[Plugins-writers] Reading Registry Settings

From: Leigh Vincent (l.vincent@private)
Date: Tue Jan 10 2006 - 14:06:59 PST


Hi All,
Can anyone give me some tips on reading registry keys from Windows
boxes using NASL?  I am wanting to check machines to see if they have a
specific patch installed.  I know the registry key I need and the actual
item name, but I cannot get it to return the value of the item.

The script is functioning as it returns the text etc to the report but
I cannot get the value held in the registry key item.  Here is the code
I am using if it helps.  I have left of the description section since
it's not part of the problem.

Any suggestions would be greatly appreciated.

Leigh

<----------- Code Start Here -------------------->

include("smb_func.inc");

name    = kb_smb_name();
login   = kb_smb_login();
pass    = kb_smb_password();
domain  = kb_smb_domain();
port    = kb_smb_transport();

if ( ! get_port_state(port) ) exit(1);
soc = open_sock_tcp(port);
if ( ! soc ) exit(1);

session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain,
share:"IPC$");
if ( r != 1 ) exit(1);

hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
 NetUseDel();
 exit(1);
}

vuln = 0;

key = "SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB912919";
item = "InstalledDate";

key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
   report = "MicroSoft Security Patch KB912919 Check: " + key_h;
   security_note(port:port, data:report);
if ( ! isnull(key_h) )
{
 value = RegQueryValue(handle:key_h, item:item);

 if (!isnull (value))
 {
   vuln = 1;
   report = "Security Patch Install Date is: " + value;
   security_note(port:port, data:report);
 } else {
   report = "Patch Install Date Not Available;";
   security_note(port:port, data:report);
 }

 RegCloseKey (handle:key_h);
}

_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Tue Jan 10 2006 - 14:08:19 PST