Hello, due to Copyright problems the nessus SMB Tests are missing in openvas. To make some Windows/SMB Tests possible with openvas i've proposed to use smbclient from the samba project. With smbclient it is possible to get some Information about the Hosts OS and it is possible to get files and direntries. I've started a smbcl API with the following funtions right now.
function smbclientavail() For checking if smbclient is avaible. function smbversion() Which gives the DOMAIN, OS Version and SMB Serverversion and writes this to the kb. function smbgetfile(share, filename, tmp_filename) Get a file from the target and saves this file locally using the tmp_filename. function smbgetdir(share, dir, typ) Get Direntries from SMB Source. typ 0 = all entries. typ 1 = only file entries. typ 2 = only directory entries. With this it is possible to check for one or more files or directories. function GetPEFileVersion (tmp_filename, orig_filename) With this function it is possible to check for the Version of Windows PE/32 executables like .exe or .dll. Together with smbgetfile it is possible to check for Windows vulnerabilities. function get_windir() This gives depending on the OS found with smbversion the Standard Windows folder WINNT or WINDOWS. And a few other small helpers for reading the files and converting some values. The remote access to the registry is not possible with smbclient so there are no registry functions right now. But i've found some tools (regshell) within the not yet released samba 4 with probably gives access to the registry. Is there someone who has experiences with this tools ? Eventually we can include this regshell tool to openvas. Another question for me are the credentials to be used with smbcl_api. The "main" creds are given on the crdentials page in openvasclient. But today i've found some additional smb creds on the prefs. page. Is it useful to use more then one user/pw pair for smb ? If so how to decide which pair for which host(s). I've found no dependency between user/pw and host. Probably adding a new smb_host_credentials field ? Or trying all creds on every host if login fails ? Any comments, hints or suggestions are very welcome. -- Gruss Carsten Koch-Mauthe http://www.dn-systems.de mail: [EMAIL PROTECTED] DN-Systems Enterprise Internet Solutions GmbH Hornemannstr. 11 31137 Hildesheim, Germany Tel. +49-5121-28989-0 Fax. +49-5121-28989-11 21 Sunrise Ct, S.San Francisco, CA 94080, USA Tel. +1-650-472-2512 Mob. +1-650-430-1219 Handelsregister HRB-3213 Amtsgericht Hildesheim Geschäftsführer Lukas Grunwald _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
