Re: [Plugins-writers] Writing a plugin to detect a service on any port

• Previous message: George A. Theall: "Re: [Plugins-writers] ssl_supported_ciphers.nasl and ssl_funcs.inc"
• In reply to: George A. Theall: "Re: [Plugins-writers] Writing a plugin to detect a service on any port"
• Next in thread: George A. Theall: "Re: [Plugins-writers] Writing a plugin to detect a service on any port"
• Reply: George A. Theall: "Re: [Plugins-writers] Writing a plugin to detect a service on any port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

So I started messing with the tips you gave me from my initial
question and I am still running into difficulty...

Below is a segment of code from the plugin... it should send a string
of data to any "unknown" port and check the response for an indication
that a proprietary service is running.  When I look at a pcap of the
exchange, it only appears to be connecting to each port but is not
actually sending the request to any of the ports:

    script_dependencies("find_service.nes");
    script_require_ports("Services/unknown");

}

include("global_settings.inc");

port = get_kb_item("Services/unknown");
if (!get_tcp_port_state(port))
    exit(0);

open_port = open_sock_tcp(port);
if (!open_port)
    exit(0);

req1 = string("string to send\r\n");

send(socket: open_port, data: req1);
response1 = recv(socket:open_port, length:500);

Am I missing something obvious?

Thanks again!

Shawn

On 7/19/06, George A. Theall <theall@private> wrote:
> On Wed, Jul 19, 2006 at 02:29:57PM -0400, Shawn Duffy wrote:
>
> > I need to write a plugin that will detect a proprietary service that
> > may be listening on any port.  I can write the code that I need in
> > order to check if the service is listening on a given port but I'm not
> > sure of the best way to write it so that it checks any open port for
> > that service.
>
> For a TCP-based service, I tend to declare a script dependency on
> find_service.nes and then do something like :
>
>   include("global_settings.inc");
>
>   if (thorough_tests)
>   {
>     port = get_kb_item("Services/unknown");
>     if (!port) port = 123;
>   }
>   else port = 123;
>   if (!get_tcp_port_state(port)) exit(0);
>
>
> Essentially, this causes the plugin to iterate over ports with unknown
> services if thorough_tests is enabled or the default port (123 in this
> case) otherwise. Since get_kb_item() spawns a new instance of the plugin
> for each port returned, you don't have to worry about explicitly
> iterating over each port.
>
> If the service doesn't have a well-known port, then just do something like :
>
>   port = get_kb_item("Services/unknown");
>   if (!get_tcp_port_state(port)) exit(0);
>
>
> George
> --
> theall@private
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers
>
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: George A. Theall: "Re: [Plugins-writers] ssl_supported_ciphers.nasl and ssl_funcs.inc"
• In reply to: George A. Theall: "Re: [Plugins-writers] Writing a plugin to detect a service on any port"
• Next in thread: George A. Theall: "Re: [Plugins-writers] Writing a plugin to detect a service on any port"
• Reply: George A. Theall: "Re: [Plugins-writers] Writing a plugin to detect a service on any port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Thu Jul 27 2006 - 11:42:18 PDT