-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chandrashekhar B wrote:
> Christian,
>
> What's 'X' supposed to do in ln 80? Guess, you wanted it to be '*' ?
the 'x' must repeat 'x times' the string, according to nasl documentation
for more details please see the complete script bellow:
# OpenVAS Vulnerability Test
# $Id$
# Description:
# MDNS, Bonjour, zeroconf Service detection and Information Gathering
#
# remote-detect-MDNS.nasl
#
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2+,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
if(description)
{
script_id(101002);
name["english"] = "Ensure the presence of the MDNS Service";
script_name(english:name["english"]);
desc["english"] = "
The Remote Host is Running the MDNS Service.
Zeroconf, or Zero Configuration Networking, often kwon as MDNS or
Bonjour/rendez-vous,
is a set of techniques that automatically create a usable IP network
without configuration or special servers.
Solution :
It's recommanded to disable this service if not use.
Risk factor : None";
script_description(english:desc["english"]);
summary["english"] = "Detects the presence of the MDNS service";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Written by Christian Eric
Edjenguele <[email protected]> and released under GPL v2 or
later");
family["english"] = "Service detection";
script_family(english:family["english"]);
script_require_ports(5353);
exit(0);
}
#
# The script code starts here
#
include("misc_func.inc");
#
# Functions for mdns protocol manipulation
#
function grabHostInfos(stringa)
{
length = ord(stringa[51]) x 256 + ord(stringa[52]) - 1;
straddr = substr(stringa, 54, 51 + length);
pad = split(straddr, sep:"[");
addr = str_replace(string:pad[1], find:"]", replace:"");
na = str_replace(string:pad[0], find:"0xe20x800x99", replace:"");
nb = str_replace(string:na, find:'\ ', replace:"-");
n = str_replace(string:nb, find:'\'', replace:"");
limits = max_index(n) - 1;
name = n[limits];
# save the mac address and hostname
infos = make_array(0, addr, 1, name);
return (infos);
}
function grabCpuInfos(stringa)
{
offset = 13 + ord(stringa[12]) + 23;
# determine the limits to extract cpu type
cpu_len = ord(stringa[offset]);
mn = offset + 1;
mj = mn + cpu_len;
cpu_type = substr(stringa , mn , mj);
# determine the limits to extract operating system type
offset += cpu_len + 1;
minor = offset + 1;
major = minor + ord(stringa[offset]);
pados = substr(stringa , minor , major );
os = split(pados, sep:";");
os_x = os[0];
# save cpu type and operating system
infos = make_array(0, cpu_type, 1, os_x);
return (infos);
}
function RunMDNSQuery(query, itype)
{
if(strlen(query) != 3) return;
pkt2 = "";
pkt1 = "0x000x4a0x010x000x000x010x000x000x000x000x000x00";
foreach element (query)
{
length = strlen(element);
pkt1 += raw_string(length) + element;
}
if(itype == 'PTR')
pkt1 += "0x000x000x0c0x000x01";
if(itype == 'HINFO')
{
foreach element (query)
{
pkt1 += "0x000x0d0x000x010x00";
return (pkt1);
}
}
return (pkt1);
}
#
# NVT starts here
#
# define some local variables
port = 5353;
version = "";
qry1 = make_list('_daap', '_tcp', 'local');
qry2 = make_list('_workstation', '_tcp', 'local');
# forge the MDNS Host Infos negociation protocol
pkt1 = RunMDNSQuery(query:qry1, itype:'PTR');
pkt2 = RunMDNSQuery(query:qry2, itype:'PTR');
if(get_port_state(port))
{
soc = open_sock_udp(port);
if(soc)
{
send(socket:soc, data:pkt1);
send(socket:soc, data:pkt2);
reply = recv(socket:soc, length:1024);
if(reply)
# get host informations
hostinfos = grabHostInfos(stringa:reply);
qry3 = make_list(hostinfos[1], 'local', '');
# forge the MDNS CPU Infos negociation protocol
pkt3 = RunMDNSQuery(query:qry3, itype:'HINFO');
send(socket:soc, data:pkt3);
reply = recv(socket:soc, length:4096);
# get cpu informations
cpuinfos = grabCpuInfos(stringa:reply);
close(soc);
}
# save gathered informations into variables
mac_address = hostinfos[0];
hostname = hostinfos[1];
cpu_type = cpuinfos[0];
operating_system = cpuinfos[1];
# build report string
report = 'Hostname: ' + hostname;
report += ' \nMAC Address: ' + mac_address;
report += '\nCPU Type: ' + cpu_type;
report += '\nOperating System: ' + operating_system;
# Save informations into the kb
set_kb_item (name:"MDNS/Host/hostname", value:hostname);
set_kb_item (name:"MDNS/Host/OS", value:operating_system);
set_kb_item (name:"MDNS/Host/MacAddress", value:mac_address);
set_kb_item (name:"MDNS/Host/CpuType", value:cpu_type);
register_service(port:port, ipproto:"udp", proto:"mdns");
# report MDNS service running
security_note(port:port, data:report);
}
>
> Chandra.
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Christian
> Eric Edjenguele
> Sent: Tuesday, March 10, 2009 6:23 PM
> To: [email protected]
> Subject: [Openvas-plugins] help on nasl
>
> Hello I'm writing a nvt to fingerprint os through MDNS on windows, I got
> an error, see screenshot attached for details.
>
> any suggestion ?
> Thanks.
- --
Christian Eric Edjenguele
IT Security Software Engineer / IT Enterprise Software Architect
Mobile (IT): +39 3408580513
PGP KeyID: 0xB1654498
Key Server: http://pgp.mit.edu
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ
eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs
K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P
6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3
EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2
QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj
IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy
aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm
RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0
wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w
8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW
BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G
NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV
e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM
i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3
cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z
fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA
gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4
U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t
SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C
51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ
KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2
x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX
fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr
ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ
mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC
5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy
yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre
2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3
4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF
E1MQObpE5A==
=7VGF
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJJuW0YAAoJENETScWxZUSYJJAH/Rv+fFLZbFj1JsEfk8L8QX6r
zqyVFpvylk0FRO8S5Lz9ua6qYU47CBv1QcGmR0FPIe4LtOlTf1y2vkYI3xuNkAxr
i/EPJzdjHLtHc50Kjdik6cae15snhjraBSpCLkusq2FMW52rzF+KMJ8/wvtgyluS
kgJe3Hw9i5ojmzvr+xjiIueRiLJJFmYy+o3fCPR/U/c9cNMa2awdiNJDiDGn08BU
wsCzm5zuQeaCLUKxOU6ST9qxlTTzH2N/1mhJfnxsK7L038IpurHnvjxpfM9Iwzr7
iUXGzDtw5w07/SSiwnqADSKSDhlnfLgrbkgyLugtJU1eb1JqGrNPGwleJ5tCzZc=
=ZmWJ
-----END PGP SIGNATURE-----
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
