Re: [Openvas-plugins] ldap_detect.nasl

Fri, 17 Oct 2008 09:41:49 -0700 

Hi, I am a tard....
I copied this over to another box to test and I forgot to change something... slap me later. 

yeah, sorry.  Here is the one without that bad line.

--
MadHat (at) Unspecific.com
"The true man wants two things: danger and play.
 For that reason he wants woman, as the most dangerous plaything."
                          - Friedrich Nietzsche

#
# This script was written by MadHat Unspecific <[EMAIL PROTECTED]>
#
# GPL
#

if(description)
{
  script_id();
  script_version ("$Revision: 1 $");
 
  script_name(english:"LDAP detection");
 
  desc["english"] = "LDAP is running on this host.


Risk factor : None / Low";

  script_description(english:desc["english"]);
 
  summary["english"] = "Detect an LDAP server";
  script_summary(english:summary["english"]);
 
  script_category(ACT_GATHER_INFO);
 
  script_copyright(english:"This script is Copyright (C) 2008 MadHat 
Unspecific");
  family["english"] = "General";
  script_family(english:family["english"]);
  script_require_ports("Services/ldap", 389); 
  exit(0);
}
include("misc_func.inc");

port = get_kb_item("Services/ldap");
if (! port) port = 389;

if(!get_port_state(port))exit(0);

sochand = open_sock_tcp(port);
if (!sochand) exit(0);

# Version 3 od LDAP Bind Request
ldapreq = raw_string(0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 
0x03, 0x04, 0x00, 0x80, 0x00);

send(socket:sochand, data:ldapreq);
read = recv_line(socket:sochand, length:32);

if (strlen(read) > 14) {
  if (read && (read[0] == raw_string(0x30) && 
               read[8] == raw_string(0x01) &&
               read[9] == raw_string(0x01) &&
               read[15] == raw_string(0x0a) &&
               read[16] == raw_string(0x01) &&
               read[17] == raw_string(0x00))) {
    # Protocol 3 Bind request success
    register_service(port:port, proto:"ldap");
    security_note(port);
  }
} else {
  if (read && (read[0] == raw_string(0x30) && 
               read[4] == raw_string(0x01) &&
               read[5] == raw_string(0x01) &&
               read[7] == raw_string(0x0a) &&
               read[8] == raw_string(0x01) &&
               read[9] == raw_string(0x00))) {
    # Protocol 3 Bind request success
    register_service(port:port, proto:"ldap");
    security_note(port);
  } else if (read && (read[0] == raw_string(0x30) && 
                      read[4] == raw_string(0x01) &&
                      read[5] == raw_string(0x01) &&
                      read[7] == raw_string(0x0a) &&
                      read[8] == raw_string(0x01) &&
                      read[9] == raw_string(0x02))) {
    # Protocol 3 Bind request error
    register_service(port:port, proto:"ldap");
    security_note(port);
  }
}
close(sochand);
exit(0);


_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins






















					Reply via email to