Doug Nordwall wrote:
> I'm writing up a policy compliance script... all it does is check to see if
> the credentials provided can log into the box. They happen to be domain
> credentials, and I'm trying to see if the box is on the domain. If not, it
> elevates to critical.
>
This script can't work correctly due to the way smb_login.nasl works.
"SMB/login", "SMB/password" and "SMB/domain" have different values for:
- Correct domain credentials (including domain name)
- Correct domain credentials (but the domain name was wrong)
- Correct local credentials
- NULL session is valid
So if your host is not in the domain but has a local account with the
same login/password or if the host accepts NULL sessions (all Windows
systems do that) the connection to IPC$ will succeed and the host will
be considered as being part of the domain.
To make it work you should do a copy of smb_login.nasl and only keep the
domain credentials connection test :
supplied_login_is_correct = FALSE;
for ( i = 0 ; logins[i] && supplied_login_is_correct == FALSE ; i ++ )
{
user_login = logins[i];
user_password = passwords[i];
user_domain = domains[i];
if ((login(lg:user_login, pw:user_password, dom:user_domain) == TRUE )
&& ( session_is_guest() == 0 ))
{
supplied_login_is_correct = TRUE;
}
}
Nicolas
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Sat Oct 21 2006 - 08:57:24 PDT