[Plugins-writers] Bug in plugin 11673 (Remote PC Access Server Detection)

From: Hubert Seiwert (hubert@private)
Date: Mon May 23 2005 - 08:33:57 PDT


Plugin attached.

-- 
Hubert Seiwert

Internet Security Specialist, Westpoint Ltd
Albion Wharf, 19 Albion Street, Manchester M1 5LN, United Kingdom

Web: www.westpoint.ltd.uk
Tel: +44-161-2371028




#
# (C) Tenable Network Security
#

if(description)
{
 script_id(11673);
 script_version ("$Revision: 1.7 $");
 name["english"] = "Remote PC Access Server Detection";
 script_name(english:name["english"]);


 desc["english"] = "
The remote host is running Remote PC Access Server.

This service could be used by an attacker to partially take control of the remote
system if they obtain the credentials necessary to log in (through a brute force
attack or by sniffing the network, as this protocol transmits usernames and
passwords in plain text).

An attacker may use it to steal your password or prevent your system from working
properly.


Solution : Disable this service if you do not use it.
Risk factor : Medium";


  script_description(english:desc["english"]);


   summary["english"] = "Checks for the presence PC Anywhere";
   script_summary(english:summary["english"]);


 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2003 Tenable Network Security");

 family["english"] = "Backdoors";
 family["francais"] = "Backdoors";
 script_family(english:family["english"], francais:family["francais"]);
 script_dependencie("os_fingerprint.nasl", "find_service2.nasl");
 script_require_ports("Services/unknown", 34012);
 exit(0);
}

include("misc_func.inc");

os = get_kb_item("Host/OS/icmp");
if(os)
{
 if("Windows" >!< os)exit(0);
}

function probe(port)
{
 if(get_port_state(port) == 0 ) return(0);
 soc = open_sock_tcp(port);
 if(soc)
 {
    send(socket:soc, data:raw_string(0x28, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00));
    r = recv(socket:soc, length:8192);
    close(soc);
    if(strlen(r) == 57 && ord(r[0]) == 0x2A)
     {
      security_warning(port);
      register_service(proto:"remote_pc", port:port);
      exit(0);
     }
 }
}



ports = add_port_in_list(list:get_kb_list("Services/unknown"), port:34012);
foreach port (ports)
{
 if ( ! known_service(port:port) ) probe(port:port);
}


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon May 23 2005 - 08:34:32 PDT