On Tue, Apr 20, 2004 at 10:54:11PM -0700, john@private wrote:
> I'm playing around with a plugin to grab the Windows machine name out of
> the registry. I'm a bit new to NASL, and not much of a coder to be honest,
> but learning...
I'll take a stab at this although, like you, my NASL skills are fairly
rudimentary.
> In the documentation under section 3.2.4 there is a "get_host_name", but
> I'm guessing this is a reverse DNS lookup, rather than an RPC call.
Looking at the source (libnasl/nasl/nasl_host.c), this would appear so.
> key = "HKLM\System\CurrentControlSet\Control\ComputerName\ComputerName";
> item = "ComputerName";
>
> value = registry_get_sz(key:key, item:item);
> if(!value)
> {
> security_hole(port);
> exit(0);
> }
Your test is wrong -- if there *is* a value, you want to add a note.
Try replacing the if block with:
---- snip, snip, snip ----
if (value)
{
info = "
The machine name of the remote host is '" + value + "' based on a
read of its registry.";
security_note(port:port, data:info);
}
---- snip, snip, snip ----
This yields an informational note (rather than a vulnerability) with the
machine name you found. 'course, you might also want to store the name
in a KB entry and access it later.
George
--
theall@private
This archive was generated by hypermail 2b30 : Wed Apr 21 2004 - 05:02:11 PDT