Re: [Plugins-writers] Check for an application

• Previous message: Ryan Petti: "[Plugins-writers] Check for an application"
• In reply to: Ryan Petti: "[Plugins-writers] Check for an application"
• Next in thread: Ryan Petti: "RE: [Plugins-writers] Check for an application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ryan,

If you want to read the registry or check for a file you have to get
some access first, by connecting to SMB.
So you'll need an account. It doesn't always have to be an admin acount,
but of cours this account can do the most on the remote system.

If the account you uses can read the registry or access files (if you
are talking about windows) in normal way it should be possible with
nessus. Take a look at the smb*.inc files.

regarding executing netstat -n (or other commands) that is not possible
by default.
These scripts have to be signed with a private key from nessus.
Because with this function you can do more harm then other security
checks. But in short there are ways to do this, but again you'll first
need access (and permissions)

-- Ferdy

Ryan Petti wrote:
> I’m attempting to write a plugin to test for the presence of a specific
> application on a client’s machine.  Problem is I won’t have admin access
> to any of them. I’m wondering if it’s possible to do ANY ONE of the
> following tasks without having admin rights to a client machine:
> 
>  
> 
> 1) Check for the presence of a service and if possible whether it is
> active or not
> 
>  
> 
> OR
> 
>  
> 
> 2) Check for the presence of a specific file on the client system
> 
>  
> 
> OR
> 
>  
> 
> 3) Check for the presence of an active connection on the client machine
> using a dynamic source address to a another specific server on a
> specific static destination port. For example, using netstat -a (in
> windows), this is the type of connection I would need to detect:
> 
>  
> 
> Proto     Local Address                                        Foreign
> Address                                     State
> 
> TCP      <localmahine>:<dyn source port>          <specific
> server>:<static dest port>        CLOSE_WAIT
> 
>  
> 
> Thanks!
> 
>  
> 
> Ryan
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Ryan Petti: "[Plugins-writers] Check for an application"
• In reply to: Ryan Petti: "[Plugins-writers] Check for an application"
• Next in thread: Ryan Petti: "RE: [Plugins-writers] Check for an application"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Jun 13 2006 - 09:51:20 PDT