[Openvas-commits] r1315 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Sep 10 10:22:50 CEST 2008


Author: chandra
Date: 2008-09-10 10:22:48 +0200 (Wed, 10 Sep 2008)
New Revision: 1315

Added:
   trunk/openvas-plugins/scripts/smb_login.nasl
   trunk/openvas-plugins/scripts/smb_registry_access.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl
   trunk/openvas-plugins/scripts/gator.nasl
   trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl
   trunk/openvas-plugins/scripts/js.scob.trojan.nasl
   trunk/openvas-plugins/scripts/mssql_version.nasl
   trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl
   trunk/openvas-plugins/scripts/secpod_reg_enum.nasl
   trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
   trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl
Log:
Added smb_login.nasl and smb_registry_access.nasl and changed the dependencies

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/ChangeLog	2008-09-10 08:22:48 UTC (rev 1315)
@@ -1,3 +1,21 @@
+2008-09-10 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/smb_login.nasl,
+	  scripts/smb_registry_access.nasl:
+	 Added re-written scripts, keeping the file names as original for
+	 backward compatibility.  
+
+	* scripts/java_jre_jdk_dos.nasl,
+	  scripts/W32.Sasser.Worm.nasl,
+	  scripts/js.scob.trojan.nasl,
+	  scripts/secpod_apple_safari_detect_win_900003.nasl,
+	  scripts/secpod_reg_enum.nasl,
+          scripts/mssql_version.nasl,
+          scripts/smb_nt_ms03-009.nasl,
+          scripts/ gator.nasl:
+	 Changed the dependency from smb_registry_full_access.nasl to
+	 smb_registry_access.nasl as the KB item is implemented in the
+	 latter.  
+
 2008-09-09  Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>.
 
         * scripts/samba_CB-A08-0085.nasl: changed proto.

Modified: trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl
===================================================================
--- trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -40,8 +40,8 @@
  script_family(english:family["english"]);
  
  script_dependencies("netbios_name_get.nasl",
- 		    "smb_login.nasl","smb_registry_access.nasl",
-		    "smb_registry_full_access.nasl");
+ 		    "smb_login.nasl",
+		    "smb_registry_access.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password",
 		     "SMB/domain","SMB/transport");
 

Modified: trunk/openvas-plugins/scripts/gator.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gator.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/gator.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -38,7 +38,7 @@
  
  script_dependencies("netbios_name_get.nasl",
  		    "smb_login.nasl","smb_registry_access.nasl",
-		    "smb_registry_full_access.nasl");
+		    "smb_registry_access.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password",
 		     "SMB/domain","SMB/transport");
 

Modified: trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -28,7 +28,7 @@
  family["english"]= "Windows";
  script_family(english:family["english"]);
  script_dependencies("netbios_name_get.nasl","smb_login.nasl",
-                      "smb_registry_full_access.nasl");
+                      "smb_registry_access.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password",
                      "SMB/registry_full_access");
  script_require_ports(139, 445);

Modified: trunk/openvas-plugins/scripts/js.scob.trojan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/js.scob.trojan.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/js.scob.trojan.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -45,7 +45,7 @@
  
  script_dependencies("netbios_name_get.nasl",
  		    "smb_login.nasl","smb_registry_access.nasl",
-		    "smb_registry_full_access.nasl");
+		    "smb_registry_access.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password",
 		     "SMB/domain","SMB/transport");
 

Modified: trunk/openvas-plugins/scripts/mssql_version.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mssql_version.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/mssql_version.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -54,7 +54,7 @@
  family["english"] = "Windows";
  script_family(english:family["english"]);
  script_dependencies("netbios_name_get.nasl",
-                     "smb_login.nasl", "smb_registry_full_access.nasl",
+                     "smb_login.nasl", "smb_registry_access.nasl",
 		     "mssqlserver_detect.nasl");
  script_require_keys("SMB/transport", "SMB/name", "SMB/login",
                      "SMB/password", "SMB/registry_full_access");

Modified: trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -36,7 +36,7 @@
  
  Risk factor : Informational";
  script_description(english:desc["english"]);
- script_dependencies("secpod_reg_enum.nasl", "smb_registry_full_access.nasl");
+ script_dependencies("secpod_reg_enum.nasl", "smb_registry_access.nasl");
  script_require_keys("SMB/WindowsVersion");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_reg_enum.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_reg_enum.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/secpod_reg_enum.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -38,7 +38,7 @@
  Risk factor : Informational";
  script_description(english:desc["english"]);
  script_dependencies("netbios_name_get.nasl", "smb_login.nasl",
-		     "smb_registry_full_access.nasl", "smb_reg_service_pack.nasl");
+		     "smb_registry_access.nasl", "smb_reg_service_pack.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password",
 		     "SMB/registry_access");
  script_require_ports(139, 445);

Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -25,7 +25,7 @@
 
 if(description)
 {
- script_id(900041);
+ script_id(900111);
  script_copyright(english:"Copyright (C) 2008 SecPod");
  script_version("Revision: 1.1 ");
  script_category(ACT_GATHER_INFO);

Added: trunk/openvas-plugins/scripts/smb_login.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_login.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/smb_login.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -0,0 +1,166 @@
+##############################################################################
+#
+#  SMB log in
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/09
+#
+#  Revision: 1.1
+#
+#  Log: schandan
+#  Issue #0003
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+if(description)
+{
+ script_id(10394);
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version ("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Windows");
+ script_name(english:"SMB log in");
+ script_summary(english:"Attempts to log into the remote host");
+ desc["english"] = "
+ This script attempts to logon into the remote host using 
+ login/password credentials.
+
+ Risk factor : Informational";
+ script_description(english:desc["english"]);
+ script_dependencies("netbios_name_get.nasl", "cifs445.nasl",
+		     "find_service.nes", "logins.nasl");
+ script_require_keys("SMB/name", "SMB/transport");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+ include("smb_nt.inc");
+ 
+ port = kb_smb_transport();
+ if(!port){
+	port = 139;
+ }
+
+ name = kb_smb_name();
+ if(!name){
+        name = "*SMBSERVER";
+ }
+
+ if(!get_port_state(port)){
+        exit(0);
+ }
+
+ login =  string(get_kb_item("SMB/login_filled"));
+ password = string(get_kb_item("SMB/password_filled"));
+ user_domain = string(get_kb_item("SMB/domain_filled"));
+
+ if(!strlen(login)){
+	login ="";
+ }
+
+ if(!strlen(password)){
+        password = "";
+ }
+
+ if(strlen(user_domain)){
+	domain = user_domain;
+ }
+
+ if(!strlen(user_domain)){
+        user_domain = "";
+ 
+        soc = open_sock_tcp(port);
+        if(!soc){
+                exit(0);
+        }
+
+        smb_session_request(soc:soc, remote:name);
+
+        prot = smb_neg_prot(soc:soc);
+        close(soc);
+
+        domain = smb_neg_prot_domain(prot:prot);
+
+        if(!domain){
+                domain = string(get_kb_item("SMB/workgroup"));
+        }
+        if(!domain){
+                domain = "";
+        }
+ }
+
+ set_kb_item(name:"SMB/login", value:login);
+ set_kb_item(name:"SMB/password", value:password);
+
+ if(domain){
+        set_kb_item(name:"SMB/domain", value:domain);
+ }
+
+ function remote_login(login, passwd, domain)
+ {
+ 	login_defined = 0;
+
+	soc = open_sock_tcp(port);
+	if(!soc){
+	        return(login_defined);
+        }
+
+  	r = smb_session_request(soc:soc, remote:name);
+  	if(!r){
+		close(soc);
+	        return(login_defined);
+	}
+
+	prot = smb_neg_prot(soc:soc);
+  	if(!prot){
+                close(soc);
+	        return(login_defined);
+        }
+
+  	r = smb_session_setup(soc:soc, login:login, password:password,
+			      domain:domain, prot:prot);
+  	if(!r){
+                close(soc);
+                return(login_defined);
+        }
+
+    	uid = session_extract_uid(reply:r);
+    	r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$");
+ 	close(soc);
+
+    	if(r){
+		tid = tconx_extract_tid(reply:r);
+		login_defined = 1;
+	}
+    	else{
+		login_defined = 0;
+ 	}
+	return(login_defined);
+ }
+
+ login_defined = remote_login(login:login, passwd:password, domain:domain);
+
+ if(login_defined == 1)
+ {
+        report = string("It was possible to log into the remote host using user defined\n",
+                        "login/password combinations :\n");
+        security_note(data:report, port:port);
+ }
+
+ else if((login_deffined == 0) && login)
+ {
+        report = string("It was not possible to log into the remote host using user defined\n",
+                        "login/password combinations :\n");
+        security_note(data:report, port:port);
+ }

Modified: trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -38,7 +38,7 @@
  
  script_dependencies("netbios_name_get.nasl",
  		     "smb_login.nasl","smb_registry_access.nasl",
-		     "smb_reg_service_pack_W2K.nasl");
+		     "smb_reg_service_pack.nasl");
  script_require_keys("SMB/name", "SMB/login", "SMB/password",
 		     "SMB/WindowsVersion",
 		     "SMB/registry_access");

Added: trunk/openvas-plugins/scripts/smb_registry_access.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_registry_access.nasl	2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/smb_registry_access.nasl	2008-09-10 08:22:48 UTC (rev 1315)
@@ -0,0 +1,146 @@
+##############################################################################
+#
+#  SMB accessible registry
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/09
+#
+#  Revision: 1.1
+#
+#  Log: schandan
+#  Issue #0003
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+if(description)
+{
+ script_id(10400);
+ script_version ("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Windows");
+ script_name(english:"SMB accessible registry");
+ script_summary(english:"Determines whether the remote registry is accessible");
+ desc["english"] = "
+ The remote registry can be accessed remotely using the login/password 
+ credentials.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_category(ACT_GATHER_INFO);
+ script_dependencies("netbios_name_get.nasl", "smb_login.nasl");
+ script_require_keys("SMB/transport", "SMB/name", "SMB/login", "SMB/password");
+ script_exclude_keys("SMB/samba");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+ include("smb_nt.inc");
+
+ port = kb_smb_transport();
+ if(!port){
+	port = 139;
+ }
+		 
+ samba = get_kb_item("SMB/samba");
+ if(samba){
+	exit(0);
+ }
+
+ name = kb_smb_name();
+ if(!name){
+	exit(0);
+ }
+
+ if(!get_port_state(port)){
+	exit(0);
+ }
+
+ login = kb_smb_login();
+ pass  = kb_smb_password();
+
+ if(!login)login = "";
+ if(!pass) pass = "";
+
+ dom = kb_smb_domain();
+	  
+ soc = open_sock_tcp(port);
+ if(!soc){
+	exit(0);
+ }
+
+ r = smb_session_request(soc:soc,  remote:name);
+ if(!r){
+	close(soc);
+	exit(0);
+ }
+
+ prot = smb_neg_prot(soc:soc);
+ if(!prot){
+	close(soc);
+	exit(0);
+ }
+
+ r = smb_session_setup(soc:soc, login:login, password:pass, domain:dom, prot:prot);
+ if(!r){
+	close(soc);
+	exit(0);
+ }
+
+ uid = session_extract_uid(reply:r);
+ r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$");
+ if(!r){
+	close(soc);
+	exit(0);
+ }
+
+ tid = tconx_extract_tid(reply:r);
+ if(!tid){
+	close(soc);
+	exit(0);
+ }
+
+  r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:"\winreg");
+ if(!r)
+ {
+        close(soc);
+        exit(0);
+ }
+
+ pipe = smbntcreatex_extract_pipe(reply:r);
+ if (!pipe)
+ {
+        close(soc);
+        exit(0);
+ }
+
+ r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);
+ close(soc);
+
+ if(!r)
+ {
+	security_note(data:"It was not possible to connect to PIPE\winreg on "+
+                           "the remote host. If you\nintend to use Nessus to "+
+                           "perform registry-based checks, the registry "+
+                           "checks\nwill not work because the 'Remote "+
+                           "Registry Access' service (winreg) has been\n" +
+                           "disabled on the remote host");
+        exit(0);
+ }
+
+ else
+ {
+	set_kb_item(name:"SMB/registry_access", value:TRUE);
+        set_kb_item(name:"SMB/registry_full_access", value:TRUE);
+ }



More information about the Openvas-commits mailing list