[Openvas-commits] r1315 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Sep 10 10:22:50 CEST 2008
Author: chandra
Date: 2008-09-10 10:22:48 +0200 (Wed, 10 Sep 2008)
New Revision: 1315
Added:
trunk/openvas-plugins/scripts/smb_login.nasl
trunk/openvas-plugins/scripts/smb_registry_access.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl
trunk/openvas-plugins/scripts/gator.nasl
trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl
trunk/openvas-plugins/scripts/js.scob.trojan.nasl
trunk/openvas-plugins/scripts/mssql_version.nasl
trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl
trunk/openvas-plugins/scripts/secpod_reg_enum.nasl
trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl
Log:
Added smb_login.nasl and smb_registry_access.nasl and changed the dependencies
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/ChangeLog 2008-09-10 08:22:48 UTC (rev 1315)
@@ -1,3 +1,21 @@
+2008-09-10 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/smb_login.nasl,
+ scripts/smb_registry_access.nasl:
+ Added re-written scripts, keeping the file names as original for
+ backward compatibility.
+
+ * scripts/java_jre_jdk_dos.nasl,
+ scripts/W32.Sasser.Worm.nasl,
+ scripts/js.scob.trojan.nasl,
+ scripts/secpod_apple_safari_detect_win_900003.nasl,
+ scripts/secpod_reg_enum.nasl,
+ scripts/mssql_version.nasl,
+ scripts/smb_nt_ms03-009.nasl,
+ scripts/ gator.nasl:
+ Changed the dependency from smb_registry_full_access.nasl to
+ smb_registry_access.nasl as the KB item is implemented in the
+ latter.
+
2008-09-09 Carsten Koch-Mauthe <c.koch-mauthe at dn-systems.de>.
* scripts/samba_CB-A08-0085.nasl: changed proto.
Modified: trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl
===================================================================
--- trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/W32.Sasser.Worm.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -40,8 +40,8 @@
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl",
- "smb_login.nasl","smb_registry_access.nasl",
- "smb_registry_full_access.nasl");
+ "smb_login.nasl",
+ "smb_registry_access.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/domain","SMB/transport");
Modified: trunk/openvas-plugins/scripts/gator.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gator.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/gator.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -38,7 +38,7 @@
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl","smb_registry_access.nasl",
- "smb_registry_full_access.nasl");
+ "smb_registry_access.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/domain","SMB/transport");
Modified: trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/java_jre_jdk_dos.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -28,7 +28,7 @@
family["english"]= "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl","smb_login.nasl",
- "smb_registry_full_access.nasl");
+ "smb_registry_access.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/registry_full_access");
script_require_ports(139, 445);
Modified: trunk/openvas-plugins/scripts/js.scob.trojan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/js.scob.trojan.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/js.scob.trojan.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -45,7 +45,7 @@
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl","smb_registry_access.nasl",
- "smb_registry_full_access.nasl");
+ "smb_registry_access.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/domain","SMB/transport");
Modified: trunk/openvas-plugins/scripts/mssql_version.nasl
===================================================================
--- trunk/openvas-plugins/scripts/mssql_version.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/mssql_version.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -54,7 +54,7 @@
family["english"] = "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl",
- "smb_login.nasl", "smb_registry_full_access.nasl",
+ "smb_login.nasl", "smb_registry_access.nasl",
"mssqlserver_detect.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login",
"SMB/password", "SMB/registry_full_access");
Modified: trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/secpod_apple_safari_detect_win_900003.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -36,7 +36,7 @@
Risk factor : Informational";
script_description(english:desc["english"]);
- script_dependencies("secpod_reg_enum.nasl", "smb_registry_full_access.nasl");
+ script_dependencies("secpod_reg_enum.nasl", "smb_registry_access.nasl");
script_require_keys("SMB/WindowsVersion");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_reg_enum.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_reg_enum.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/secpod_reg_enum.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -38,7 +38,7 @@
Risk factor : Informational";
script_description(english:desc["english"]);
script_dependencies("netbios_name_get.nasl", "smb_login.nasl",
- "smb_registry_full_access.nasl", "smb_reg_service_pack.nasl");
+ "smb_registry_access.nasl", "smb_reg_service_pack.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/registry_access");
script_require_ports(139, 445);
Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -25,7 +25,7 @@
if(description)
{
- script_id(900041);
+ script_id(900111);
script_copyright(english:"Copyright (C) 2008 SecPod");
script_version("Revision: 1.1 ");
script_category(ACT_GATHER_INFO);
Added: trunk/openvas-plugins/scripts/smb_login.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_login.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/smb_login.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -0,0 +1,166 @@
+##############################################################################
+#
+# SMB log in
+#
+# Copyright: SecPod
+#
+# Date Written: 2008/09/09
+#
+# Revision: 1.1
+#
+# Log: schandan
+# Issue #0003
+# ------------------------------------------------------------------------
+# This program was written by SecPod and is licensed under the GNU GPL
+# license. Please refer to the below link for details,
+# http://www.gnu.org/licenses/gpl.html
+# This header contains information regarding licensing terms under the GPL,
+# and information regarding obtaining source code from the Author.
+# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+# information found in this header with any distribution you make of this
+# Program.
+# ------------------------------------------------------------------------
+##############################################################################
+
+if(description)
+{
+ script_id(10394);
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version ("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Windows");
+ script_name(english:"SMB log in");
+ script_summary(english:"Attempts to log into the remote host");
+ desc["english"] = "
+ This script attempts to logon into the remote host using
+ login/password credentials.
+
+ Risk factor : Informational";
+ script_description(english:desc["english"]);
+ script_dependencies("netbios_name_get.nasl", "cifs445.nasl",
+ "find_service.nes", "logins.nasl");
+ script_require_keys("SMB/name", "SMB/transport");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+ include("smb_nt.inc");
+
+ port = kb_smb_transport();
+ if(!port){
+ port = 139;
+ }
+
+ name = kb_smb_name();
+ if(!name){
+ name = "*SMBSERVER";
+ }
+
+ if(!get_port_state(port)){
+ exit(0);
+ }
+
+ login = string(get_kb_item("SMB/login_filled"));
+ password = string(get_kb_item("SMB/password_filled"));
+ user_domain = string(get_kb_item("SMB/domain_filled"));
+
+ if(!strlen(login)){
+ login ="";
+ }
+
+ if(!strlen(password)){
+ password = "";
+ }
+
+ if(strlen(user_domain)){
+ domain = user_domain;
+ }
+
+ if(!strlen(user_domain)){
+ user_domain = "";
+
+ soc = open_sock_tcp(port);
+ if(!soc){
+ exit(0);
+ }
+
+ smb_session_request(soc:soc, remote:name);
+
+ prot = smb_neg_prot(soc:soc);
+ close(soc);
+
+ domain = smb_neg_prot_domain(prot:prot);
+
+ if(!domain){
+ domain = string(get_kb_item("SMB/workgroup"));
+ }
+ if(!domain){
+ domain = "";
+ }
+ }
+
+ set_kb_item(name:"SMB/login", value:login);
+ set_kb_item(name:"SMB/password", value:password);
+
+ if(domain){
+ set_kb_item(name:"SMB/domain", value:domain);
+ }
+
+ function remote_login(login, passwd, domain)
+ {
+ login_defined = 0;
+
+ soc = open_sock_tcp(port);
+ if(!soc){
+ return(login_defined);
+ }
+
+ r = smb_session_request(soc:soc, remote:name);
+ if(!r){
+ close(soc);
+ return(login_defined);
+ }
+
+ prot = smb_neg_prot(soc:soc);
+ if(!prot){
+ close(soc);
+ return(login_defined);
+ }
+
+ r = smb_session_setup(soc:soc, login:login, password:password,
+ domain:domain, prot:prot);
+ if(!r){
+ close(soc);
+ return(login_defined);
+ }
+
+ uid = session_extract_uid(reply:r);
+ r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$");
+ close(soc);
+
+ if(r){
+ tid = tconx_extract_tid(reply:r);
+ login_defined = 1;
+ }
+ else{
+ login_defined = 0;
+ }
+ return(login_defined);
+ }
+
+ login_defined = remote_login(login:login, passwd:password, domain:domain);
+
+ if(login_defined == 1)
+ {
+ report = string("It was possible to log into the remote host using user defined\n",
+ "login/password combinations :\n");
+ security_note(data:report, port:port);
+ }
+
+ else if((login_deffined == 0) && login)
+ {
+ report = string("It was not possible to log into the remote host using user defined\n",
+ "login/password combinations :\n");
+ security_note(data:report, port:port);
+ }
Modified: trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/smb_nt_ms03-009.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -38,7 +38,7 @@
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl","smb_registry_access.nasl",
- "smb_reg_service_pack_W2K.nasl");
+ "smb_reg_service_pack.nasl");
script_require_keys("SMB/name", "SMB/login", "SMB/password",
"SMB/WindowsVersion",
"SMB/registry_access");
Added: trunk/openvas-plugins/scripts/smb_registry_access.nasl
===================================================================
--- trunk/openvas-plugins/scripts/smb_registry_access.nasl 2008-09-09 20:57:12 UTC (rev 1314)
+++ trunk/openvas-plugins/scripts/smb_registry_access.nasl 2008-09-10 08:22:48 UTC (rev 1315)
@@ -0,0 +1,146 @@
+##############################################################################
+#
+# SMB accessible registry
+#
+# Copyright: SecPod
+#
+# Date Written: 2008/09/09
+#
+# Revision: 1.1
+#
+# Log: schandan
+# Issue #0003
+# ------------------------------------------------------------------------
+# This program was written by SecPod and is licensed under the GNU GPL
+# license. Please refer to the below link for details,
+# http://www.gnu.org/licenses/gpl.html
+# This header contains information regarding licensing terms under the GPL,
+# and information regarding obtaining source code from the Author.
+# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+# information found in this header with any distribution you make of this
+# Program.
+# ------------------------------------------------------------------------
+##############################################################################
+
+if(description)
+{
+ script_id(10400);
+ script_version ("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Windows");
+ script_name(english:"SMB accessible registry");
+ script_summary(english:"Determines whether the remote registry is accessible");
+ desc["english"] = "
+ The remote registry can be accessed remotely using the login/password
+ credentials.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_category(ACT_GATHER_INFO);
+ script_dependencies("netbios_name_get.nasl", "smb_login.nasl");
+ script_require_keys("SMB/transport", "SMB/name", "SMB/login", "SMB/password");
+ script_exclude_keys("SMB/samba");
+ script_require_ports(139, 445);
+ exit(0);
+}
+
+
+ include("smb_nt.inc");
+
+ port = kb_smb_transport();
+ if(!port){
+ port = 139;
+ }
+
+ samba = get_kb_item("SMB/samba");
+ if(samba){
+ exit(0);
+ }
+
+ name = kb_smb_name();
+ if(!name){
+ exit(0);
+ }
+
+ if(!get_port_state(port)){
+ exit(0);
+ }
+
+ login = kb_smb_login();
+ pass = kb_smb_password();
+
+ if(!login)login = "";
+ if(!pass) pass = "";
+
+ dom = kb_smb_domain();
+
+ soc = open_sock_tcp(port);
+ if(!soc){
+ exit(0);
+ }
+
+ r = smb_session_request(soc:soc, remote:name);
+ if(!r){
+ close(soc);
+ exit(0);
+ }
+
+ prot = smb_neg_prot(soc:soc);
+ if(!prot){
+ close(soc);
+ exit(0);
+ }
+
+ r = smb_session_setup(soc:soc, login:login, password:pass, domain:dom, prot:prot);
+ if(!r){
+ close(soc);
+ exit(0);
+ }
+
+ uid = session_extract_uid(reply:r);
+ r = smb_tconx(soc:soc, name:name, uid:uid, share:"IPC$");
+ if(!r){
+ close(soc);
+ exit(0);
+ }
+
+ tid = tconx_extract_tid(reply:r);
+ if(!tid){
+ close(soc);
+ exit(0);
+ }
+
+ r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:"\winreg");
+ if(!r)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ pipe = smbntcreatex_extract_pipe(reply:r);
+ if (!pipe)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);
+ close(soc);
+
+ if(!r)
+ {
+ security_note(data:"It was not possible to connect to PIPE\winreg on "+
+ "the remote host. If you\nintend to use Nessus to "+
+ "perform registry-based checks, the registry "+
+ "checks\nwill not work because the 'Remote "+
+ "Registry Access' service (winreg) has been\n" +
+ "disabled on the remote host");
+ exit(0);
+ }
+
+ else
+ {
+ set_kb_item(name:"SMB/registry_access", value:TRUE);
+ set_kb_item(name:"SMB/registry_full_access", value:TRUE);
+ }
More information about the Openvas-commits
mailing list