[Openvas-commits] r2651 - in trunk/openvas-plugins: . scripts

[scm-commit@wald.intevation.org]

Author: kost
Date: 2009-03-04 10:25:48 +0100 (Wed, 04 Mar 2009)
New Revision: 2651

Added:
   trunk/openvas-plugins/scripts/tftpd_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new script for TFTP detection



Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-03-04 08:55:10 UTC (rev 2650)
+++ trunk/openvas-plugins/ChangeLog	2009-03-04 09:25:48 UTC (rev 2651)
@@ -1,3 +1,7 @@
+2009-03-04 Vlatko Kosturjak <kost at linux.hr>
+	* scripts/tftpd_detect.nasl:
+	Added new script for TFTP detection
+
 2009-03-04  Felix Wolfsteller <felix.wolfsteller at intevation.de>
 
 	* scripts/gather-package-list.nasl: NASL-LEVEL- guard the log message

Added: trunk/openvas-plugins/scripts/tftpd_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/tftpd_detect.nasl	2009-03-04 08:55:10 UTC (rev 2650)
+++ trunk/openvas-plugins/scripts/tftpd_detect.nasl	2009-03-04 09:25:48 UTC (rev 2651)
@@ -0,0 +1,93 @@
+# tftpd detect
+# template from external_svc_ident.nasl
+if (description)
+{
+ script_id(80100);
+ script_version("1.0");
+
+ desc = "
+Synopsis :
+
+The remote host has TFTP server running.
+
+Description :
+
+The remote host has TFTP server running. TFTP stands 
+for Trivial File Transfer Protocol.
+
+Solution : 
+
+Disable TFTP server if not used.
+
+Risk factor : 
+
+None";
+
+ script_description(english: desc);
+ script_copyright(english: "(C) 2009 Vlatko Kosturjak");
+ script_name(english: "TFTP detection");
+ script_category(ACT_GATHER_INFO);
+ script_family(english: "Service detection");
+ script_summary(english: "Detects TFTP server");
+
+ exit(0);
+}
+
+include('misc_func.inc');
+include('global_settings.inc');
+
+foundtftp=0;
+
+# taken from tftpd_dir_trav.nasl, adapted a bit
+function tftp_grab(port, file, mode)
+{
+ local_var      req, rep, sport, ip, u, filter, data, i;
+
+ req = '\x00\x01'+file+'\0'+mode+'\0';
+ sport = rand() % 64512 + 1024;
+
+ ip = forge_ip_packet(ip_hl : 5, ip_v: 4,  ip_tos:0, 
+        ip_len:20, ip_off:0, ip_ttl:64, ip_p:IPPROTO_UDP,
+        ip_src: this_host());
+                     
+ u = forge_udp_packet(ip:ip, uh_sport: sport, uh_dport:port, uh_ulen: 8 + strlen(req), data:req);
+
+ filter = 'udp and dst port ' + sport + ' and src host ' + get_host_ip() + ' and udp[8:1]=0x00';
+
+ data = NULL;
+ for (i = 0; i < 2; i ++)       # Try twice
+ {
+  rep = send_packet(u, pcap_active:TRUE, pcap_filter:filter, pcap_timeout:1);
+  if(rep)
+  {
+   if (debug_level > 2) dump(ddata: rep, dtitle: 'TFTP (IP)');
+   data = get_udp_element(udp: rep, element:"data");
+   if (debug_level > 1) dump(ddata: data, dtitle: 'TFTP (UDP)');
+   if (data[0] == '\0')
+   {
+	if (data[1] == '\x03' || data[1] =='\x05') {
+		foundtftp=1;
+	}
+   }
+   else
+     return NULL;
+  }
+ }
+ return NULL;
+}
+
+port=69;
+rndfile="nonexistant-"+rand_str();
+
+exit (0);
+
+# test valid modes according to RFC-783 
+tftp_grab (port:port, file:rndfile, mode:"netascii");
+tftp_grab (port:port, file:rndfile, mode:"octet");
+tftp_grab (port:port, file:rndfile, mode:"mail");
+
+if (foundtftp==1) {
+	register_service(port: port, ipproto: "udp", proto: "tftp");
+	security_note(port:port, proto:"udp");
+}
+