[Plugins-writers] Understand functions used in Windows Local Audit checks. (no one?)

From: Danett song (danett18@private)
Date: Mon Aug 21 2006 - 12:28:22 PDT


Hi,

I had asked it in the main nessus mail-list and appear
it were the wrong place, so posting here that I belive
be the correct place, any help is welcome. :)

1) The line "if ( hotfix_check_sp(xp:3, win2k:5,
win2003:1) <= 0 ) exit(0);" check the OS Version, so
it  check the Operation system and SP installed? 

In the case Windows XP with SP3 or Windows 2000 with
SP5 or Windows 2003 with SP1 ? If I would like to
check a machine with Windows 2003 without service
pack, should I replace "win2003:1" by "win2003:0" ?

Well, it check this versions and if the version is
lower than this specified it call exit() with make me
thing it skip this check (and doesn't report it
vulnerable), I'm right? But if it's doesn't have the
basic SP requeriments shouldn't it be reported as
vulnerable?

2) This line " if ( hotfix_is_vulnerable (os:"5.2",
sp:0, file:"Authz.dll", version:"5.2.3790.274",
dir:"\system32") ||
hotfix_is_vulnerable (os:"5.1", sp:1,
file:"Authz.dll", version:"5.1.2600.1634",
dir:"\system32") ||
hotfix_is_vulnerable (os:"5.1", sp:2,
file:"Authz.dll", version:"5.1.2600.2622",
dir:"\system32") ||
hotfix_is_vulnerable (os:"5.0", file:"Authz.dll",
version:"5.0.2195.7028", dir:"\system32") )
security_hole (get_kb_item("SMB/transport"));"

The os: 5.0 mean Windows 2000? The os: 5.1 mean
Windows XP? The os: 5.2 mean Windows 2003? And
longhorn (os:5.3)?

What make this security_hole() function, report it as
vulnerable? what is the get_bk_item()

3) The line "if ( hotfix_missing(name:"890859") > 0 )"
check for a hotfix missing. Why not check only with
hotfix_is_vulnerable() or hotfix_missing()? Why test
with both? Only one should be enought to detect if the
system is vulnerable?

Thank you and sorry for amount of questions,

Cheers


		
_______________________________________________________ 
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale 
o discador agora! 
http://br.acesso.yahoo.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Mon Aug 21 2006 - 12:35:46 PDT