Hi guys.
This NASL will identify Netware Rconsole running on remote servers.
It has only been tested against the few servers I aimed at, so might
not work for different language packs?
Please feel free to shout if its very broken or to use at will..
========================
jacovh@private
http://www.sensepost.com
========================
-snip-
if (description)
{
script_id (90001);
script_name (english:"Netware Rconsole test");
desc["english"] = "The RConsole service is running on this host.
RConsole allows an administrator to remotely admin the
server (Novell Netware) and could provide
an attacker with unauthorized access to the host.
Solution: Disable this service if not used.
Filter incomming connections to this host:port especially from the Internet.
Risk factor: Low";
script_description (english:desc["english"]);
script_summary (english:"Test for Rconsole");
script_category (ACT_GATHER_INFO);
script_family (english:"Netware");
script_copyright (english:"(C) 2004 SensePost, Jaco van Heerden");
exit(0);
}
#
# Script code starts here
#
data = raw_string(0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00);
soc = open_sock_tcp(2034);
if (! soc) exit(0);
{
getresponse = recv(socket:soc, length:1024);
count_string = strlen (getresponse) - 1;
for (i = 20; i <= count_string; i++)
{
banner = banner + (getresponse[i]);
}
if (data >< getresponse)
{
###
description = "The RConsole service is running on this host. RConsole
allows an administrator to remotely admin the server (Novell Netware) and
could provide an attacker with unauthorized access to the host.
Solution: Disable this service if not used. Filter incomming connections to
this host:port especially from the Internet.
Risk factor: Low
The host name is: " + banner;
###
security_hole(port:2034, data:description);
close (soc);
}
}
-snip-
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Jan 11 2005 - 05:49:52 PST