retrieve Wallix PAM SMB credentials.");
}
}
else if ("Delinea" >< smb_password_type && "Auto-Discovery" >< smb_password_type)
{
dbg::detailed_log(
lvl:2,
src:FUNCTION_NAME,
msg:"Using Delinea Secret Server PAM SMB Auto-Discovery credentials."
);
# The '0' index is for potential future support where we have multiple credential
# sets per host. The 'i' index is the index at which the 'auto-discovery' credential
# was configured in the scan policy, which itself is also usually '0'.
smb_login = get_kb_item('Secret/integrations/'+i+'/0/SMB/username');
smb_password = get_kb_item('Secret/integrations/'+i+'/0/SMB/password');
smb_domain = get_kb_item('Secret/integrations/'+i+'/0/SMB/domain');
}
else if("Delinea" >< smb_password_type)
{
set_kb_item(name: "target/auth/method", value:"Delinea");
var delinea_result;
delinea_result = delinea::rest_get_creds(prefix: smb_creds_prefix+"SMB ", postfix: smb_creds_postfix);
if(delinea_result.success)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Successfully retrieved Delinea Secret Server PAM SMB credentials.");
smb_password = delinea_result.secrets.password;
smb_login = delinea_result.secrets.username;
if (delinea_result.secrets.domain)
{
smb_domain = delinea_result.secrets.domain;
}
p_type = 0;
}
else
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Failed to retrieve Delinea Secret Server PAM SMB credentials.");
}
}
else if ("Senhasegura" >< smb_password_type)
{
set_kb_item(name: "target/auth/method", value:"Senhasegura");
var senha_result;
senha_result = senhasegura::get_credential(prefix: smb_creds_prefix+"SMB PAM ", postfix: smb_creds_postfix);
if(senha_result.success)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Successfully retrieved Senhasegura PAM SMB credentials.");
smb_login = senha_result.creds.username;
smb_password = senha_result.creds.password;
if (senha_result.creds.domain)
{
smb_domain = senha_result.creds.domain;
}
}
else
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Failed to retrieve Senhasegura PAM SMB credentials.");
}
}
else if ("QiAnXin" >< smb_password_type)
{
set_kb_item(name: "target/auth/method", value:"QiAnXin");
var qax_result;
qax_result = qianxin::get_credential(prefix: smb_creds_prefix+"SMB PAM ", postfix: smb_creds_postfix, default_platform:"WINDOWS");
if(qax_result.success)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Successfully retrieved QiAnXin PAM SMB credentials.");
smb_login = qax_result.creds.username;
smb_password = qax_result.creds.password;
if (qax_result.creds.domain)
{
smb_domain = qax_result.creds.domain;
}
}
else
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:"Failed to retrieve QiAnXin PAM SMB credentials.");
}
}
else if ("Fudo" >< smb_password_type)
{
var fudo_result = fudo::get_credential(prefix:smb_creds_prefix+"SMB PAM ", postfix:smb_creds_postfix);
if (dbg::is_error(fudo_result))
{
dbg::log_error(msg:"Failed to retrieve Fudo PAM SMB credentials.");
}
else
{
dbg::detailed_log(lvl:2, src:SCRIPT_NAME, msg:
"Successfully retrieved Fudo PAM SMB credentials.");
# Note that username and domain only get retrived in Fudo 5.6 or newer.
if (fudo_result.username)
{
smb_login = fudo_result.username;
}
if (fudo_result.domain)
{
smb_domain = fudo_result.domain;
}
smb_password = fudo_result.password;
}
}
else
{
set_kb_item(name:"target/auth/method", value:"None");
p_type = 0;
}
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:'SMB Settings: \n'+
" credential type: " + smb_password_type + '\n' +
" username: " + smb_login + '\n' +
" domain: " + smb_domain + '\n' +
" password type: " + p_type + '\n' +
" kdc host: " + kdc_host + '\n' +
" kdc port: " + kdc_port + '\n' +
" kdc transport: " + kdc_transport + '\n' +
" kdc use tcp: " + kdc_use_tcp
);
results_array = make_array();
if ( smb_login && smb_password )
{
results_array["SMB/login_filled/" + j] = smb_login;
results_array["SMB/password_filled/" + j] = smb_password;
results_array["SMB/domain_filled/" + j] = smb_domain;
results_array["SMB/cred_type/" + j] = smb_password_type;
results_array["SMB/password_type_filled/" + j] = p_type;
if (kdc_host && kdc_port)
{
kdc_host = strip(kdc_host);
results_array["SMB/kdc_hostname_filled/" + j] = kdc_host;
results_array["SMB/kdc_port_filled/" + j] = int(kdc_port);
results_array["SMB/kdc_use_tcp_filled/" + j] = kdc_use_tcp;
}
result_list[j] = results_array;
j ++;
}
else if (i >= MAX_ADDITIONAL_SMB_LOGINS)
{
# Break at the first null credential that is above the max count of 3 for any version
# of nessus. This is important for nessus versions greater than 6.0 .
break;
}
}
}
##
# Attempts to authorize and pull LAPS credentials from Azure/Entra
#
# @remark
# Uses the Microsoft Graph API Library (includes/ms_graph_api.inc)
#
# Results are appended to the Global ``result_list`` as additional SMB credentials
#
# Pulls info from the following Preferences:
# - "Microsoft Azure Settings[entry]:Tenant ID :"
# - "Microsoft Azure Settings[entry]:Client ID :"
# _ "Microsoft Azure Settings[password]:Client Secret :"
#
# @return [NULL]
##
function laps_credentials_setup()
{
var tenant, app_id, secret;
var laps_creds, laps_login, results_array, j, i;
# j = last index of SMB creds +1
if (!isnull(keys(result_list)))
j = max_index(keys(result_list));
else j=0;
# Only 1 Azure Cloud Services-Credential is permitted
if (get_kb_item("TEST/is_test"))
{
tenant = get_kb_item("TEST/tenant");
app_id = get_kb_item("TEST/app_id");
secret = get_kb_item("TEST/secret");
}
else
{
tenant = get_preference("Microsoft Azure Settings[entry]:Tenant ID :");
app_id = get_preference("Microsoft Azure Settings[entry]:Client ID :");
secret = get_preference("Microsoft Azure Settings[password]:Client Secret :");
}
laps_creds = laps_get_credentials(tenant_id:tenant, app_id:app_id, client_secret:secret);
if (!laps_creds)
return NULL;
for (i=0; i<max_index(laps_creds); i++)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:'SMB Settings: \n'+
' credential type: Entra LAPS\n' +
' username: ' + laps_creds[i].accountName + '\n' +
' password type: 0\n');
results_array = make_array();
results_array["SMB/login_filled/" + j] = laps_creds[i].accountName;
results_array["SMB/password_filled/" + j] = laps_creds[i].password;
results_array["SMB/cred_type/" + j] = "Entra LAPS";
results_array["SMB/password_type_filled/" + j] = 0;
result_list[j] = results_array;
j++;
}
return NULL;
}
## Fetches Windows LAPS credentials
#
#
#
#
function windows_laps_setup()
{
var host, port, username, password, domain, laps_path;
var results_array = [];
var laps_creds, i, max_i, j;
# j = last index of SMB creds +1
if (!isnull(keys(result_list)))
j = max_index(keys(result_list));
else j=0;
laps_creds = get_global_kb_item("Secret/winLAPS/data");
if (empty_or_null(laps_creds))
return NULL;
laps_creds = deserialize(laps_creds);
if (empty_or_null(laps_creds))
return NULL;
for (i=0, max_i=max_index(laps_creds); i<max_i; i++)
{
dbg::detailed_log(lvl:1, src:SCRIPT_NAME, msg:'SMB Settings: \n'+
' credential type: Windows LAPS\n' +
' username: ' + laps_creds[i].account + '\n'
' password type: 0\n');
results_array = make_array();
results_array["SMB/login_filled/" + j] = laps_creds[i].account;
results_array["SMB/password_filled/" + j] = laps_creds[i].pass;
results_array["SMB/address_filled/" + j] = laps_creds[i].comp_ip;
results_array["SMB/cred_type/" + j] = "Windows LAPS";
results_array["SMB/password_type_filled/" + j] = 0;
result_list[j] = results_array;
j++;
}
return NULL;
}
##
# SMB insert data gathered
##
function smb_insert_data()
{
local_var rl, smbi;
foreach rl (result_list)
{
foreach smbi (keys(rl))
{
set_kb_item(name:smbi , value:rl[smbi]);
}
}
}
http_credential_setup();
nntp_credential_setup();
ftp_credential_setup();
pop2_credential_setup();
pop3_credential_setup();
imap_credential_setup();
ipmi_credential_setup();
smb_credential_setup();
laps_credentials_setup();
windows_laps_setup();
smb_insert_data();
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Jan 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5