[Openvas-commits] r8010 - trunk/openvas-plugins/scripts/GSHB
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Jun 11 09:22:12 CEST 2010
Author: chandra
Date: 2010-06-11 09:22:11 +0200 (Fri, 11 Jun 2010)
New Revision: 8010
Removed:
trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_LM_comp_level.nasl
trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_Loginscreen.nasl
trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_RPC-SMBandLDAP.nasl
trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_get_Shares.nasl
Log:
reverted accidental commit
Deleted: trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_LM_comp_level.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_LM_comp_level.nasl 2010-06-11 07:15:57 UTC (rev 8009)
+++ trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_LM_comp_level.nasl 2010-06-11 07:22:11 UTC (rev 8010)
@@ -1,102 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id$
-#
-# LanManager Compatibility Mode (Win)
-#
-# Authors:
-# Thomas Rotter <T.Rotter at dn-systems.de>
-#
-# Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
-#
-# Set in an Workgroup Environment under Vista with enabled UAC this DWORD to access WMI:
-# HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy to 1
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-###############################################################################
-
-
-if(description)
-{
- script_id(96004);
- script_version("$Revision: 1.0 $");
- script_name("LanManager Compatibility Mode (Win)");
- desc = "
- Overview: The script detects the LanManager Compatibility Mode.
-
- Risk Factor: Informational";
-
- script_description(desc);
- script_summary("Check for LanManager Compatibility Mode.");
- script_category(ACT_GATHER_INFO);
- script_copyright("Copyright (c) 2009 Greenbone Networks GmbH");
- script_family("IT-Grundschutz");
- script_mandatory_keys("Tools/Present/wmi");
- script_mandatory_keys("Compliance/Launch/GSHB");
-# script_require_ports(139, 445);
- script_dependencies("secpod_reg_enum.nasl", "GSHB_WMI_OSInfo.nasl");
- exit(0);
-}
-
-
-host = get_host_ip();
-usrname = get_kb_item("SMB/login");
-passwd = get_kb_item("SMB/password");
-OSVER = get_kb_item("WMI/WMI_OSVER");
-
-if(!OSVER || OSVER >< "none"){
- set_kb_item(name:"WMI/LMCompatibilityLevel", value:"error");
- log_message(port:0, proto: "IT-Grundschutz", data:string("No access to SMB host. Firewall is activated or there is not a Windows system."));
- exit(0);
-}
-
-handle = wmi_connect_reg(host:host, username:usrname, password:passwd);
-
-if(!handle){
- security_note("wmi_connect: WMI Connect failed. Credentials: " + usrname + " " + passwd);
- set_kb_item(name:"WMI/LMCompatibilityLevel", value:"error");
- wmi_close(wmi_handle:handle);
- exit(0);
-}
-
-LMCOMPLEVELKEY = wmi_reg_enum_value(wmi_handle:handle, key:"SYSTEM\CurrentControlSet\control\Lsa");
-LMCOMPLEVELKEY = tolower(LMCOMPLEVELKEY);
-
-if(!LMCOMPLEVELKEY){
- log_message(port:0, proto: "IT-Grundschutz", data:"Registry Path not found.");
- set_kb_item(name:"WMI/LMCompatibilityLevel", value:"error");
- wmi_close(wmi_handle:handle);
- exit(0);
-}else if ("lmcompatibilitylevel" >!< LMCOMPLEVELKEY){
- log_message(port:0, proto: "IT-Grundschutz", data:"Registry Value not found.");
- set_kb_item(name:"WMI/LMCompatibilityLevel", value:"error");
- wmi_close(wmi_handle:handle);
- exit(0);
-}
-
-lmcomplevel = wmi_reg_get_dword_val(wmi_handle:handle, key:"SYSTEM\CurrentControlSet\control\Lsa", val_name:"LMCompatibilityLevel");
-
-if (lmcomplevel == "0" || lmcomplevel == 1)
-{
- set_kb_item(name:"WMI/LMCompatibilityLevel", value:"off");
-}
-else
-{
- set_kb_item(name:"WMI/LMCompatibilityLevel", value:"on");
-}
-
-wmi_close(wmi_handle:handle);
-
-exit(0);
Deleted: trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_Loginscreen.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_Loginscreen.nasl 2010-06-11 07:15:57 UTC (rev 8009)
+++ trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_Loginscreen.nasl 2010-06-11 07:22:11 UTC (rev 8010)
@@ -1,133 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id:
-#
-# Last username (Win)
-#
-# Authors:
-# Thomas Rotter<T.Rotter at dn-systems.de>
-#
-# Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
-#
-# Set in an Workgroup Environment under Vista with enabled UAC this DWORD to access WMI:
-# HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy to 1
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-###############################################################################
-
-
-if(description)
-{
- script_id(96005);
- script_version("$Revision: 1.1 $");
- script_name("Last Username (Win)");
- desc = "
- Overview: The script detects if Last Login Username an Loginwarning is displayed.
-
- Risk Factor: Informational";
-
- script_description(desc);
- script_summary("Check if Last Login Username and Loginwarning Displayed.");
- script_category(ACT_GATHER_INFO);
- script_copyright("Copyright (c) 2009 Greenbone Networks GmbH");
- script_family("IT-Grundschutz");
- script_mandatory_keys("Tools/Present/wmi");
- script_mandatory_keys("Compliance/Launch/GSHB");
-# script_require_ports(139, 445);
- script_dependencies("secpod_reg_enum.nasl", "GSHB_WMI_OSInfo.nasl");
- exit(0);
-}
-
-
-host = get_host_ip();
-usrname = get_kb_item("SMB/login");
-passwd = get_kb_item("SMB/password");
-OSVER = get_kb_item("WMI/WMI_OSVER");
-
-if(!OSVER || OSVER >< "none"){
- set_kb_item(name:"WMI/DontDisplayLastUserName", value:"error");
- set_kb_item(name:"WMI/LegalNoticeCaption", value:"error");
- set_kb_item(name:"WMI/LegalNoticeText", value:"error");
- log_message(port:0, proto: "IT-Grundschutz", data:string("No access to SMB host. Firewall is activated or there is not a Windows system."));
- exit(0);
-}
-
-handle = wmi_connect_reg(host:host, username:usrname, password:passwd);
-
-if(!handle){
- security_note("wmi_connect_reg: WMI Connect failed. Credentials: " + usrname + " " + passwd);
- set_kb_item(name:"WMI/DontDisplayLastUserName", value:"error");
- set_kb_item(name:"WMI/LegalNoticeCaption", value:"error");
- set_kb_item(name:"WMI/LegalNoticeText", value:"error");
- wmi_close(wmi_handle:handle);
- exit(0);
-}
-
-WINLOGONKEY = wmi_reg_enum_value(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon");
-POLICIEKEY = wmi_reg_enum_value(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System");
-
-if(!WINLOGONKEY){
- log_message(port:0, proto: "IT-Grundschutz", data:"Registry Path not found.");
- set_kb_item(name:"WMI/DontDisplayLastUserName", value:"error");
- set_kb_item(name:"WMI/LegalNoticeCaption", value:"error");
- set_kb_item(name:"WMI/LegalNoticeText", value:"error");
-exit(0);
-}
-
-lastuser = wmi_reg_get_dword_val(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", val_name:"DontDisplayLastUserName");
-
-lastuserpol = wmi_reg_get_dword_val(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", val_name:"DontDisplayLastUserName");
-
-lenoca = wmi_reg_get_sz(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", key_name:"LegalNoticeCaption");
-
-lenocapol = wmi_reg_get_sz(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", key_name:"LegalNoticeCaption");
-
-lenote = wmi_reg_get_sz(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", key_name:"LegalNoticeText");
-
-lenotepol = wmi_reg_get_sz(wmi_handle:handle, key:"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", key_name:"legalnoticetext");
-
-if(!POLICIEKEY){
-lastuserpol = 0;
-lenocapol = "";
-lenotepol = "";
-}
-
-if((lastuser == 1) || (lastuserpol == 1))
-{
- set_kb_item(name:"WMI/DontDisplayLastUserName", value:"on");
-}
-else {
- if((lastuser != 1) && (lastuserpol == 1))
- {
- set_kb_item(name:"WMI/DontDisplayLastUserName", value:"on");
- }
- else {set_kb_item(name:"WMI/DontDisplayLastUserName", value:"off");
- }
-}
-
-
-if(lenoca >< "" && lenocapol >< "") {
- set_kb_item(name:"WMI/LegalNoticeCaption", value:"off");
-}else{
-set_kb_item(name:"WMI/LegalNoticeCaption", value:"on");
-}
-
-if(lenote >< "" && lenotepol >< "") {
- set_kb_item(name:"WMI/LegalNoticeText", value:"off");
-}else{
- set_kb_item(name:"WMI/LegalNoticeText", value:"on");
-}
-wmi_close(wmi_handle:handle);
-exit(0);
Deleted: trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_RPC-SMBandLDAP.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_RPC-SMBandLDAP.nasl 2010-06-11 07:15:57 UTC (rev 8009)
+++ trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_RPC-SMBandLDAP.nasl 2010-06-11 07:22:11 UTC (rev 8010)
@@ -1,144 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id$
-#
-# Read RPC, SMB and LDAP security configuration (Win)
-#
-# Authors:
-# Thomas Rotter <T.Rotter at dn-systems.de>
-#
-# Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
-#
-# Set in an Workgroup Environment under Vista with enabled UAC this DWORD to access WMI:
-# HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy to 1
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-###############################################################################
-
-
-if(description)
-{
- script_id(96035);
- script_version("$Revision: 1.0 $");
- script_name("Read RPC, SMB and LDAP security configuration (Win)");
- desc = "
- Overview: The script read the RPC, SMB and LDAP security configuration.
-
- Risk Factor: Informational";
-
- script_description(desc);
- script_summary("Read RPC, SMB and LDAP security configuration (Win");
- script_category(ACT_GATHER_INFO);
- script_copyright("Copyright (c) 2009 Greenbone Networks GmbH");
- script_family("IT-Grundschutz");
- script_mandatory_keys("Tools/Present/wmi");
- script_mandatory_keys("Compliance/Launch/GSHB");
-# script_require_ports(139, 445);
- script_dependencies("secpod_reg_enum.nasl", "GSHB_WMI_OSInfo.nasl");
-# script_require_keys("SMB/registry_access");
- exit(0);
-}
-
-
-host = get_host_ip();
-usrname = get_kb_item("SMB/login");
-passwd = get_kb_item("SMB/password");
-OSNAME = get_kb_item("WMI/WMI_OSNAME");
-OSVER = get_kb_item("WMI/WMI_OSVER");
-
-if(!OSVER || OSVER >< "none"){
- set_kb_item(name:"WMI/RPC-SMBandLDAP", value:"error");
- log_message(port:0, proto: "IT-Grundschutz", data:string("No access to SMB host. Firewall is activated or there is not a Windows system."));
- exit(0);
-}
-
-if (OSVER != '5.2' || OSNAME >< 'Microsoft(R) Windows(R) XP Professional x64 Edition'){
- set_kb_item(name:"WMI/RPC-SMBandLDAP", value:"inapplicable");
- wmi_close(wmi_handle:handle);
- exit(0);
-}
-
-handle = wmi_connect_reg(host:host, username:usrname, password:passwd);
-
-if(!handle){
- security_note("wmi_connect: WMI Connect failed. Credentials: " + usrname + " " + passwd);
- set_kb_item(name:"WMI/RPC-SMBandLDAP", value:"error");
- wmi_close(wmi_handle:handle);
- exit(0);
-}
-
-
-requiresignorseal = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\Netlogon\Parameters", val_name:"requiresignorseal");
-
-requirestrongkey = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\Netlogon\Parameters", val_name:"requirestrongkey");
-
-RequireSecuritySignatureW = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\LanmanWorkstation\Parameters", val_name:"RequireSecuritySignature");
-
-requiresecuritysignatureS = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\LanManServer\Parameters", val_name:"requiresecuritysignature");
-
-enablesecuritysignature = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\LanManServer\Parameters", val_name:"enablesecuritysignature");
-
-NoLMHash = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Control\Lsa", val_name:"NoLMHash");
-
-NTLMMinClientSec = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Control\Lsa\MSV1_0", val_name:"NTLMMinClientSec");
-
-NTLMMinServerSec = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Control\Lsa\MSV1_0", val_name:"NTLMMinServerSec");
-
-LDAPClientIntegrity = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\LDAP", val_name:"LDAPClientIntegrity");
-
-EnablePlainTextPassword = wmi_reg_get_dword_val(wmi_handle:handle, key:"System\CurrentControlSet\Services\LanmanWorkstation\Parameters", val_name:"EnablePlainTextPassword");
-
-
-if(requiresignorseal == "1"){
- set_kb_item(name:"WMI/requiresignorseal", value:"on");
-}else set_kb_item(name:"WMI/requiresignorseal", value:"off");
-
-if(requirestrongkey == "1"){
- set_kb_item(name:"WMI/requirestrongkey", value:"on");
-}else set_kb_item(name:"WMI/requirestrongkey", value:"off");
-
-if(RequireSecuritySignatureW == "1"){
- set_kb_item(name:"WMI/RequireSecuritySignature-W", value:"on");
-}else set_kb_item(name:"WMI/RequireSecuritySignature-W", value:"off");
-
-if(requiresecuritysignatureS == "1"){
- set_kb_item(name:"WMI/requiresecuritysignature-S", value:"on");
-}else set_kb_item(name:"WMI/requiresecuritysignature-S", value:"off");
-
-if(enablesecuritysignature == "1"){
- set_kb_item(name:"WMI/enablesecuritysignature", value:"on");
-}else set_kb_item(name:"WMI/enablesecuritysignature", value:"off");
-
-if(NoLMHash == "1"){
- set_kb_item(name:"WMI/NoLMHash", value:"on");
-}else set_kb_item(name:"WMI/NoLMHash", value:"off");
-
-if(NTLMMinClientSec == "537395248"){
- set_kb_item(name:"WMI/NTLMMinClientSec", value:"on");
-}else set_kb_item(name:"WMI/NTLMMinClientSec", value:"off");
-
-if(NTLMMinServerSec == "537395248"){
- set_kb_item(name:"WMI/NTLMMinServerSec", value:"on");
-}else set_kb_item(name:"WMI/NTLMMinServerSec", value:"off");
-
-if(LDAPClientIntegrity == "1"){
- set_kb_item(name:"WMI/LDAPClientIntegrity", value:"on");
-}else set_kb_item(name:"WMI/LDAPClientIntegrity", value:"off");
-
-if(EnablePlainTextPassword == "1"){
- set_kb_item(name:"WMI/EnablePlainTextPassword", value:"on");
-}else set_kb_item(name:"WMI/EnablePlainTextPassword", value:"off");
-
-exit(0);
Deleted: trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_get_Shares.nasl
===================================================================
--- trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_get_Shares.nasl 2010-06-11 07:15:57 UTC (rev 8009)
+++ trunk/openvas-plugins/scripts/GSHB/GSHB_WMI_get_Shares.nasl 2010-06-11 07:22:11 UTC (rev 8010)
@@ -1,103 +0,0 @@
-###############################################################################
-# OpenVAS Vulnerability Test
-# $Id:
-#
-# Get all Windows Shares over WMI (win)
-#
-# Authors:
-# Thomas Rotter <T.Rotter at dn-systems.de>
-#
-# Copyright:
-# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
-#
-# Set in an Workgroup Environment under Vista with enabled UAC this DWORD to access WMI:
-# HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy to 1
-#
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2
-# (or any later version), as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-###############################################################################
-
-if(description)
-{
- script_id(96026);
- script_version("$Revision: 116 $");
- script_name("Get all Windows Shares over WMI (win)");
-
- desc = "
- Overview: Get all Windows Shares over WMI.
-
- and check the Networkaccess for Anonymous (IPC$ NullSession)
-
- Risk factor : Informational";
-
- script_description(desc);
- script_summary("Get all Windows Shares over WMI (win)");
- script_category(ACT_GATHER_INFO);
- script_copyright("Copyright (c) 2009 Greenbone Networks GmbH");
- script_family("IT-Grundschutz");
- script_mandatory_keys("Tools/Present/wmi");
- script_mandatory_keys("Compliance/Launch/GSHB");
-# script_require_ports(139, 445);
- script_dependencies("secpod_reg_enum.nasl", "GSHB_WMI_OSInfo.nasl");
- exit(0);
-}
-
-host = get_host_ip();
-usrname = get_kb_item("SMB/login");
-passwd = get_kb_item("SMB/password");
-OSVER = get_kb_item("WMI/WMI_OSVER");
-
-if(!OSVER || OSVER >< "none"){
- set_kb_item(name:"WMI/Shares", value:"error");
- set_kb_item(name:"WMI/IPC", value:"error");
- log_message(port:0, proto: "IT-Grundschutz", data:string("No access to SMB host. Firewall is activated or there is not a Windows system."));
- exit(0);
-}
-
-handle = wmi_connect(host:host, username:usrname, password:passwd);
-handlereg = wmi_connect_reg(host:host, username:usrname, password:passwd);
-
-if(!handle){
- security_note("wmi_connect: WMI Connect failed. Credentials: " + usrname + " " + passwd + " " + ns);
- set_kb_item(name:"WMI/Shares", value:"error");
- set_kb_item(name:"WMI/IPC", value:"error");
- wmi_close(wmi_handle:handle);
- wmi_close(wmi_handle:handlereg);
- exit(0);
-}
-
-query = 'select Name from Win32_Share';
-SHARES = wmi_query(wmi_handle:handle, query:query);
-
-
-
-IPC = wmi_reg_get_dword_val(wmi_handle:handlereg, key:"SYSTEM\CurrentControlSet\Control\LSA", val_name:"RestrictAnonymous");
-
-AUTOSHARE = wmi_reg_get_dword_val(wmi_handle:handlereg, key:"SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters", val_name:"AutoShareServer");
-
-
-
-if(!SHARES) SHARES = "None";
-if(!IPC) IPC = "None";
-if(!AUTOSHARE) AUTOSHARE = "None";
-
-set_kb_item(name:"WMI/Shares", value:SHARES);
-set_kb_item(name:"WMI/IPC", value:IPC);
-set_kb_item(name:"WMI/AUTOSHARE", value:AUTOSHARE);
-
-wmi_close(wmi_handle:handle);
-wmi_close(wmi_handle:handlereg);
-
-
-exit(0);
More information about the Openvas-commits
mailing list