Hi All,
Can anyone give me some tips on reading registry keys from Windows
boxes using NASL? I am wanting to check machines to see if they have a
specific patch installed. I know the registry key I need and the actual
item name, but I cannot get it to return the value of the item.
The script is functioning as it returns the text etc to the report but
I cannot get the value held in the registry key item. Here is the code
I am using if it helps. I have left of the description section since
it's not part of the problem.
Any suggestions would be greatly appreciated.
Leigh
<----------- Code Start Here -------------------->
include("smb_func.inc");
name = kb_smb_name();
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
port = kb_smb_transport();
if ( ! get_port_state(port) ) exit(1);
soc = open_sock_tcp(port);
if ( ! soc ) exit(1);
session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain,
share:"IPC$");
if ( r != 1 ) exit(1);
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
NetUseDel();
exit(1);
}
vuln = 0;
key = "SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB912919";
item = "InstalledDate";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
report = "MicroSoft Security Patch KB912919 Check: " + key_h;
security_note(port:port, data:report);
if ( ! isnull(key_h) )
{
value = RegQueryValue(handle:key_h, item:item);
if (!isnull (value))
{
vuln = 1;
report = "Security Patch Install Date is: " + value;
security_note(port:port, data:report);
} else {
report = "Patch Install Date Not Available;";
security_note(port:port, data:report);
}
RegCloseKey (handle:key_h);
}
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Jan 10 2006 - 14:08:19 PST