That's part of it. I'm assuming I won't have an account to access these machines at all. They're student machines at a college, so account access is pretty much impossible. I was hoping there was another way to possibly check one of the three conditions I listed. And the third one not necessarily by actually running netstat, I just threw that in there to show an example of the kind of connection I'd be looking for using a port scanner or some other script. -----Original Message----- From: Ferdy Riphagen [mailto:f.riphagen@private] Sent: Tuesday, June 13, 2006 12:51 PM To: Ryan Petti Cc: plugins-writers@private Subject: Re: [Plugins-writers] Check for an application Ryan, If you want to read the registry or check for a file you have to get some access first, by connecting to SMB. So you'll need an account. It doesn't always have to be an admin acount, but of cours this account can do the most on the remote system. If the account you uses can read the registry or access files (if you are talking about windows) in normal way it should be possible with nessus. Take a look at the smb*.inc files. regarding executing netstat -n (or other commands) that is not possible by default. These scripts have to be signed with a private key from nessus. Because with this function you can do more harm then other security checks. But in short there are ways to do this, but again you'll first need access (and permissions) -- Ferdy Ryan Petti wrote: > I'm attempting to write a plugin to test for the presence of a specific > application on a client's machine. Problem is I won't have admin access > to any of them. I'm wondering if it's possible to do ANY ONE of the > following tasks without having admin rights to a client machine: > > > > 1) Check for the presence of a service and if possible whether it is > active or not > > > > OR > > > > 2) Check for the presence of a specific file on the client system > > > > OR > > > > 3) Check for the presence of an active connection on the client machine > using a dynamic source address to a another specific server on a > specific static destination port. For example, using netstat -a (in > windows), this is the type of connection I would need to detect: > > > > Proto Local Address Foreign > Address State > > TCP <localmahine>:<dyn source port> <specific > server>:<static dest port> CLOSE_WAIT > > > > Thanks! > > > > Ryan > > > ------------------------------------------------------------------------ > > _______________________________________________ > Plugins-writers mailing list > Plugins-writers@private > http://mail.nessus.org/mailman/listinfo/plugins-writers _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Jun 13 2006 - 10:43:10 PDT