Penetration Testing mailing list archives
NASL issues
From: tenbatsui () yahoo com
Date: 14 Mar 2007 21:56:48 -0000
I have been writing a NASL that will attempt to connect to an SMB session using the username I specify. The purpose is a calling card for customers to realize that the server is being scanned by us. However I am having issues with the script working correctly... Any NASL experts have an answer? if(description) { script_id(96213); script_version ("$Revision: 1.0 $"); name["english"] = "Testing SMB"; script_name(english:name["english"]); desc["english"] = " This is to post information in the event log. Risk factor : None"; script_description(english:desc["english"]); summary["english"] = "Logs in with our calling Card"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"Myname"); family["english"] = "Windows"; script_family(english:family["english"]); # script_dependencies("smb_login.nasl"); script_require_ports(139); exit(0); } include("smb_func.inc"); flag = 0; if(get_port_state(445)) { soc = open_sock_tcp(445); if(soc){ session_init(socket:soc); ret = smb_negotiate_protocol (); close(soc); if(ret){ set_kb_item(name:"Services/cifs", value:445); set_kb_item(name:"Known/tcp/445", value:"cifs"); security_note(port:445, data:"A CIFS server is running on this port"); set_kb_item(name:"SMB/transport", value:445); flag = 1; } } } if(get_port_state(139)) { soc = open_sock_tcp(139); if(soc){ session_init (socket:soc); called_name = netbios_name (orig:string("TESTingSMB", rand())); calling_name = netbios_name (orig:NULL); data = called_name + raw_byte (b:0) + calling_name + raw_byte (b:0); r = netbios_sendrecv (type:0x81, data:data); close(soc); if(r && (ord(r[0]) == 0x82 || ord(r[0]) == 0x83)) { set_kb_item(name:"Services/smb", value:139); set_kb_item(name:"Known/tcp/139", value:"smb"); security_note(port:139, data:"An SMB server is running on this port"); if(!flag)set_kb_item(name:"SMB/transport", value:139); } } } #include(nfs_func.inc); #soc = open_sock_tcp(139); #if (! soc) exit(0); #mount(soc:soc, share:C$); #exit(0); #include("smb_nt.inc"); #login = ("Company_scanning_your_network"); #pass = (""); #if(get_kb_item("SMB/any_login"))exit(0); #set_kb_item("SMB/transport, 139"); #port =("139"); #if(!get_port_state(port))exit(0); #soc = open_sock_tcp(port); #if (! soc) exit(0); #smb_session_request(soc:soc, remote:remote); #smb_neg_prot(soc:soc, data:USCOURTS_TESTING); #exit(0); # #session_init(socket:soc); #r = NetUseAdd(login:login, password:pass, domain:NULL, share:"IPC$"); #NetUseDel(); #if ( r == 1 ) exit(1); # #soc = open_sock_tcp(port); #if ( ! soc ) exit(0); # #session_init(socket:soc); #r = NetUseAdd(login:login, password:pass, domain:NULL, share:"C$"); #if ( r == 1 ) security_note(port); #NetUseDel(); ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- NASL issues tenbatsui (Mar 18)