Re: [Plugins-writers] Accessing multiple sub keys in the Windows registery

From: jfvanmeter@private
Date: Thu Apr 06 2006 - 08:49:24 PDT 

Thank you for the Help
Below is the code that I'm working with

if(description)
{
 script_name(english:"DCOM LaunchPermissions");
desc["english"] = "

Solution : Verify that the Launch Permission are correct and meet the requires outlined in the 
organization security Policy
Reference http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomtec.asp
Risk factor : High";
 script_description(english:"Connect to a remote registry and check the DCOM Launch Permissions");
 script_summary(english:"connects on remote tcp port 135");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Windows");
 script_copyright(english:"This script was written by ***");
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl", "smb_registry_access.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login", "SMB/password", "SMB/registry_access");
script_require_ports(139, 445);
  exit(0);
}

# Setup Connection
if ( ! get_port_state(port) ) exit(0);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 ) exit(0);

#To read the value of a subkey; Function ReadRegistryGetSubkey which allows you to enumerate
#all the keys below a specified key. Useful for building a directory tree of the registry just call it
#continuously until "Not Found" is returned and store the returned value(s) in an array or something.
Text1 = 0;
Res = 0;
i = 0;
Text1.Text = [ "one", "two", "three" ]; 
RegistryLocation = "AppID\.Default";
Text1 = ReadRegistry(HKEY_CLASSES_ROOT, RegistryLocation, "");
Res = ReadRegistryGetSubkey(HKEY_CLASSES_ROOT, "AppID", i);
Do Until Res = "Not Found"
   Text1.Text = Text1.Text & " " & Res
   i = i + 1
   Res = ReadRegistryGetSubkey(HKEY_CLASSES_ROOT, "AppID", i);
exit(0);
}

What I'm trying to do is take the output from the loop, and write it to an array. 

When I run nasl -t localhost ip address /opt/nessus/lib/nessus/plugins/dcom2.nasl
I get an error, syntax error, unexpected IDENT
on or near line 48

Nessusd loads all the other plugins but fails the dcom2.nasl
-------------- Original message -------------- 
From: "George A. Theall" <theall@private> 

> On Thu, Apr 06, 2006 at 01:04:46PM +0000, jfvanmeter@private wrote: 
> 
> > Would this work to to enumerate all the keys below a specified key and 
> > store the values? 
> 
> Personally, I'd find it more useful if you included actual code snippets 
> along with any output you do receive. 
> 
> > when i run nasl -t localhost appid.nasl I dont' 
> > receive any errors, 
> 
> What happens when you run it via nessusd? 
> 
> 
> George 
> -- 
> theall@private 
> _______________________________________________ 
> Plugins-writers mailing list 
> Plugins-writers@private 
> http://mail.nessus.org/mailman/listinfo/plugins-writers 


_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

This archive was generated by hypermail 2.1.3 : Thu Apr 06 2006 - 08:50:09 PDT