RE: [Plugins-writers] Check for an application

From: Ryan Petti (rpetti@integration-partners.com)
Date: Tue Jun 13 2006 - 10:40:23 PDT


That's part of it.  I'm assuming I won't have an account to access these
machines at all. They're student machines at a college, so account
access is pretty much impossible. I was hoping there was another way to
possibly check one of the three conditions I listed. And the third one
not necessarily by actually running netstat, I just threw that in there
to show an example of the kind of connection I'd be looking for using a
port scanner or some other script. 

-----Original Message-----
From: Ferdy Riphagen [mailto:f.riphagen@private] 
Sent: Tuesday, June 13, 2006 12:51 PM
To: Ryan Petti
Cc: plugins-writers@private
Subject: Re: [Plugins-writers] Check for an application

Ryan,

If you want to read the registry or check for a file you have to get
some access first, by connecting to SMB.
So you'll need an account. It doesn't always have to be an admin acount,
but of cours this account can do the most on the remote system.

If the account you uses can read the registry or access files (if you
are talking about windows) in normal way it should be possible with
nessus. Take a look at the smb*.inc files.

regarding executing netstat -n (or other commands) that is not possible
by default.
These scripts have to be signed with a private key from nessus.
Because with this function you can do more harm then other security
checks. But in short there are ways to do this, but again you'll first
need access (and permissions)

-- Ferdy

Ryan Petti wrote:
> I'm attempting to write a plugin to test for the presence of a
specific
> application on a client's machine.  Problem is I won't have admin
access
> to any of them. I'm wondering if it's possible to do ANY ONE of the
> following tasks without having admin rights to a client machine:
> 
>  
> 
> 1) Check for the presence of a service and if possible whether it is
> active or not
> 
>  
> 
> OR
> 
>  
> 
> 2) Check for the presence of a specific file on the client system
> 
>  
> 
> OR
> 
>  
> 
> 3) Check for the presence of an active connection on the client
machine
> using a dynamic source address to a another specific server on a
> specific static destination port. For example, using netstat -a (in
> windows), this is the type of connection I would need to detect:
> 
>  
> 
> Proto     Local Address                                        Foreign
> Address                                     State
> 
> TCP      <localmahine>:<dyn source port>          <specific
> server>:<static dest port>        CLOSE_WAIT
> 
>  
> 
> Thanks!
> 
>  
> 
> Ryan
> 
> 
>
------------------------------------------------------------------------
> 
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers

_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Tue Jun 13 2006 - 10:43:10 PDT