Re: [Plugins-writers] Fwd: Windows Registry and NASL help

From: Renaud Deraison (deraison@private)
Date: Thu Sep 09 2004 - 07:49:21 PDT


On Thu, Sep 09, 2004 at 10:24:51AM -0400, mailing lists wrote:
> All,
> 
> I'm attempting to write a NASL script that queries the Windows
> registry (given all of the necessary credentials, of course) and
> returns everything found beneath it.  I must admit I'm as novice as
> they come with writing in NASL, though I'm no foreigner to programming
> in general.  I've attempted to look through the existing scripts
> (mostly with grep ;) to find examples of retrieving multiple keys /
> results from a registry query to no avail.
> 
> To be more precise, this is the key I wish to pull from:
> HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions

smb_hotfixes.nasl should be a good example. If you want to do a
one-level crawling (ie: you don't want to download sub-keys, only the
values from HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions)
try this :


include("smb_nt.inc");
x_name = kb_smb_name();
if(!x_name)exit(0);

_smb_port = kb_smb_transport();
if(!_smb_port)exit(0);

if(!get_port_state(_smb_port)) exit(0);
login = kb_smb_login();
pass  = kb_smb_password();
domain = kb_smb_domain();

if(!login)login = "";
if(!pass) pass = "";

          
soc = open_sock_tcp(_smb_port);
if(!soc) exit(0);
r = smb_session_request(soc:soc,  remote:x_name);
if(!r) { close(soc); exit(0); }

prot = smb_neg_prot(soc:soc);
if(!prot){ close(soc); exit(0); }

# Log into the remote SMB server
smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);
if(!r){ close(soc); exit(0); }
uid = session_extract_uid(reply:r);


# Connect to IPC$
r = smb_tconx(soc:soc, name:x_name, uid:uid, share:"IPC$");
tid = tconx_extract_tid(reply:r);
if(!tid){ close(soc); exit(0); }


r = smbntcreatex(soc:soc, uid:uid, tid:tid);
if(!r){ close(soc); exit(0);}
pipe = smbntcreatex_extract_pipe(reply:r);


# Connect to IPC$\winreg
r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);
if(!r){ close(soc); exit(0); }

# Open HKLM
handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe);

key = "SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions";

key_h = registry_get_key(soc:soc, uid:uid, tid:tid, pipe:pipe, key:key, reply:handle);
values = registry_enum_value(soc:soc, uid:uid, tid:tid, pipe:pipe, reply:key_h);

# Display the name->value pairs
for  ( i = 0 ; values[i] ; i += 2 )
{
 display(values[i], " --> ", values[i+1], "\n");
}




				-- Renaud
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Thu Sep 09 2004 - 07:50:36 PDT