From timb at nth-dimension.org.uk Thu May 1 00:48:26 2008 From: timb at nth-dimension.org.uk (Tim Brown) Date: Wed, 30 Apr 2008 23:48:26 +0100 Subject: [Openvas-plugins] SMB Tests In-Reply-To: <200804301838.01417.c.koch-mauthe@dn-systems.de> References: <200804301838.01417.c.koch-mauthe@dn-systems.de> Message-ID: <200804302348.27379.timb@nth-dimension.org.uk> On Wednesday 30 April 2008 17:38:01 Carsten Koch-Mauthe wrote: > due to Copyright problems the nessus SMB Tests are missing in openvas. > To make some Windows/SMB Tests possible with openvas i've proposed to use > smbclient from the samba project. With smbclient it is possible to get some > Information about the Hosts OS and it is possible to get files and > direntries. I've started a smbcl API with the following funtions right now. Carsten, You may wish to take a look at: http://www.portcullis-security.com/tools/free/enum4linux-0.7.0.tar.gz Which is written by a colleague of mine. This tool uses standard *nix binaries to extract a lot of information about Windows systems. Maybe there are other Windows tests that we could perform. If it looks interesting and gives you some ideas then let me know and I'll see if I can get you a copy of the latest internal version which does even more than the current public release. Cheers, Tim -- Tim Brown From jan-oliver.wagner at intevation.de Fri May 2 10:45:48 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Fri, 2 May 2008 10:45:48 +0200 Subject: [Openvas-plugins] SMB Tests In-Reply-To: <200804301838.01417.c.koch-mauthe@dn-systems.de> References: <200804301838.01417.c.koch-mauthe@dn-systems.de> Message-ID: <200805021045.50617.jan-oliver.wagner@intevation.de> On Mittwoch, 30. April 2008, Carsten Koch-Mauthe wrote: > Another question for me are the credentials to be used with smbcl_api. > The "main" creds are given on the crdentials page in openvasclient. But today > i've found some additional smb creds on the prefs. page. Is it useful to use > more then one user/pw pair for smb ? If so how to decide which pair for which > host(s). I've found no dependency between user/pw and host. Probably adding a > new smb_host_credentials field ? Or trying all creds on every host if login > fails ? there is indeed a larger design question which does not only apply to smb but to all credentials. Thie quesiton is about wtether to have same credentials for multiple targets or whether to have individual credentials for each target. In the latter case I see two options to handle it, either with a clever OpenVAS/NASL-script or by defining that for each different credentials a scope of its own is to be created in OpenVAS-Client. However, for the time being I'd propose we just use a "smb_authorization.nasl" analogous to "ssh_authorization.nasl", ie. have only a single set of credentials for each type (ssh/smb/...) Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From c.koch-mauthe at dn-systems.de Fri May 2 11:05:20 2008 From: c.koch-mauthe at dn-systems.de (Carsten Koch-Mauthe) Date: Fri, 2 May 2008 11:05:20 +0200 Subject: [Openvas-plugins] SMB Tests In-Reply-To: <200805021045.50617.jan-oliver.wagner@intevation.de> References: <200804301838.01417.c.koch-mauthe@dn-systems.de> <200805021045.50617.jan-oliver.wagner@intevation.de> Message-ID: <200805021105.20521.c.koch-mauthe@dn-systems.de> Hallo Jan-Oliver, Am Freitag 02 Mai 2008 schrieb Jan-Oliver Wagner: > On Mittwoch, 30. April 2008, Carsten Koch-Mauthe wrote: > > Another question for me are the credentials to be used with smbcl_api. > > The "main" creds are given on the crdentials page in openvasclient. But > > today i've found some additional smb creds on the prefs. page. Is it > > useful to use more then one user/pw pair for smb ? If so how to decide > > which pair for which host(s). I've found no dependency between user/pw > > and host. Probably adding a new smb_host_credentials field ? Or trying > > all creds on every host if login fails ? > > there is indeed a larger design question which does not only > apply to smb but to all credentials. Thie quesiton is about > wtether to have same credentials for multiple targets or > whether to have individual credentials for each target. > In the latter case I see two options to handle it, either > with a clever OpenVAS/NASL-script or by defining that > for each different credentials a scope of its own is to > be created in OpenVAS-Client. I think it is more flexible if some can use different credentials for different targets. Probably it is useful to add a Host(s) field for every Credentials which if is set can hold one or more tragets for this credentials. This field then should work like the Target(s) field in Targets selection (comma separated). This probably can be done with some nasl and without changing the client. > > However, for the time being I'd propose we just use > a "smb_authorization.nasl" analogous to "ssh_authorization.nasl", > ie. have only a single set of credentials for each type (ssh/smb/...) By now the smb credentials are handled by the logins.nasl script. This is working ok. -- Gruss ? ? Carsten Koch-Mauthe ? ? ?http://www.dn-systems.de ?mail: c.koch-mauthe at dn-systems.de ?DN-Systems Enterprise Internet Solutions GmbH ?Hornemannstr. 11 31137 Hildesheim, Germany ? ? ?Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 ?21 Sunrise Ct, S.San Francisco, CA 94080, USA ?Tel. +1-650-472-2512 ?Mob. +1-650-430-1219 ?Handelsregister HRB-3213 Amtsgericht Hildesheim ?Gesch?ftsf?hrer Lukas Grunwald From c.koch-mauthe at dn-systems.de Mon May 12 21:52:07 2008 From: c.koch-mauthe at dn-systems.de (Carsten Koch-Mauthe) Date: Mon, 12 May 2008 21:52:07 +0200 Subject: [Openvas-plugins] SMB Tests In-Reply-To: <200804302348.27379.timb@nth-dimension.org.uk> References: <200804301838.01417.c.koch-mauthe@dn-systems.de> <200804302348.27379.timb@nth-dimension.org.uk> Message-ID: <200805122152.07608.c.koch-mauthe@dn-systems.de> Hallo Tim, Am Donnerstag 01 Mai 2008 schrieb Tim Brown: > > due to Copyright problems the nessus SMB Tests are missing in openvas. > > To make some Windows/SMB Tests possible with openvas i've proposed to use > > smbclient from the samba project. With smbclient it is possible to get > > some Information about the Hosts OS and it is possible to get files and > > direntries. I've started a smbcl API with the following funtions right > > now. > > Carsten, > > You may wish to take a look at: > > http://www.portcullis-security.com/tools/free/enum4linux-0.7.0.tar.gz > > Which is written by a colleague of mine. This tool uses standard *nix > binaries to extract a lot of information about Windows systems. Maybe > there are other Windows tests that we could perform. If it looks > interesting and gives you some ideas then let me know and I'll see if I can > get you a copy of the latest internal version which does even more than the > current public release. This looks very interesting. He is using the rpcclient also for some tests. Very nice. If there is a newer version available, then i am very interested in. Probably there are more idears we can use also in openvas. -- Gruss ? ? Carsten Koch-Mauthe ? ? ?http://www.dn-systems.de ?mail: c.koch-mauthe at dn-systems.de ?DN-Systems Enterprise Internet Solutions GmbH ?Hornemannstr. 11 31137 Hildesheim, Germany ? ? ?Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 ?21 Sunrise Ct, S.San Francisco, CA 94080, USA ?Tel. +1-650-472-2512 ?Mob. +1-650-430-1219 ?Handelsregister HRB-3213 Amtsgericht Hildesheim ?Gesch?ftsf?hrer Lukas Grunwald From c.koch-mauthe at dn-systems.de Mon May 12 22:06:21 2008 From: c.koch-mauthe at dn-systems.de (Carsten Koch-Mauthe) Date: Mon, 12 May 2008 22:06:21 +0200 Subject: [Openvas-plugins] SMB Tests In-Reply-To: <200804301838.01417.c.koch-mauthe@dn-systems.de> References: <200804301838.01417.c.koch-mauthe@dn-systems.de> Message-ID: <200805122206.22121.c.koch-mauthe@dn-systems.de> Hi, i've finished the first smb scripts. Tim has added me as a Junior Developer to the openvas Project. There is already a problem with svn. I'm not able to connect to the svn as ckm. === svn checkout svn+ssh://ckm at svn.wald.intevation.org/openvas/trunk Permission denied (publickey,keyboard-interactive) === As soon as i am allowed to commit i will put the first three scripts to the trunk. So far i've added the scripts to this mail, if anyone would like to test the scripts. -- Gruss ? ? Carsten Koch-Mauthe ? ? ?http://www.dn-systems.de ?mail: c.koch-mauthe at dn-systems.de ?DN-Systems Enterprise Internet Solutions GmbH ?Hornemannstr. 11 31137 Hildesheim, Germany ? ? ?Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 ?21 Sunrise Ct, S.San Francisco, CA 94080, USA ?Tel. +1-650-472-2512 ?Mob. +1-650-430-1219 ?Handelsregister HRB-3213 Amtsgericht Hildesheim ?Gesch?ftsf?hrer Lukas Grunwald -------------- next part -------------- A non-text attachment was scrubbed... Name: smb_tests.tar.gz Type: application/x-tgz Size: 3755 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20080512/52411592/smb_tests.tar.bin From jan-oliver.wagner at intevation.de Tue May 13 09:00:41 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Tue, 13 May 2008 09:00:41 +0200 Subject: [Openvas-plugins] SMB Tests In-Reply-To: <200805122206.22121.c.koch-mauthe@dn-systems.de> References: <200804301838.01417.c.koch-mauthe@dn-systems.de> <200805122206.22121.c.koch-mauthe@dn-systems.de> Message-ID: <200805130900.44152.jan-oliver.wagner@intevation.de> Carsten, On Montag, 12. Mai 2008, Carsten Koch-Mauthe wrote: > Tim has added me as a Junior Developer to the openvas Project. > There is already a problem with svn. I'm not able to connect to the svn as > ckm. all settings look OK. Have you uploaded your public sshv2 key on your personal page at Wald? Have you applied this line: svn checkout svn+ssh://ckm at svn.wald.intevation.org/openvas/trunk What is the error output? Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Thu May 15 10:53:05 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 15 May 2008 10:53:05 +0200 Subject: [Openvas-plugins] [Openvas-discuss] Question about plugin 11808 In-Reply-To: <9C39E80D40AE27489BFD4E9CB7A7166101BD4107@VW3TEX4009.TKSAST.NET> References: <9C39E80D40AE27489BFD4E9CB7A7166101BD4107@VW3TEX4009.TKSAST.NET> Message-ID: <200805151053.09410.jan-oliver.wagner@intevation.de> Hello, (I am CCing this to openvas-plugins, the mailing list for plugin issues) On Mittwoch, 14. Mai 2008, Vincenti Francesco wrote: > I am writing you to understand the correct behaviour I should have in > front of the results of OpenVAS scansion, according the following > "problem". > > Every scansion of my company's PC I have done until now shows a security > hole in each machine which is detected by plugin 11808, about Microsoft > RPC Interface Buffer Overrun, and is caused by epmap on port 135. > > The plugin suggests to update the operating system to a kind of patch > but when I try to install it the answer is that the operating system > version in more recent than the patch itself: obviously, the problem is > known since 2003 and Windows has reached the SP 2 now! > > Is this result the consequence of some missed update of the plugin 11808 > or is the pluging itself which is not update to the SP 2, and how can I > solve this false positive? > > Thank you very much for your attention. I am not a plugin developer nor would I call myself a Windows guru. However, the first observation when looking into the NASL code (msrpc_dcom.nasl) is that a dependency is not fullfilled (msrpc_dcom2.nasl). This script is missing which is probably because it is kept proprietary by Tenable (OpenVAS project obviolusly had to remove any proprietary elelement). But this does not necessarily cause the problem. I can try to reproduce the problem, but I'd need to know how to start the service at port 135. My default XPSP2 has nothing running there. Best Jan -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner