- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2022 01:42 AM - edited ‎12-14-2022 01:48 AM
Discovery has four phases as follows.
1. Scanning
2.Classification
3.dentification
4.Exploration
So, at which phase of discovery are credentials required?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2022 01:47 AM
Depends if it is a credential less discovery or not.
If it is credential less, scanning phase does not require credentials but other 3 do.
If is is not credential less, all 4 phases required credentials, your discovery will not start scanning in this case.
Please mark the answer correct/helpful accordingly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-14-2023 01:50 AM
The credentials are utilised at the Classification stage-This is the first time Discovery uses credentials to query a target.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2022 03:42 AM
Hi Jarvis,
I see that RaghavSh already came with a great follow up questions, but I would rather like to know what is the query behind this? Do you have some credentials which's does not work or are you just learning Discovery?
I would also like to add that "Test Credential" could fail even if the credentials work. Always make sure the port is open/reachable from the mid-server. For example we had a "hardened" Windows server where port 135 locally was not opened. This resulted in Test Credential = Fail, but the real issue was that there was no connectivity.
Kind regards,
Robin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2022 02:41 PM
Credentials are used in the classification and identification/exploration phases contained in the pattern execution. The only time they are used in the first phase (shazzam) is the use of SNMP credentials so we can get a response from the sysdescr query from network devices .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-09-2024 04:58 AM
@doug_schulze could you elaborate more on topic of using credentials on each phase? For example, from my understanding: port probe win goes to windows classification when 135 tcp port is opened. Next Windows classification determines which exactly windows OS version discovery is dealing with. Is it 2008, 2012, 2016, etc.? I am not sure but I suppose that to get this information from scanned CI, credentials have to be used and successful. And we are still in 2nd phase - classification.
Once OS version is known, lets say it's 2016, windows classifier triggers probe Horizontal Pattern which launches Windows OS - Servers pattern.
And here we enter into 3rd phase - identification. Of course credentials are used to get information from WMI.
I don't know if session from 2nd phase is remained till 3rd (and 4th) phase is completed or on each phase 2nd, 3rd, 4th new session is initiated. Maybe you can answer?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-23-2024 01:08 PM
They would be new sessions.
