On Thu, Sep 25, 2003 at 09:50:07AM -0500, Ray Seals wrote:
> On Thu, 2003-09-25 at 09:02, Renaud Deraison wrote:
>
> > Modify netbios_name_get.nasl to depend on msrpc_dcom2.nasl.
> > (ie: add 'script_dependencies("msrpc_dcom2.nasl");'), then add, at
> > the begining of the plugin part :
> >
> > if(get_kb_item("SMB/KB824146"))exit(0);
> >
> >
>
> Tried the above. Here is a snippet of the netbios_name_get.nasl file:
[...]
> Did I put these in the right spot? I'm still getting entries in the
> reports for machines with netbios-ns (137/udp) only.
My mistake, sorry. You are probably getting Netbios entries for host
which either have port 135 closed or have disabled DCOM.
At the end of msrpc_dcom2.nasl, change :
if(hexstr(error1) == "05000780")exit(0); # DCOM disabled
To :
if(hexstr(error1) == "05000780")
{
set_kb_item(name:"SMB/KB824146", value:TRUE);
exit(0);
}
And :
if(hexstr(error6) == hexstr(error7) &&
hexstr(error6) == "05000780")exit(0); # Dcom disabled
to
if(hexstr(error6) == hexstr(error7) &&
hexstr(error6) == "05000780")
{
set_kb_item(name:"SMB/KB824146", value:TRUE);
exit(0);
}
Then in netbios_name_get.nasl, also add :
soc = open_sock_tcp(135);
if(!soc)exit(0);
-- Renaud
