[Openvas-commits] r2835 - trunk/openvas-plugins/scripts

Wed Mar 18 22:24:07 CET 2009

Author: edjenguele
Date: 2009-03-18 22:24:02 +0100 (Wed, 18 Mar 2009)
New Revision: 2835

Modified:
   trunk/openvas-plugins/scripts/remote-detect-MSdotNET-version.nasl
Log:
Fix Regex for version handling : thanks to Chandra for that regex :)
TODO: 
* some script that I've committed use this plugin as a dependency
  as they report the vulnerability based on the exact version of .net
  and this script report the complete exact version string.
* use the revisions-lib.inc by Thomas Reinke to compare these versions string


Modified: trunk/openvas-plugins/scripts/remote-detect-MSdotNET-version.nasl
===================================================================

--- trunk/openvas-plugins/scripts/remote-detect-MSdotNET-version.nasl	2009-03-18 13:42:27 UTC (rev 2834)
+++ trunk/openvas-plugins/scripts/remote-detect-MSdotNET-version.nasl	2009-03-18 21:24:02 UTC (rev 2835)
@@ -70,49 +70,50 @@
 
 include("misc_func.inc");
 include("http_func.inc");
+include("http_keepalive.inc");
 
-iis_servers = get_kb_list("Services/www");
 
 # request a non existant random page
-# test page in browser: http://www.camstar.com/000111222.aspx
- 
-page = string(rand() + '.aspx');
+page = string(rand() + ".aspx");
 
-foreach port (iis_servers)
-{
-	soc = open_sock_tcp(port);
-	qry = strcat('GET /' , page , ' HTTP/1.0\r\n\r\n');
-		
-	req = http_get(item:qry, port:port);
-	send(socket:soc, data:req);
+port = get_http_port(default:80);
+	
+request = string(
+    "GET /", page, " HTTP/1.0\r\n",
+    "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; OpenVAS)\r\n",
+    "Accept-Language: en-us,en;q=0.5\r\n",
+    "Keep-Alive: 300\r\n",
+    "Connection: keep-alive\r\n",
+    "Content-Type: application/x-www-form-urlencoded\r\n\r\n"
+    );
 
+
+	
 	# Get back the response
-	reply = recv(socket:soc, length:1204);
+	response = http_keepalive_send_recv(port:port, data:request, bodyonly:1);
+	report = '';
 
 	# Get the ASP.NET Microsoft .Net Framework version
-	# a tipical response from test page above
+	# a response example:
 	# Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433
-	dotNet_header = egrep(pattern:"Microsoft .NET Framework Version:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)", string:reply, icase:TRUE);
-	aspNet_header = egrep(pattern:"ASP.NET Version:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)", string:reply, icase:TRUE);
+	dotNet_header = eregmatch(pattern:"Microsoft .NET Framework Version:([0-9.]+)",string:response, icase:TRUE);
+	aspNet_header = eregmatch(pattern:"ASP.NET Version:([0-9.]+)",string:response, icase:TRUE);
 
-	if(('Version Information' >< response) && dotNet_header)
-		dotnetversion = ereg_replace(string:response, pattern:dotNet_header,"\1");
-		report = "Detected Microsoft .NET Framework version: " + dotnetversion;
+	if(('Version Information' >< response) && dotNet_header){
+		report = "OpenVAS was able to Detected " + dotNet_header[0];
+
+		# save informations into the kb
+		set_kb_item(name:"dotNET/install", value:TRUE);
+		set_kb_item(name:"dotNET/port", value:port);
+		set_kb_item(name:"dotNet/version", value:dotNet_header[1]);
+	}
 		
-		if(aspNET_header)
-			aspnetversion = ereg_replace(string:response, pattern:aspNet_header,"\1");
-			report += "Detected ASP .NET version: " + aspnetversion;
+	if(aspNET_header >< response){
+		report +=  " and " + aspNet_header[0];
 	
 		# save informations into the kb
-		set_kb_item(name:"dotNET/installed", value:TRUE);
 		set_kb_item(name:"aspNET/installed", value:TRUE);
-		set_kb_item(name:"dotNET/version", value:dotnetversion);
-		set_kb_item(name:"aspNET/version", value:aspnetversion);
-		set_kb_item(name:"dotNET/port", value:port);
-
-		# report all gathered informations
-		security_note(port:port, data:report);
- 
-	
-}
-
+		set_kb_item(name:"aspNET/version", value:aspNet_header[1]);
+	}
+	# report all gathered informations
+	security_note(port:port, data:report);

