From timb at openvas.org Wed Apr 5 07:29:10 2006 From: timb at openvas.org (Tim Brown) Date: Wed, 5 Apr 2006 06:29:10 +0100 Subject: [openvas-plugins] Source of plugins? In-Reply-To: <20060317140432.C18330@tigerlair.com> References: <20060317140432.C18330@tigerlair.com> Message-ID: <200604050629.11326.timb@openvas.org> On Friday 17 March 2006 19:04, stripes wrote: > Where are we getting our current plugins from? It looks like wiretapped.net > has a GPL Nessus plugin package from 2.2.4-7. The current openvas-plugins repository is based on the original GNU/Debian package of 2.2.5 + a merge of patches from the 2.2.7 package. The maintainer has done a lot of the hard work, but at the DevCon we identified a number of areas of work. > Are we doing soemthing to centralize GPL'd plugins? The final steps around proposals are currently being worked on before a post to the various lists. Details of work so far identified can be found at http://www.openvas.org/doku.php?id=devcon_1_write_up. Tim -- Tim Brown, OpenVAS From stripes at tigerlair.com Wed Apr 12 21:03:52 2006 From: stripes at tigerlair.com (stripes) Date: Wed, 12 Apr 2006 15:03:52 -0400 Subject: [openvas-plugins] Source of plugins? In-Reply-To: <200604050629.11326.timb@openvas.org>; from timb@openvas.org on Wed, Apr 05, 2006 at 06:29:10AM +0100 References: <20060317140432.C18330@tigerlair.com> <200604050629.11326.timb@openvas.org> Message-ID: <20060412150352.A24622@tigerlair.com> Ok, I've made changes to some GPL plugins. Where do I submit them to? -Anne On Wed, Apr 05, 2006 at 06:29:10AM +0100, Tim Brown wrote: > On Friday 17 March 2006 19:04, stripes wrote: > > > Where are we getting our current plugins from? It looks like wiretapped.net > > has a GPL Nessus plugin package from 2.2.4-7. > > The current openvas-plugins repository is based on the original GNU/Debian > package of 2.2.5 + a merge of patches from the 2.2.7 package. The maintainer > has done a lot of the hard work, but at the DevCon we identified a number of > areas of work. > > > Are we doing soemthing to centralize GPL'd plugins? > > The final steps around proposals are currently being worked on before a post > to the various lists. Details of work so far identified can be found at > http://www.openvas.org/doku.php?id=devcon_1_write_up. > > Tim > -- > Tim Brown, OpenVAS > > > _______________________________________________ > openvas-plugins mailing list > openvas-plugins at openvas.org > http://www.openvas.org/mailman/listinfo.cgi/openvas-plugins > -- Time for new haiku: (\`--/') _ _______ .-r-. Lacking inspiration, I >.~.\ `` ` `,`,`. ,'_'~`. waste this space again. -Tina Bird (v_," ; `,-\ ; : ; \/,-~) \ stripes at tigerlair dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at brickbox dot com ((,((,__..'~~~~~~((,__..' `-..-'fL From timb at openvas.org Mon Apr 17 00:31:18 2006 From: timb at openvas.org (Tim Brown) Date: Sun, 16 Apr 2006 23:31:18 +0100 Subject: [openvas-plugins] LDAP plugin for OpenVAS In-Reply-To: <200603091652.02783.jan-oliver.wagner@intevation.de> References: <4410228D.9070907@itsec.nl> <200603091652.02783.jan-oliver.wagner@intevation.de> Message-ID: <200604162331.18593.timb@openvas.org> On Thursday 09 March 2006 15:52, Jan-Oliver Wagner wrote: > > This plugin just uses a different > > method and actually prints a set ammount of information from the LDAP > > server and it is licenced under the GPL license. > > > > # This script is has been provided by ITsec Security Services, and is > > licenced under the Creative Commons license. > > There seems to be a conflict. Under which license actually is the script? > Strongly preferred is GNU GPL, of course. Tarik, The licensing of this plugin was never confirmed, sInce your email states GPL and the plugin states CC. Can you send an updated version which states GPL in the plugin itself. Cheers, Tim -- Tim Brown, OpenVAS From t.el-yassem at itsec.nl Tue Apr 18 09:32:22 2006 From: t.el-yassem at itsec.nl (Tarik El-Yassem) Date: Tue, 18 Apr 2006 09:32:22 +0200 Subject: [openvas-plugins] Repost: ldapsearch plugin Message-ID: <44449606.1030205@itsec.nl> Hi, Here's the plugin I have posted before, but now with fixed correct copyright. Regards, Tarik -- Ing. Tarik El-Yassem ------------------------------------------------------------------- ITsec Security Services BV, Postbus 5120, 2000 GC HAARLEM Tel.+31-(0)235420578, Fax.+31-(0)235345477 http://www.itsec-ss.nl ------------------------------------------------------------------- Exploit & Vulnerability Alerting Service http://evas.itsec-ss.nl -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ldapsearch_1.8.8.nasl Url: http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20060418/97aeb870/ldapsearch_1.8.8.asc From stripes at tigerlair.com Tue Apr 18 18:03:31 2006 From: stripes at tigerlair.com (stripes) Date: Tue, 18 Apr 2006 12:03:31 -0400 Subject: [openvas-plugins] Repost: ldapsearch plugin In-Reply-To: <44449606.1030205@itsec.nl>; from t.el-yassem@itsec.nl on Tue, Apr 18, 2006 at 09:32:22AM +0200 References: <44449606.1030205@itsec.nl> Message-ID: <20060418120331.A10102@tigerlair.com> Hi Tarik, Thanks for the plugin! It's great to have contributions. Btw, where is find_service.nasl? I have find_service1.nasl and find_service2.nasl. Which one do you need for your script? The find_service.nes (C version with Nessus 2.2.4) has gone away. -Anne On Tue, Apr 18, 2006 at 09:32:22AM +0200, Tarik El-Yassem wrote: > Hi, > > Here's the plugin I have posted before, but now with fixed correct > copyright. > > Regards, > > Tarik > > -- > Ing. Tarik El-Yassem > ------------------------------------------------------------------- > ITsec Security Services BV, Postbus 5120, 2000 GC HAARLEM > Tel.+31-(0)235420578, Fax.+31-(0)235345477 > http://www.itsec-ss.nl > ------------------------------------------------------------------- > Exploit & Vulnerability Alerting Service > http://evas.itsec-ss.nl > > # > # This script was written by Tarik El-Yassem > # > # Copyright (c) 2006 ITsec Security Services BV, http://www.itsec-ss.nl > # This program is free software; you can redistribute it and/or modify > # it under the terms of the GNU General Public License Version 2 > # > # This program is distributed in the hope that it will be useful, > # but WITHOUT ANY WARRANTY; without even the implied warranty of > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > # GNU General Public License for more details. > # > # You should have received a copy of the GNU General Public License > # along with this program; if not, write to the Free Software > # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > # > > if(description) > { > script_id(91984); > script_version("1.88"); > name["english"]= "LDAPsearch"; > script_name(english:name["english"]); > > desc["english"] = "This plugins shows what information can be pulled of an LDAP server"; > script_description(english:desc["english"]); > > summary["english"] = "LDAP information extraction with ldapsearch"; > script_summary(english:summary["english"]); > > script_category(ACT_GATHER_INFO); > > script_copyright(english:"This script is Copyright (C) 2006 Tarik El-Yassem/ITsec Security Services"); > script_family(english:"Remote file access"); > script_dependencies("find_service.nasl", "doublecheck_std_services.nasl", "external_svc_ident.nasl"); > script_require_ports("Services/ldap", 389); > > script_add_preference(name:"Timeout value", type:"entry", value:"3"); > script_add_preference(name:"Buffersize", type:"entry", value:"20"); > exit(0); > } > > > if (! defined_func("pread") || ! defined_func("get_preference")) > { > set_kb_item(name: "/tmp/UnableToRun/91984", value: TRUE); > display("Script #91984 (ldapsearch) cannot run!\n"); > display("You must upgrade your libnasl for this to work.\n"); > exit(0); > } > > if (! find_in_path("ldapsearch")) > { > set_kb_item(name: "/tmp/UnableToRun/91984", value: TRUE); > display("Script #91984 (ldapsearch) cannot run!\n"); > display("You need to have ldapsearch in your path!\n"); > exit(0); > } > > port = get_kb_item("Services/ldap"); > if (! port) port = 389; > if (! get_port_state(port)) exit(0); > > timeout = script_get_preference("Timeout value"); > buffer = script_get_preference("Buffersize"); > > function scanopts(ports, type, value) > { > i = 0; > argv[i++] = "ldapsearch"; > argv[i++] = "-h"; > argv[i++] = get_host_ip(); > argv[i++] = "-p"; > argv[i++] = port; > argv[i++] = "-x"; #do not authenticate > argv[i++] = "-C"; #we like to chase referals > argv[i++] = "-b"; > argv[i++] = value; > argv[i++] = "-s"; > argv[i++] = "base"; > > if(type=="null-bind") > { > argv[i++] = "objectclass=*"; > argv[i++] = "-P3"; > } > > return(argv); > } > > > function getdc(res) > { > #split string into array of smaller strings on each comma. > r = split(res, sep:","); > n = 0; > i = 0; > patt = '*dc=([a-zA-Z0-9]*+)'; > dc = eregmatch(string:r, pattern:patt, icase:1); > value[i]=dc[n+1]; > #get the first value of DC=... or dc=... and put it into our array for storage > i++; > n++; > > foreach line (r) > { > r = ereg_replace(string:r, pattern: dc[0], replace:'XXXXX',icase:1); > #now replace the value we have already with some X-es so we won't find them again. > > dc = eregmatch(string:r, pattern:patt, icase:1); > value[i]=dc[n]; > #get the next value of dc=... or DC=... > i++; > if (!dc[n]) exit(0); > n++; > } > if (!value) exit(0); > return(value); > } > > > function makereport(res, buffer, port, type) > { > if(! res) exit(0); > results = substr(res, 0, buffer-1); > if (results) > { > if (type="null-base") > { > security_hole( > port: port, > data: 'The LDAPserver allows null-binds and null-base requests \n\n' > ); > security_note( > port: port, > data: 'Grabbed the following information with a null-bind, null-base request: \n' + > '--------------------------------------------------------------------------------------------------\n\n' + results > ); > } > > if (type="null-bind") > security_note( > port: port, > data: 'Grabbed the following information from the LDAP server: \n' + > '----------------------------------------------------------------------------------------\n\n' + results > ); > } > } > > #first do ldapsearch -h x.x.x.x -b '' -x -C -s base > type = "null-base"; > value = ''; > args = scanopts(port,type,value); > > res = pread(cmd: "ldapsearch", argv: args, nice: 5); > #this is insecure, but there's no other way to do this at the moment. > makereport(res, type); > > #then ldapsearch -h x.x.x.x -b dc=X,dc=Y -x -C -s base 'objectclass=*' -P3 -A > type = "null-bind"; > val = getdc(res); #this gets the dc values so we can use them for a ldapsearch down the branch.. > value = "dc=" + val[0] + "dc=" + val[1]; #get the first two dc values to pass it to LDAPsearch. > #note that for deeper searches we would want use the other values in the array. > #we could make this recursive so a user can specify how many branches we want to examine. > #but then we would need to grab other things like the cn values and use those in the requests. > > args = scanopts(port,type,value); > > res = pread(cmd: "ldapsearch", argv: args, nice: 5); > #this is insecure, but unfortunately there's no other way to do this at the moment. > makereport(res, type); > _______________________________________________ > openvas-plugins mailing list > openvas-plugins at openvas.org > http://www.openvas.org/mailman/listinfo.cgi/openvas-plugins -- Hacker Barbie! Complete with laptop, tools (\`--/') _ _______ .-r-. tools, and cables. Includes a free tiny >.~.\ `` ` `,`,`. ,'_'~`. stack of usernames and passwords! (v_," ; `,-\ ; : ; \/,-~) \ stripes at tigerlair dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at brickbox dot com ((,((,__..'~~~~~~((,__..' `-..-'fL From timb at openvas.org Wed Apr 19 16:20:08 2006 From: timb at openvas.org (Tim Brown) Date: Wed, 19 Apr 2006 15:20:08 +0100 Subject: [openvas-plugins] Missing NASLs (was Re: Repost: ldapsearch plugin) In-Reply-To: <20060418120331.A10102@tigerlair.com> References: <44449606.1030205@itsec.nl> <20060418120331.A10102@tigerlair.com> Message-ID: <200604191520.08325.timb@openvas.org> On Tuesday 18 April 2006 17:03, stripes wrote: > Hi Tarik, > > Thanks for the plugin! It's great to have contributions. > > Btw, where is find_service.nasl? I have find_service1.nasl and > find_service2.nasl. > > Which one do you need for your script? The find_service.nes (C version with > Nessus 2.2.4) has gone away. > > -Anne The source for find_service.nes is in the OpenVAS source tree with a GPL license. ldap_detect.nasl (used by some other LDAP scripts) on the other hand, appears to be missing. It might be a good idea for someone to start auditing the various script dependencies? Cheers, Tim -- Tim Brown, OpenVAS From stripes at tigerlair.com Wed Apr 19 17:29:13 2006 From: stripes at tigerlair.com (stripes) Date: Wed, 19 Apr 2006 11:29:13 -0400 Subject: [openvas-plugins] Missing NASLs (was Re: Repost: ldapsearch plugin) In-Reply-To: <200604191520.08325.timb@openvas.org>; from timb@openvas.org on Wed, Apr 19, 2006 at 03:20:08PM +0100 References: <44449606.1030205@itsec.nl> <20060418120331.A10102@tigerlair.com> <200604191520.08325.timb@openvas.org> Message-ID: <20060419112913.A8287@tigerlair.com> On Wed, Apr 19, 2006 at 03:20:08PM +0100, Tim Brown wrote: > The source for find_service.nes is in the OpenVAS source tree with a GPL > license. ldap_detect.nasl (used by some other LDAP scripts) on the other > hand, appears to be missing. ldap_detect.nasl is a non-GPL script :( > It might be a good idea for someone to start auditing the various script > dependencies? Here's a start: cubecart_detect.nasl invision_power_board_detect.nasl serendipity_detect.nasl php_fusion_detect.nasl mambo_detect.nasl phpmyfaq_detect.nasl phpMyAdmin_detect.nasl moodle_detect.nasl phorum_detect.nasl webapp_detect.nasl cutenews_detect.nasl sybase_detect.nasl I found some GPL replacements for some of the scripts above. I'll post them here when I dig 'em up later today. :) -Anne -- There may be 50 ways to leave your (\`--/') _ _______ .-r-. leave your lover, but there are >.~.\ `` ` `,`,`. ,'_'~`. only 4 ways out of this airplane. (v_," ; `,-\ ; : ; \/,-~) \ stripes at brickbox dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL From stripes at tigerlair.com Wed Apr 19 17:40:10 2006 From: stripes at tigerlair.com (stripes) Date: Wed, 19 Apr 2006 11:40:10 -0400 Subject: [openvas-plugins] Missing NASLs (was Re: Repost: ldapsearch plugin) In-Reply-To: <20060419112913.A8287@tigerlair.com>; from stripes@tigerlair.com on Wed, Apr 19, 2006 at 11:29:13AM -0400 References: <44449606.1030205@itsec.nl> <20060418120331.A10102@tigerlair.com> <200604191520.08325.timb@openvas.org> <20060419112913.A8287@tigerlair.com> Message-ID: <20060419114010.A5997@tigerlair.com> Ok, that didn't take long. Here is the URL for the other GPL scripts that should replace any non-GPL plugins. http://arachnids.stillsecure.com/SAT/scripts/OSSSA/GPL/released/OSSSA/scripts/ -Anne On Wed, Apr 19, 2006 at 11:29:13AM -0400, stripes wrote: > On Wed, Apr 19, 2006 at 03:20:08PM +0100, Tim Brown wrote: > > The source for find_service.nes is in the OpenVAS source tree with a GPL > > license. ldap_detect.nasl (used by some other LDAP scripts) on the other > > hand, appears to be missing. > > ldap_detect.nasl is a non-GPL script :( > > > It might be a good idea for someone to start auditing the various script > > dependencies? > > Here's a start: > cubecart_detect.nasl > invision_power_board_detect.nasl > serendipity_detect.nasl > php_fusion_detect.nasl > mambo_detect.nasl > phpmyfaq_detect.nasl > phpMyAdmin_detect.nasl > moodle_detect.nasl > phorum_detect.nasl > webapp_detect.nasl > cutenews_detect.nasl > sybase_detect.nasl > > I found some GPL replacements for some of the scripts above. I'll post them here when I dig 'em up later today. :) > > -Anne > -- > There may be 50 ways to leave your (\`--/') _ _______ .-r-. > leave your lover, but there are >.~.\ `` ` `,`,`. ,'_'~`. > only 4 ways out of this airplane. (v_," ; `,-\ ; : ; \/,-~) \ > stripes at brickbox dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') > stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL > _______________________________________________ > openvas-plugins mailing list > openvas-plugins at openvas.org > http://www.openvas.org/mailman/listinfo.cgi/openvas-plugins > -- There may be 50 ways to leave your (\`--/') _ _______ .-r-. leave your lover, but there are >.~.\ `` ` `,`,`. ,'_'~`. only 4 ways out of this airplane. (v_," ; `,-\ ; : ; \/,-~) \ stripes at brickbox dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL From stripes at tigerlair.com Thu Apr 20 01:25:33 2006 From: stripes at tigerlair.com (stripes) Date: Wed, 19 Apr 2006 19:25:33 -0400 Subject: [openvas-plugins] Missing NASLs (was Re: Repost: ldapsearch plugin) In-Reply-To: <20060419114010.A5997@tigerlair.com>; from stripes@tigerlair.com on Wed, Apr 19, 2006 at 11:40:10AM -0400 References: <44449606.1030205@itsec.nl> <20060418120331.A10102@tigerlair.com> <200604191520.08325.timb@openvas.org> <20060419112913.A8287@tigerlair.com> <20060419114010.A5997@tigerlair.com> Message-ID: <20060419192533.A979@tigerlair.com> Oh yeah, this should help: NASL scripts missing local checks ------------ -------------------- os2a_cubecart_detect_600628.nasl (replaces cubecart_detect.nasl) cubecart_lang_xss.nasl cubecart_xss.nasl os2a_ipb_version_600218.nasl (replaces invision_power_board_detect.nasl) invision_pwb.nasl os2a_serendipity_detect_600151.nasl (replaces serendipity_detect.nasl) serendipity_xss.nasl os2a_phpfusion_detect_600620.nasl (replaces php_fusion_detect.nasl) php_fusion_6_00_110.nasl php_fusion_sql_inject.nasl php_fusion_xss.nasl os2a_phpmyadmin_detect_600865.nasl ( replaces phpMyAdmin_detect.nasl) phpMyAdmin_remote_cmd.nasl phpMyAdmin_xss.nasl I can send you the unified diff patches for these if you want. -Anne On Wed, Apr 19, 2006 at 11:40:10AM -0400, stripes wrote: > Ok, that didn't take long. Here is the URL for the other GPL scripts that should replace any non-GPL plugins. > > http://arachnids.stillsecure.com/SAT/scripts/OSSSA/GPL/released/OSSSA/scripts/ > > -Anne > > On Wed, Apr 19, 2006 at 11:29:13AM -0400, stripes wrote: > > On Wed, Apr 19, 2006 at 03:20:08PM +0100, Tim Brown wrote: > > > The source for find_service.nes is in the OpenVAS source tree with a GPL > > > license. ldap_detect.nasl (used by some other LDAP scripts) on the other > > > hand, appears to be missing. > > > > ldap_detect.nasl is a non-GPL script :( > > > > > It might be a good idea for someone to start auditing the various script > > > dependencies? > > > > Here's a start: > > cubecart_detect.nasl > > invision_power_board_detect.nasl > > serendipity_detect.nasl > > php_fusion_detect.nasl > > mambo_detect.nasl > > phpmyfaq_detect.nasl > > phpMyAdmin_detect.nasl > > moodle_detect.nasl > > phorum_detect.nasl > > webapp_detect.nasl > > cutenews_detect.nasl > > sybase_detect.nasl > > > > I found some GPL replacements for some of the scripts above. I'll post them here when I dig 'em up later today. :) > > > > -Anne > > -- > > There may be 50 ways to leave your (\`--/') _ _______ .-r-. > > leave your lover, but there are >.~.\ `` ` `,`,`. ,'_'~`. > > only 4 ways out of this airplane. (v_," ; `,-\ ; : ; \/,-~) \ > > stripes at brickbox dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') > > stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL > > _______________________________________________ > > openvas-plugins mailing list > > openvas-plugins at openvas.org > > http://www.openvas.org/mailman/listinfo.cgi/openvas-plugins > > > -- > There may be 50 ways to leave your (\`--/') _ _______ .-r-. > leave your lover, but there are >.~.\ `` ` `,`,`. ,'_'~`. > only 4 ways out of this airplane. (v_," ; `,-\ ; : ; \/,-~) \ > stripes at brickbox dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') > stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL > _______________________________________________ > openvas-plugins mailing list > openvas-plugins at openvas.org > http://www.openvas.org/mailman/listinfo.cgi/openvas-plugins > -- Eagles may soar, (\`--/') _ _______ .-r-. but weasels don't get >.~.\ `` ` `,`,`. ,'_'~`. sucked into jet engines. (v_," ; `,-\ ; : ; \/,-~) \ stripes at tigerlair dot com `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at brickbox dot com ((,((,__..'~~~~~~((,__..' `-..-'fL