[Plugins-writers] Is it possible to write a plugin to use LDAP serach request to retrieve informatiom from Windows server 2000 Active Directory ?

• Previous message: Josh Zlatin-Amishav: "[Plugins-writers] PCRE support in Nasl"
• Next in thread: George A. Theall: "Re: [Plugins-writers] Is it possible to write a plugin to use LDAP serach request to retrieve informatiom from Windows server 2000 Active Directory ?"
• Reply: George A. Theall: "Re: [Plugins-writers] Is it possible to write a plugin to use LDAP serach request to retrieve informatiom from Windows server 2000 Active Directory ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,
 
I want to retrieve the information from Windows server 2000 Active
Directory.
 
For example, 
 
I want to check the directory as follow :
 
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administ
rative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
 
and check the attribute "oWAServer".
 
Is it possible to write a plugin to do it?
 
I find a plugin from Nessus Script.
 
The plugin ID is 12105 and the script as follow:
 
if (description)
{
script_id(12105);
script_version ("$Revision: 1.4 $");

name["english"] = "Use LDAP search request to retrieve information from
NT Directory Services";

script_name(english:name["english"]);

script_description(english:desc["english"]);
summary["english"] = "Use LDAP search request to retrieve information
from NT Directory Services";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004 David
Kyger");
script_family(english:"Remote file access");
script_require_ports(389);
exit(0);
}
#
# The script code starts here
#

include("misc_func.inc");

port = 389;
if ( ! get_port_state(port) ) exit(0);

senddata = raw_string(
0x30, 0x25, 0x02, 0x01, 0x01, 0x63, 0x20, 0x04, 0x00, 0x0a, 
0x01, 0x00, 0x0a, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 
0x00, 0x01, 0x01, 0x00, 0x87, 0x0b, 0x6f, 0x62, 0x6a, 0x65, 
0x63, 0x74, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x30, 0x00
);

soc = open_sock_tcp(port);
if ( ! soc ) exit(0);

send(socket:soc, data:senddata);
buf = recv(socket:soc, length:4096);
close(soc);
version = string(buf);

if (buf == NULL) exit(0);
if ("NTDS" >< buf) {
hbuf = hexstr(buf);
ntdsinfo = strstr(hbuf, "4e54445320");
ntdsinfo = ntdsinfo - strstr(ntdsinfo, "308400");
ntdsinfo = hex2raw(s:ntdsinfo);
warning = warning + string(ntdsinfo,"\n\n");

report = string (desc["english"],
"\n\nPlugin output :\n\n",
"The following information was pulled from the server via a LDAP
request:\n",
warning);

security_note(port:port, data:report);
}

Could someone give me a hint to make it possible ?
 
TIA,
 
allen
 
 




_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Josh Zlatin-Amishav: "[Plugins-writers] PCRE support in Nasl"
• Next in thread: George A. Theall: "Re: [Plugins-writers] Is it possible to write a plugin to use LDAP serach request to retrieve informatiom from Windows server 2000 Active Directory ?"
• Reply: George A. Theall: "Re: [Plugins-writers] Is it possible to write a plugin to use LDAP serach request to retrieve informatiom from Windows server 2000 Active Directory ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Nov 10 2005 - 01:29:07 PST