Home page logo
/

pen-test logo Penetration Testing mailing list archives

NASL issues
From: tenbatsui () yahoo com
Date: 14 Mar 2007 21:56:48 -0000

I have been writing a NASL that will attempt to connect to an SMB session using the username I specify. The purpose is 
a calling card for customers to realize that the server is being scanned by us.
However I am having issues with the script working correctly...
Any NASL experts have an answer?
if(description)
{
 script_id(96213);
 script_version ("$Revision: 1.0 $");
 
 name["english"] = "Testing SMB";
  
 script_name(english:name["english"]);
 
 desc["english"] = "
This is to post information in the event log.
Risk factor : None";

 script_description(english:desc["english"]);
 
 summary["english"] = "Logs in with our calling Card";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"Myname");
 family["english"] = "Windows";
 script_family(english:family["english"]);
 
 # script_dependencies("smb_login.nasl");
 script_require_ports(139);
 exit(0);
}
include("smb_func.inc");

flag = 0;

if(get_port_state(445))
{
 soc = open_sock_tcp(445);
 if(soc){
 session_init(socket:soc);
 ret = smb_negotiate_protocol ();
 close(soc);
 if(ret){
        set_kb_item(name:"Services/cifs", value:445);
        set_kb_item(name:"Known/tcp/445", value:"cifs");
        security_note(port:445, data:"A CIFS server is running on this port");
        set_kb_item(name:"SMB/transport", value:445);
        flag = 1;
      }
   }
}


if(get_port_state(139))
{
  soc = open_sock_tcp(139);
  if(soc){
          session_init (socket:soc);
          called_name = netbios_name (orig:string("TESTingSMB", rand()));
          calling_name = netbios_name (orig:NULL);

          data = called_name + raw_byte (b:0) +
                 calling_name + raw_byte (b:0);
          r = netbios_sendrecv (type:0x81, data:data);
          close(soc);
          if(r && (ord(r[0]) == 0x82 || ord(r[0]) == 0x83)) {
                set_kb_item(name:"Services/smb", value:139);
                set_kb_item(name:"Known/tcp/139", value:"smb");
                security_note(port:139, data:"An SMB server is running on this port");  
                if(!flag)set_kb_item(name:"SMB/transport", value:139);
                }
        }
}
#include(nfs_func.inc);
#soc = open_sock_tcp(139);
#if (! soc) exit(0);
#mount(soc:soc, share:C$);
#exit(0);

#include("smb_nt.inc");

#login = ("Company_scanning_your_network");
#pass  = ("");

#if(get_kb_item("SMB/any_login"))exit(0);

#set_kb_item("SMB/transport, 139");

#port =("139"); 
#if(!get_port_state(port))exit(0);
#soc = open_sock_tcp(port);
#if (! soc) exit(0);
        #smb_session_request(soc:soc, remote:remote);
                #smb_neg_prot(soc:soc, data:USCOURTS_TESTING);
#exit(0);
#
#session_init(socket:soc);
#r = NetUseAdd(login:login, password:pass, domain:NULL, share:"IPC$");
#NetUseDel();
#if ( r == 1 )  exit(1);
#
#soc = open_sock_tcp(port);
#if ( ! soc ) exit(0);
#
#session_init(socket:soc);
#r = NetUseAdd(login:login, password:pass, domain:NULL, share:"C$");
#if ( r == 1 ) security_note(port);
#NetUseDel();

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • NASL issues tenbatsui (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]