[Openvas-discuss] Adding a new nasl script

Jagannath Naidu jagannath.naidu at fosteringlinux.com
Mon Dec 16 08:07:43 CET 2013


HI,

I installed the wmi support for openvas.
I followed the link :
http://code.ohloh.net/file?fid=FUi4Z0R3xgX0oCjcpy4vdQq7eec&cid=MQKpc2gZPvw&fp=371826&mp&projSelected=true#L0

Enable wmi request on target
http://knowledgebase.solarwinds.com/kb/questions/4287/How+to+enable+WMI+connections+to+Windows+XP+clients+installed+in+a+Workgroup

Disable restrict guest access
http://www.pctools.com/guides/registry/detail/351/

Tried the wmic registry access
[root at localhost openvas]# wmic  -U jaggu //192.168.111.223 "select * from
Win32_ComputerSystem"
Password for [WORKGROUP\jaggu]:
CLASS: Win32_ComputerSystem
AdminPasswordStatus|
AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|Domain|DomainRole|EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|PartOfDomain|PauseAfterReset|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay|SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup
3|True|True|0|0|True|Normal
boot|KA-25JXDOMBWQZX|3|Win32_ComputerSystem|-480|False|AT/AT
COMPATIBLE|WORKGROUP|0|True|3|False|NULL|(null)|3|(null)|Red
Hat|KVM|KA-25JXDOMBWQZX|(null)|True|2|NULL|NULL|False|-1|NULL|False|3|0|3|(null)|FL|1|-1|-1|(LM_Workstation,LM_Server,NT,Potential_Browser)|OK|NULL|30|("Microsoft
Windows XP Professional" /fastdetect)|0|X86-based
PC|3|628654080|KA-25JXDOMBWQZX\jaggu|6|(null)


Now the nasl script for wmi registry test

first the nasl script was (attached file 1)
In which it is given
MaxSize = wmi_reg_get_dword_val(wmi_
handle:handle,key:"Software\Policies\Microsoft\Windows\EventLog\Application",
key_name:"MaxSize");

But that there was no such directory, so then I changed to as follows
MaxSize = wmi_reg_get_dword_val(wmi_
handle:handle,key:"*SYSTEM/CurrentControlSet\Services\EventLog\Application*",
key_name:"MaxSize");


Now the afer running the script, the following outpu is shown
[root at localhost openvas]# openvas-nasl -t 192.168.111.223 -X
wmi_reg_test.nasl
User Name : jaggu
Passwd : jaggu
Host : 192.168.111.223
0.0.1

Connected to host with handle 28616896
nasl_wmi_reg_get_dword_val: WMI query failed

Query Result :

*1.I stuck, at this situation. The wmic command can retrieve the registry
information, but my script is not retriving.*


Found this script, http://komma-nix.de/nasl.php?oid=96050, named it
'wmi_reg_test_1.nasl', and placed it in the plugins directory.


*2.HOW TO ADD A NEW NASL SCRIPT???????*

Thanks in advance

B Jagannath
Keen & Able computers Pvt. Ltd.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20131216/7ed15079/attachment.html>


More information about the Openvas-discuss mailing list